• Linus Torvalds's avatar
    Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · d0989d01
    Linus Torvalds authored
    Pull kernel hardening updates from Kees Cook:
     "Most of the collected changes here are fixes across the tree for
      various hardening features (details noted below).
    
      The most notable new feature here is the addition of the memcpy()
      overflow warning (under CONFIG_FORTIFY_SOURCE), which is the next step
      on the path to killing the common class of "trivially detectable"
      buffer overflow conditions (i.e. on arrays with sizes known at compile
      time) that have resulted in many exploitable vulnerabilities over the
      years (e.g. BleedingTooth).
    
      This feature is expected to still have some undiscovered false
      positives. It's been in -next for a full development cycle and all the
      reported false positives have been fixed in their respective trees.
      All the known-bad code patterns we could find with Coccinelle are also
      either fixed in their respective trees or in flight.
    
      The commit message in commit 54d9469b ("fortify: Add run-time WARN
      for cross-field memcpy()") for the feature has extensive details, but
      I'll repeat here that this is a warning _only_, and is not intended to
      actually block overflows (yet). The many patches fixing array sizes
      and struct members have been landing for several years now, and we're
      finally able to turn this on to find any remaining stragglers.
    
      Summary:
    
      Various fixes across several hardening areas:
    
       - loadpin: Fix verity target enforcement (Matthias Kaehlcke).
    
       - zero-call-used-regs: Add missing clobbers in paravirt (Bill
         Wendling).
    
       - CFI: clean up sparc function pointer type mismatches (Bart Van
         Assche).
    
       - Clang: Adjust compiler flag detection for various Clang changes
         (Sami Tolvanen, Kees Cook).
    
       - fortify: Fix warnings in arch-specific code in sh, ARM, and xen.
    
      Improvements to existing features:
    
       - testing: improve overflow KUnit test, introduce fortify KUnit test,
         add more coverage to LKDTM tests (Bart Van Assche, Kees Cook).
    
       - overflow: Relax overflow type checking for wider utility.
    
      New features:
    
       - string: Introduce strtomem() and strtomem_pad() to fill a gap in
         strncpy() replacement needs.
    
       - um: Enable FORTIFY_SOURCE support.
    
       - fortify: Enable run-time struct member memcpy() overflow warning"
    
    * tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (27 commits)
      Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
      hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
      sparc: Unbreak the build
      x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled
      x86/paravirt: clean up typos and grammaros
      fortify: Convert to struct vs member helpers
      fortify: Explicitly check bounds are compile-time constants
      x86/entry: Work around Clang __bdos() bug
      ARM: decompressor: Include .data.rel.ro.local
      fortify: Adjust KUnit test for modular build
      sh: machvec: Use char[] for section boundaries
      kunit/memcpy: Avoid pathological compile-time string size
      lib: Improve the is_signed_type() kunit test
      LoadPin: Require file with verity root digests to have a header
      dm: verity-loadpin: Only trust verity targets with enforcement
      LoadPin: Fix Kconfig doc about format of file with verity digests
      um: Enable FORTIFY_SOURCE
      lkdtm: Update tests for memcpy() run-time warnings
      fortify: Add run-time WARN for cross-field memcpy()
      fortify: Use SIZE_MAX instead of (size_t)-1
      ...
    d0989d01
MAINTAINERS 665 KB