git: 858b5e424816 - main - sys: protect the kernel build from accidental _FORTIFY_SOURCE

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Sat, 12 Apr 2025 01:53:35 UTC
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=858b5e4248164e58f53c81a653933b45eecadacf

commit 858b5e4248164e58f53c81a653933b45eecadacf
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-04-12 01:53:27 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-04-12 01:53:27 +0000

    sys: protect the kernel build from accidental _FORTIFY_SOURCE
    
    Fortification is a userland feature, thus the flag makes no sense in a
    kernel context at the moment.  Move the relevant includes that aren't
    already in a !_KERNEL block under a !_KERNEL condition to avoid breaking
    kernel/kmod builds that are catching a stray -D_FORTIFY_SOURCE in their
    CFLAGS.
    
    PR:             286010
    Reviewed by:    emaste, imp, markj
    Differential Revision:  https://reviews.freebsd.org/D49774
---
 sys/sys/random.h | 10 ++++++----
 sys/sys/select.h |  2 +-
 sys/sys/socket.h |  4 ++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/sys/sys/random.h b/sys/sys/random.h
index 67aae93630b5..254ba9451d0a 100644
--- a/sys/sys/random.h
+++ b/sys/sys/random.h
@@ -156,16 +156,18 @@ void random_harvest_deregister_source(enum random_entropy_source);
 #define random_harvest_queue_ether(a, b)	do {} while (0)
 #endif /* defined(RANDOM_ENABLE_ETHER) */
 
+#else /* !_KERNEL */
+
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#include <ssp/random.h>
+#endif
+
 #endif /* _KERNEL */
 
 #define GRND_NONBLOCK	0x1
 #define GRND_RANDOM	0x2
 #define GRND_INSECURE	0x4
 
-#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
-#include <ssp/random.h>
-#endif
-
 __BEGIN_DECLS
 ssize_t getrandom(void *buf, size_t buflen, unsigned int flags);
 __END_DECLS
diff --git a/sys/sys/select.h b/sys/sys/select.h
index fefc9961d63a..691f66b5047d 100644
--- a/sys/sys/select.h
+++ b/sys/sys/select.h
@@ -49,7 +49,7 @@ typedef	__fd_mask	fd_mask;
 typedef	__sigset_t	sigset_t;
 #endif
 
-#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#if !defined(_KERNEL) && defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
 #include <ssp/ssp.h>
 #else
 #define	__SSP_FORTIFY_LEVEL	0
diff --git a/sys/sys/socket.h b/sys/sys/socket.h
index 064da1cb95be..5e7c554c34cf 100644
--- a/sys/sys/socket.h
+++ b/sys/sys/socket.h
@@ -685,12 +685,12 @@ struct splice {
 
 #endif /* __BSD_VISIBLE */
 
+#ifndef	_KERNEL
+
 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
 #include <ssp/socket.h>
 #endif
 
-#ifndef	_KERNEL
-
 #include <sys/cdefs.h>
 
 __BEGIN_DECLS