# git rev-parse -q --verify d0989d01c66fed6a741820a96b8cca6688f183ff^{commit} d0989d01c66fed6a741820a96b8cca6688f183ff already have revision, skipping fetch # git checkout -q -f -B kisskb d0989d01c66fed6a741820a96b8cca6688f183ff # git clean -qxdf # < git log -1 # commit d0989d01c66fed6a741820a96b8cca6688f183ff # Merge: 865dad2022c5 2120635108b3 # Author: Linus Torvalds # Date: Mon Oct 3 17:24:22 2022 -0700 # # Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux # # Pull kernel hardening updates from Kees Cook: # "Most of the collected changes here are fixes across the tree for # various hardening features (details noted below). # # The most notable new feature here is the addition of the memcpy() # overflow warning (under CONFIG_FORTIFY_SOURCE), which is the next step # on the path to killing the common class of "trivially detectable" # buffer overflow conditions (i.e. on arrays with sizes known at compile # time) that have resulted in many exploitable vulnerabilities over the # years (e.g. BleedingTooth). # # This feature is expected to still have some undiscovered false # positives. It's been in -next for a full development cycle and all the # reported false positives have been fixed in their respective trees. # All the known-bad code patterns we could find with Coccinelle are also # either fixed in their respective trees or in flight. # # The commit message in commit 54d9469bc515 ("fortify: Add run-time WARN # for cross-field memcpy()") for the feature has extensive details, but # I'll repeat here that this is a warning _only_, and is not intended to # actually block overflows (yet). The many patches fixing array sizes # and struct members have been landing for several years now, and we're # finally able to turn this on to find any remaining stragglers. # # Summary: # # Various fixes across several hardening areas: # # - loadpin: Fix verity target enforcement (Matthias Kaehlcke). # # - zero-call-used-regs: Add missing clobbers in paravirt (Bill # Wendling). # # - CFI: clean up sparc function pointer type mismatches (Bart Van # Assche). # # - Clang: Adjust compiler flag detection for various Clang changes # (Sami Tolvanen, Kees Cook). # # - fortify: Fix warnings in arch-specific code in sh, ARM, and xen. # # Improvements to existing features: # # - testing: improve overflow KUnit test, introduce fortify KUnit test, # add more coverage to LKDTM tests (Bart Van Assche, Kees Cook). # # - overflow: Relax overflow type checking for wider utility. # # New features: # # - string: Introduce strtomem() and strtomem_pad() to fill a gap in # strncpy() replacement needs. # # - um: Enable FORTIFY_SOURCE support. # # - fortify: Enable run-time struct member memcpy() overflow warning" # # * tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (27 commits) # Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 # hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero # sparc: Unbreak the build # x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled # x86/paravirt: clean up typos and grammaros # fortify: Convert to struct vs member helpers # fortify: Explicitly check bounds are compile-time constants # x86/entry: Work around Clang __bdos() bug # ARM: decompressor: Include .data.rel.ro.local # fortify: Adjust KUnit test for modular build # sh: machvec: Use char[] for section boundaries # kunit/memcpy: Avoid pathological compile-time string size # lib: Improve the is_signed_type() kunit test # LoadPin: Require file with verity root digests to have a header # dm: verity-loadpin: Only trust verity targets with enforcement # LoadPin: Fix Kconfig doc about format of file with verity digests # um: Enable FORTIFY_SOURCE # lkdtm: Update tests for memcpy() run-time warnings # fortify: Add run-time WARN for cross-field memcpy() # fortify: Use SIZE_MAX instead of (size_t)-1 # ... # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/x86_64-linux/bin/x86_64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/x86_64-linux/bin/x86_64-linux-ld --version # < git log --format=%s --max-count=1 d0989d01c66fed6a741820a96b8cca6688f183ff # < make -s -j 24 ARCH=x86_64 O=/kisskb/build/linus-rand_x86_64-randconfig_x86_64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/x86_64-linux/bin/x86_64-linux- randconfig # Added to kconfig CONFIG_STANDALONE=y # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # Added to kconfig CONFIG_CC_STACKPROTECTOR_STRONG=n # Added to kconfig CONFIG_GCC_PLUGINS=n # Added to kconfig CONFIG_GCC_PLUGIN_CYC_COMPLEXITY=n # Added to kconfig CONFIG_GCC_PLUGIN_SANCOV=n # Added to kconfig CONFIG_GCC_PLUGIN_LATENT_ENTROPY=n # Added to kconfig CONFIG_BPF_PRELOAD=n # Added to kconfig # < make -s -j 24 ARCH=x86_64 O=/kisskb/build/linus-rand_x86_64-randconfig_x86_64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/x86_64-linux/bin/x86_64-linux- help # make -s -j 24 ARCH=x86_64 O=/kisskb/build/linus-rand_x86_64-randconfig_x86_64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/x86_64-linux/bin/x86_64-linux- olddefconfig .config:5257:warning: override: reassigning to symbol STANDALONE .config:5260:warning: override: reassigning to symbol GCC_PLUGINS # make -s -j 24 ARCH=x86_64 O=/kisskb/build/linus-rand_x86_64-randconfig_x86_64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/x86_64-linux/bin/x86_64-linux- Completed OK # rm -rf /kisskb/build/linus-rand_x86_64-randconfig_x86_64-gcc11 # Build took: 0:09:29.754525