• Linus Torvalds's avatar
    Merge tag 'hardening-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 87caef42
    Linus Torvalds authored
    Pull hardening updates from Kees Cook:
     "The bulk of the changes here are related to refactoring and expanding
      the KUnit tests for string helper and fortify behavior.
    
      Some trivial strncpy replacements in fs/ were carried in my tree. Also
      some fixes to SCSI string handling were carried in my tree since the
      helper for those was introduce here. Beyond that, just little fixes
      all around: objtool getting confused about LKDTM+KCFI, preparing for
      future refactors (constification of sysctl tables, additional
      __counted_by annotations), a Clang UBSAN+i386 crash fix, and adding
      more options in the hardening.config Kconfig fragment.
    
      Summary:
    
       - selftests: Add str*cmp tests (Ivan Orlov)
    
       - __counted_by: provide UAPI for _le/_be variants (Erick Archer)
    
       - Various strncpy deprecation refactors (Justin Stitt)
    
       - stackleak: Use a copy of soon-to-be-const sysctl table (Thomas
         Weißschuh)
    
       - UBSAN: Work around i386 -regparm=3 bug with Clang prior to
         version 19
    
       - Provide helper to deal with non-NUL-terminated string copying
    
       - SCSI: Fix older string copying bugs (with new helper)
    
       - selftests: Consolidate string helper behavioral tests
    
       - selftests: add memcpy() fortify tests
    
       - string: Add additional __realloc_size() annotations for "dup"
         helpers
    
       - LKDTM: Fix KCFI+rodata+objtool confusion
    
       - hardening.config: Enable KCFI"
    
    * tag 'hardening-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (29 commits)
      uapi: stddef.h: Provide UAPI macros for __counted_by_{le, be}
      stackleak: Use a copy of the ctl_table argument
      string: Add additional __realloc_size() annotations for "dup" helpers
      kunit/fortify: Fix replaced failure path to unbreak __alloc_size
      hardening: Enable KCFI and some other options
      lkdtm: Disable CFI checking for perms functions
      kunit/fortify: Add memcpy() tests
      kunit/fortify: Do not spam logs with fortify WARNs
      kunit/fortify: Rename tests to use recommended conventions
      init: replace deprecated strncpy with strscpy_pad
      kunit/fortify: Fix mismatched kvalloc()/vfree() usage
      scsi: qla2xxx: Avoid possible run-time warning with long model_num
      scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings
      scsi: mptfusion: Avoid possible run-time warning with long manufacturer strings
      fs: ecryptfs: replace deprecated strncpy with strscpy
      hfsplus: refactor copy_name to not use strncpy
      reiserfs: replace deprecated strncpy with scnprintf
      virt: acrn: replace deprecated strncpy with strscpy
      ubsan: Avoid i386 UBSAN handler crashes with Clang
      ubsan: Remove 1-element array usage in debug reporting
      ...
    87caef42
MAINTAINERS 731 KB