randstruct: disable Clang 15 support

The randstruct support released in Clang 15 is unsafe to use due to a bug that can cause miscompilations: "-frandomize-layout-seed inconsistently randomizes all-function-pointers structs" (llvm/llvm-project#60349). It has been fixed on the Clang 16 release branch, so add a Clang version check. Fixes: 035f7f8 ("randstruct: Enable Clang support") Cc: [email protected] Signed-off-by: Eric Biggers <[email protected]> Acked-by: Nick Desaulniers <[email protected]> Reviewed-by: Nathan Chancellor <[email protected]> Reviewed-by: Bill Wendling <[email protected]> Signed-off-by: Kees Cook <[email protected]> Link: https://lore.kernel.org/r/[email protected]
sedwards · Feb 8, 2023 · 78f7a3f · 78f7a3f
1 parent 04ffde1
commit 78f7a3f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
@@ -281,6 +281,9 @@ endmenu
 
 config CC_HAS_RANDSTRUCT
 	def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null)
+	# Randstruct was first added in Clang 15, but it isn't safe to use until
+	# Clang 16 due to https://github.com/llvm/llvm-project/issues/60349
+	depends on !CC_IS_CLANG || CLANG_VERSION >= 160000
 
 choice
 	prompt "Randomize layout of sensitive kernel structures"