[GIT PULL] hardening updates for v6.6-rc1

From: Kees Cook
Date: Mon Aug 28 2023 - 14:43:41 EST

Next message: Laurent Pinchart: "Re: [PATCH v3 06/15] media: qcom: camss: Assign the correct number of RDIs per VFE"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 1/2] dt-bindings: power: Add regulator-pd yaml file"
Next in thread: pr-tracker-bot: "Re: [GIT PULL] hardening updates for v6.6-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

Please pull these hardening updates for v6.6-rc1. As has become normal,
changes are scattered around the tree (either explicitly maintainer
Acked or for trivial stuff that went ignored). Details in the log below,
and all have been in -next for a while.

Thanks!

-Kees

The following changes since commit fdf0eaf11452d72945af31804e2a1048ee1b574c:

Linux 6.5-rc2 (2023-07-16 15:10:37 -0700)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.6-rc1

for you to fetch changes up to 5f536ac6a5a7b67351e4e5ae4f9e1e57d31268e6:

LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by (2023-08-25 16:07:30 -0700)

----------------------------------------------------------------
hardening updates for v6.6-rc1

- Carve out the new CONFIG_LIST_HARDENED as a more focused subset of
CONFIG_DEBUG_LIST (Marco Elver).

- Fix kallsyms lookup failure under Clang LTO (Yonghong Song).

- Clarify documentation for CONFIG_UBSAN_TRAP (Jann Horn).

- Flexible array member conversion not carried in other tree (Gustavo
A. R. Silva).

- Various strlcpy() and strncpy() removals not carried in other trees
(Azeem Shaikh, Justin Stitt).

- Convert nsproxy.count to refcount_t (Elena Reshetova).

- Add handful of __counted_by annotations not carried in other trees,
as well as an LKDTM test.

- Fix build failure with gcc-plugins on GCC 14+.

- Fix selftests to respect SKIP for signal-delivery tests.

- Fix CFI warning for paravirt callback prototype.

- Clarify documentation for seq_show_option_n() usage.

----------------------------------------------------------------
Azeem Shaikh (4):
soc: fsl: qe: Replace all non-returning strlcpy with strscpy
um: Remove strlcpy declaration
perf: Replace strlcpy with strscpy
EISA: Replace all non-returning strlcpy with strscpy

Elena Reshetova (1):
nsproxy: Convert nsproxy.count to refcount_t

Gustavo A. R. Silva (1):
alpha: Replace one-element array with flexible-array member

Jann Horn (1):
ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP

Justin Stitt (2):
um: vector: refactor deprecated strncpy
um: refactor deprecated strncpy to memcpy

Kees Cook (8):
seq_file: seq_show_option_n() is used for precise sizes
x86/paravirt: Fix tlb_remove_table function callback prototype warning
selftests/harness: Actually report SKIP for signal tests
gcc-plugins: Rename last_stmt() for GCC 14+
Compiler Attributes: counted_by: Adjust name and identifier expansion
lkdtm: Add FAM_BOUNDS test for __counted_by
integrity: Annotate struct ima_rule_opt_list with __counted_by
LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by

Marco Elver (4):
compiler_types: Introduce the Clang __preserve_most function attribute
list_debug: Introduce inline wrappers for debug checks
list: Introduce CONFIG_LIST_HARDENED
hardening: Move BUG_ON_DATA_CORRUPTION to hardening options

Yonghong Song (2):
kallsyms: Fix kallsyms_selftest failure
kallsyms: Change func signature for cleanup_symbol_name()

arch/alpha/kernel/osf_sys.c | 2 +-
arch/arm64/kvm/hyp/nvhe/Makefile | 2 +-
arch/arm64/kvm/hyp/nvhe/list_debug.c | 8 ++-
arch/um/drivers/mconsole_kern.c | 4 +-
arch/um/drivers/vector_user.c | 4 +-
arch/um/include/shared/user.h | 1 -
arch/um/os-Linux/umid.c | 6 +-
arch/x86/kernel/paravirt.c | 8 ++-
drivers/eisa/eisa-bus.c | 2 +-
drivers/misc/lkdtm/bugs.c | 51 +++++++++++++++--
drivers/soc/fsl/qe/qe.c | 4 +-
include/linux/compiler_attributes.h | 26 ++++-----
include/linux/compiler_types.h | 28 +++++++++
include/linux/dm-verity-loadpin.h | 2 +-
include/linux/list.h | 89 +++++++++++++++++++++++++++--
include/linux/nsproxy.h | 7 +--
include/linux/seq_file.h | 7 ++-
include/uapi/linux/stddef.h | 4 ++
kernel/events/core.c | 6 +-
kernel/kallsyms.c | 27 ++++-----
kernel/kallsyms_selftest.c | 23 +-------
kernel/nsproxy.c | 4 +-
lib/Kconfig.debug | 21 +++----
lib/Kconfig.ubsan | 10 +++-
lib/Makefile | 2 +-
lib/list_debug.c | 16 +++---
scripts/gcc-plugins/gcc-common.h | 4 ++
security/Kconfig.hardening | 23 ++++++++
security/integrity/ima/ima_policy.c | 4 +-
security/loadpin/loadpin.c | 3 +-
tools/testing/selftests/kselftest_harness.h | 11 ++--
31 files changed, 286 insertions(+), 123 deletions(-)

--
Kees Cook

Next message: Laurent Pinchart: "Re: [PATCH v3 06/15] media: qcom: camss: Assign the correct number of RDIs per VFE"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 1/2] dt-bindings: power: Add regulator-pd yaml file"
Next in thread: pr-tracker-bot: "Re: [GIT PULL] hardening updates for v6.6-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]