[PATCH 04/14] security/Kconfig.hardening: Remove tautological condition from CC_HAS_RANDSTRUCT
Nicolas Schier
nsc at kernel.org
Tue May 5 15:28:56 UTC 2026
On Tue, Apr 28, 2026 at 10:59:10PM -0400, Nathan Chancellor wrote:
> Now that the minimum supported version of LLVM for building the kernel
> has been raised to 17.0.1, the '!Clang || Clang >= 16' dependency for
> CONFIG_CC_HAS_RANDSTRUCT is always true, so it can be removed.
>
> Signed-off-by: Nathan Chancellor <nathan at kernel.org>
> ---
> Cc: Kees Cook <kees at kernel.org>
> Cc: Gustavo A. R. Silva <gustavoars at kernel.org>
> Cc: linux-hardening at vger.kernel.org
> Cc: linux-security-module at vger.kernel.org
> ---
> security/Kconfig.hardening | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
> index e4f23c08a17a..b90cf9ed4642 100644
> --- a/security/Kconfig.hardening
> +++ b/security/Kconfig.hardening
> @@ -274,9 +274,6 @@ endmenu
>
> config CC_HAS_RANDSTRUCT
> def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null)
> - # Randstruct was first added in Clang 15, but it isn't safe to use until
> - # Clang 16 due to https://github.com/llvm/llvm-project/issues/60349
> - depends on !CC_IS_CLANG || CLANG_VERSION >= 160000
>
> choice
> prompt "Randomize layout of sensitive kernel structures"
>
Reviewed-by: Nicolas Schier <nsc at kernel.org>
More information about the Linux-security-module-archive
mailing list