[GIT PULL] hardening updates for v5.16-rc1

From: Kees Cook
Date: Mon Nov 01 2021 - 12:21:00 EST


Hi Linus,

Please pull these hardening updates for v5.16-rc1. These are various
compiler-related hardening feature updates. Notable is the addition of an
explicit limited rationale for, and deprecation schedule of, gcc-plugins.
More details in the tag below.

Thanks!

-Kees

The following changes since commit e4e737bb5c170df6135a127739a9e6148ee3da82:

Linux 5.15-rc2 (2021-09-19 17:28:22 -0700)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v5.16-rc1

for you to fetch changes up to 6425392acf24b6d469932dd1b217dc7b20d6447f:

gcc-plugins: remove duplicate include in gcc-common.h (2021-10-21 08:41:51 -0700)

----------------------------------------------------------------
compiler hardening updates for v5.16-rc1

This collects various compiler hardening feature related updates:

- gcc-plugins:
- remove support for GCC 4.9 and older (Ard Biesheuvel)
- remove duplicate include in gcc-common.h (Ye Guojin)
- Explicitly document purpose and deprecation schedule (Kees Cook)
- Remove cyc_complexity (Kees Cook)

- instrumentation:
- Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO (Kees Cook)

- Clang LTO:
- kallsyms: strip LTO suffixes from static functions (Nick Desaulniers)

----------------------------------------------------------------
Ard Biesheuvel (1):
gcc-plugins: remove support for GCC 4.9 and older

Kees Cook (3):
hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
gcc-plugins: Explicitly document purpose and deprecation schedule
gcc-plugins: Remove cyc_complexity

Nick Desaulniers (1):
kallsyms: strip LTO suffixes from static functions

Ye Guojin (1):
gcc-plugins: remove duplicate include in gcc-common.h

Documentation/kbuild/gcc-plugins.rst | 28 ++++-
Makefile | 6 +-
kernel/kallsyms.c | 46 +++++--
scripts/Makefile.gcc-plugins | 2 -
scripts/gcc-plugins/Kconfig | 20 +---
scripts/gcc-plugins/cyc_complexity_plugin.c | 69 -----------
scripts/gcc-plugins/gcc-common.h | 132 +--------------------
scripts/gcc-plugins/gcc-generate-gimple-pass.h | 19 ---
scripts/gcc-plugins/gcc-generate-ipa-pass.h | 19 ---
scripts/gcc-plugins/gcc-generate-rtl-pass.h | 19 ---
scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h | 19 ---
scripts/gcc-plugins/structleak_plugin.c | 2 -
security/Kconfig.hardening | 14 ++-
13 files changed, 75 insertions(+), 320 deletions(-)
delete mode 100644 scripts/gcc-plugins/cyc_complexity_plugin.c

--
Kees Cook