From e4f0acdc1d09658dfef1101efc222ad3b26992fb Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Tue, 7 Oct 2025 12:49:54 -0500 Subject: [PATCH] linuxkm/linuxkm_wc_port.h: disable CONFIG_FORTIFY_SOURCE module-wide on kernels <5.18 (shim conflicts), and add WC_FORCE_LINUXKM_FORTIFY_SOURCE for future use. --- .wolfssl_known_macro_extras | 1 + linuxkm/linuxkm_wc_port.h | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index fd5bd6ca4..5b2ed33ee 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -602,6 +602,7 @@ WC_DILITHIUM_FIXED_ARRAY WC_DISABLE_RADIX_ZERO_PAD WC_ECC_NONBLOCK_ONLY WC_FLAG_DONT_USE_AESNI +WC_FORCE_LINUXKM_FORTIFY_SOURCE WC_KDF_NIST_SP_800_56C WC_LMS_FULL_HASH WC_NO_RNG_SIMPLE diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 0320f5abb..10bf17cb0 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -228,14 +228,25 @@ #include - #if defined(CONFIG_FORTIFY_SOURCE) && defined(HAVE_LINUXKM_PIE_SUPPORT) + #if defined(CONFIG_FORTIFY_SOURCE) && \ + !defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \ + (defined(HAVE_LINUXKM_PIE_SUPPORT) || \ + (LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0))) /* fortify-source causes all sorts of awkward problems for the PIE * build, up to and including stubborn external references and multiple * definitions of string functions. + * + * fortify-source before kernel 5.18 has similar issues regardless of + * PIE, around our macro-shimming of the string functions. */ #undef CONFIG_FORTIFY_SOURCE #endif + #if defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \ + !defined(CONFIG_FORTIFY_SOURCE) + #error WC_FORCE_LINUXKM_FORTIFY_SOURCE without CONFIG_FORTIFY_SOURCE. + #endif + #if defined(__PIE__) && defined(CONFIG_ARM64) #define alt_cb_patch_nops my__alt_cb_patch_nops #define queued_spin_lock_slowpath my__queued_spin_lock_slowpath