# git rev-parse -q --verify d0989d01c66fed6a741820a96b8cca6688f183ff^{commit} d0989d01c66fed6a741820a96b8cca6688f183ff already have revision, skipping fetch # git checkout -q -f -B kisskb d0989d01c66fed6a741820a96b8cca6688f183ff # git clean -qxdf # < git log -1 # commit d0989d01c66fed6a741820a96b8cca6688f183ff # Merge: 865dad2022c5 2120635108b3 # Author: Linus Torvalds # Date: Mon Oct 3 17:24:22 2022 -0700 # # Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux # # Pull kernel hardening updates from Kees Cook: # "Most of the collected changes here are fixes across the tree for # various hardening features (details noted below). # # The most notable new feature here is the addition of the memcpy() # overflow warning (under CONFIG_FORTIFY_SOURCE), which is the next step # on the path to killing the common class of "trivially detectable" # buffer overflow conditions (i.e. on arrays with sizes known at compile # time) that have resulted in many exploitable vulnerabilities over the # years (e.g. BleedingTooth). # # This feature is expected to still have some undiscovered false # positives. It's been in -next for a full development cycle and all the # reported false positives have been fixed in their respective trees. # All the known-bad code patterns we could find with Coccinelle are also # either fixed in their respective trees or in flight. # # The commit message in commit 54d9469bc515 ("fortify: Add run-time WARN # for cross-field memcpy()") for the feature has extensive details, but # I'll repeat here that this is a warning _only_, and is not intended to # actually block overflows (yet). The many patches fixing array sizes # and struct members have been landing for several years now, and we're # finally able to turn this on to find any remaining stragglers. # # Summary: # # Various fixes across several hardening areas: # # - loadpin: Fix verity target enforcement (Matthias Kaehlcke). # # - zero-call-used-regs: Add missing clobbers in paravirt (Bill # Wendling). # # - CFI: clean up sparc function pointer type mismatches (Bart Van # Assche). # # - Clang: Adjust compiler flag detection for various Clang changes # (Sami Tolvanen, Kees Cook). # # - fortify: Fix warnings in arch-specific code in sh, ARM, and xen. # # Improvements to existing features: # # - testing: improve overflow KUnit test, introduce fortify KUnit test, # add more coverage to LKDTM tests (Bart Van Assche, Kees Cook). # # - overflow: Relax overflow type checking for wider utility. # # New features: # # - string: Introduce strtomem() and strtomem_pad() to fill a gap in # strncpy() replacement needs. # # - um: Enable FORTIFY_SOURCE support. # # - fortify: Enable run-time struct member memcpy() overflow warning" # # * tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (27 commits) # Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 # hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero # sparc: Unbreak the build # x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled # x86/paravirt: clean up typos and grammaros # fortify: Convert to struct vs member helpers # fortify: Explicitly check bounds are compile-time constants # x86/entry: Work around Clang __bdos() bug # ARM: decompressor: Include .data.rel.ro.local # fortify: Adjust KUnit test for modular build # sh: machvec: Use char[] for section boundaries # kunit/memcpy: Avoid pathological compile-time string size # lib: Improve the is_signed_type() kunit test # LoadPin: Require file with verity root digests to have a header # dm: verity-loadpin: Only trust verity targets with enforcement # LoadPin: Fix Kconfig doc about format of file with verity digests # um: Enable FORTIFY_SOURCE # lkdtm: Update tests for memcpy() run-time warnings # fortify: Add run-time WARN for cross-field memcpy() # fortify: Use SIZE_MAX instead of (size_t)-1 # ... # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 d0989d01c66fed6a741820a96b8cca6688f183ff # < make -s -j 32 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- randconfig # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_BUILD_DOCSRC=n # Added to kconfig CONFIG_MODULE_SIG=n # Added to kconfig CONFIG_CPU_BIG_ENDIAN=y # Added to kconfig CONFIG_PPC64=y # Added to kconfig CONFIG_PPC_DISABLE_WERROR=y # Added to kconfig CONFIG_SECTION_MISMATCH_WARN_ONLY=y # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # Added to kconfig CONFIG_CC_STACKPROTECTOR_STRONG=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig CONFIG_LD_HEAD_STUB_CATCH=y # Added to kconfig CONFIG_TRIM_UNUSED_KSYMS=n # Added to kconfig CONFIG_UBSAN=n # < make -s -j 32 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- help # make -s -j 32 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- olddefconfig .config:4430:warning: override: reassigning to symbol MODULE_SIG .config:4432:warning: override: reassigning to symbol PPC64 .config:4433:warning: override: reassigning to symbol PPC_DISABLE_WERROR .config:4434:warning: override: reassigning to symbol SECTION_MISMATCH_WARN_ONLY .config:4435:warning: override: reassigning to symbol PREVENT_FIRMWARE_BUILD # make -s -j 32 ARCH=powerpc O=/kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- Completed OK # rm -rf /kisskb/build/linus-rand_powerpc-randconfig_powerpc-gcc11 # Build took: 0:05:09.961645