Skip to content
  • Daniel Micay's avatar
    include/linux/string.h: add the option of fortified string.h functions · 6974f0c4
    Daniel Micay authored
    This adds support for compiling with a rough equivalent to the glibc
    _FORTIFY_SOURCE=1 feature, providing compile-time and runtime buffer
    overflow checks for string.h functions when the compiler determines the
    size of the source or destination buffer at compile-time.  Unlike glibc,
    it covers buffer reads in addition to writes.
    GNU C __builtin_*_chk intrinsics are avoided because they would force a
    much more complex implementation.  They aren't designed to detect read
    overflows and offer no real benefit when using an implementation based
    on inline checks.  Inline checks don't add up to much code size and
    allow full use of the regular string intrinsics while avoiding the need
    for a bunch of _chk functions and per-arch assembly to avoid wrapper
    This detects various overflows at compile-time in various drivers and
    some non-x86 core kernel code.  There will likely be issues caught in
    regular use at runtime too.
    Future improveme...