From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, "Andy Shevchenko" <andy@kernel.org>,
"Andy Shevchenko" <andy.shevchenko@gmail.com>,
"Charles Bertsch" <cbertsch@cox.net>,
"Erhard Furtner" <erhard_f@mailbox.org>,
"Erick Archer" <erick.archer@outlook.com>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
"Ivan Orlov" <ivan.orlov0322@gmail.com>,
"Justin Stitt" <justinstitt@google.com>,
"Kees Cook" <keescook@chromium.org>,
"kernel test robot" <oliver.sang@intel.com>,
linux-hardening@vger.kernel.org,
"Luis Chamberlain" <mcgrof@kernel.org>,
"Marco Elver" <elver@google.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
"Nathan Chancellor" <nathan@kernel.org>,
"Sven Eckelmann" <sven@narfation.org>,
"Thomas Weißschuh" <linux@weissschuh.net>,
"Tycho Andersen" <tycho@tycho.pizza>
Subject: [GIT PULL] hardening updates for 6.10-rc1
Date: Sat, 11 May 2024 12:42:39 -0700 [thread overview]
Message-ID: <202405111234.6F2AB1F@keescook> (raw)
Hi Linus,
Please pull these hardening updates for 6.10-rc1. The bulk of the changes
here are related to refactoring and expanding the KUnit tests for string
helper and fortify behavior. Some trivial strncpy replacements in fs/
were carried in my tree. Also some fixes to SCSI string handling were
carried in my tree since the helper for those was introduce here. Beyond
that, just little fixes all around: objtool getting confused about
LKDTM+KCFI, preparing for future refactors (constification of sysctl
tables, additional __counted_by annotations), a Clang UBSAN+i386 crash
fix, and adding more options in the hardening.config Kconfig fragment.
Thanks!
-Kees
The following changes since commit 39cd87c4eb2b893354f3b850f916353f2658ae6f:
Linux 6.9-rc2 (2024-03-31 14:32:39 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-6.10-rc1
for you to fetch changes up to 6d305cbef1aa01b9714e01e35f3d5c28544cf04d:
uapi: stddef.h: Provide UAPI macros for __counted_by_{le, be} (2024-05-08 00:42:25 -0700)
----------------------------------------------------------------
hardening updates for 6.10-rc1
- selftests: Add str*cmp tests (Ivan Orlov)
- __counted_by: provide UAPI for _le/_be variants (Erick Archer)
- Various strncpy deprecation refactors (Justin Stitt)
- stackleak: Use a copy of soon-to-be-const sysctl table (Thomas Weißschuh)
- UBSAN: Work around i386 -regparm=3 bug with Clang prior to version 19
- Provide helper to deal with non-NUL-terminated string copying
- SCSI: Fix older string copying bugs (with new helper)
- selftests: Consolidate string helper behavioral tests
- selftests: add memcpy() fortify tests
- string: Add additional __realloc_size() annotations for "dup" helpers
- LKDTM: Fix KCFI+rodata+objtool confusion
- hardening.config: Enable KCFI
----------------------------------------------------------------
Erick Archer (1):
uapi: stddef.h: Provide UAPI macros for __counted_by_{le, be}
Ivan Orlov (1):
string_kunit: Add test cases for str*cmp functions
Justin Stitt (5):
virt: acrn: replace deprecated strncpy with strscpy
reiserfs: replace deprecated strncpy with scnprintf
hfsplus: refactor copy_name to not use strncpy
fs: ecryptfs: replace deprecated strncpy with strscpy
init: replace deprecated strncpy with strscpy_pad
Kees Cook (21):
string: Prepare to merge strscpy_kunit.c into string_kunit.c
string: Merge strscpy KUnit tests into string_kunit.c
string: Prepare to merge strcat KUnit tests into string_kunit.c
string: Merge strcat KUnit tests into string_kunit.c
string: Convert KUnit test names to standard convention
string.h: Introduce memtostr() and memtostr_pad()
string_kunit: Move strtomem KUnit test to string_kunit.c
MAINTAINERS: Add ubsan.h to the UBSAN section
ubsan: Remove 1-element array usage in debug reporting
ubsan: Avoid i386 UBSAN handler crashes with Clang
scsi: mptfusion: Avoid possible run-time warning with long manufacturer strings
scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings
scsi: qla2xxx: Avoid possible run-time warning with long model_num
kunit/fortify: Fix mismatched kvalloc()/vfree() usage
kunit/fortify: Rename tests to use recommended conventions
kunit/fortify: Do not spam logs with fortify WARNs
kunit/fortify: Add memcpy() tests
lkdtm: Disable CFI checking for perms functions
hardening: Enable KCFI and some other options
kunit/fortify: Fix replaced failure path to unbreak __alloc_size
string: Add additional __realloc_size() annotations for "dup" helpers
Thomas Weißschuh (1):
stackleak: Use a copy of the ctl_table argument
MAINTAINERS | 3 +-
arch/arm64/configs/hardening.config | 1 +
arch/x86/configs/hardening.config | 3 +
drivers/message/fusion/mptsas.c | 14 +-
drivers/misc/lkdtm/Makefile | 2 +-
drivers/misc/lkdtm/perms.c | 2 +-
drivers/scsi/mpi3mr/mpi3mr_transport.c | 14 +-
drivers/scsi/qla2xxx/qla_mr.c | 6 +-
drivers/virt/acrn/ioreq.c | 2 +-
fs/ecryptfs/crypto.c | 4 +-
fs/ecryptfs/main.c | 26 +-
fs/hfsplus/xattr.c | 22 +-
fs/reiserfs/item_ops.c | 13 +-
include/linux/fortify-string.h | 9 +-
include/linux/string.h | 62 ++++-
include/uapi/linux/stddef.h | 8 +
init/do_mounts.c | 3 +-
kernel/configs/hardening.config | 8 +
kernel/stackleak.c | 6 +-
lib/Kconfig.debug | 10 -
lib/Makefile | 2 -
lib/fortify_kunit.c | 222 ++++++++++++----
lib/memcpy_kunit.c | 53 ----
lib/strcat_kunit.c | 104 --------
lib/string_kunit.c | 461 ++++++++++++++++++++++++++++++++-
lib/strscpy_kunit.c | 142 ----------
lib/ubsan.h | 43 +--
27 files changed, 768 insertions(+), 477 deletions(-)
delete mode 100644 lib/strcat_kunit.c
delete mode 100644 lib/strscpy_kunit.c
--
Kees Cook
next reply other threads:[~2024-05-11 19:42 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-11 19:42 Kees Cook [this message]
2024-05-13 21:33 ` [GIT PULL] hardening updates for 6.10-rc1 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202405111234.6F2AB1F@keescook \
--to=keescook@chromium.org \
--cc=andy.shevchenko@gmail.com \
--cc=andy@kernel.org \
--cc=cbertsch@cox.net \
--cc=elver@google.com \
--cc=erhard_f@mailbox.org \
--cc=erick.archer@outlook.com \
--cc=gustavoars@kernel.org \
--cc=ivan.orlov0322@gmail.com \
--cc=justinstitt@google.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@weissschuh.net \
--cc=martin.petersen@oracle.com \
--cc=mcgrof@kernel.org \
--cc=nathan@kernel.org \
--cc=oliver.sang@intel.com \
--cc=sven@narfation.org \
--cc=torvalds@linux-foundation.org \
--cc=tycho@tycho.pizza \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).