| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 May 2022 12:10:02 -0700
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org,
Alexander Popov <alex.popov@...ux.com>,
Bill Wendling <morbo@...gle.com>,
David Howells <dhowells@...hat.com>,
Jeff Layton <jlayton@...nel.org>,
Kees Cook <keescook@...omium.org>,
linux-hardening@...r.kernel.org,
Mark Rutland <mark.rutland@....com>,
"Matthew Wilcox (Oracle)" <willy@...radead.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
Yuanzheng Song <songyuanzheng@...wei.com>
Subject: [GIT PULL] kernel hardening updates for v5.19-rc1
Hi Linus,
Please pull these kernel hardening updates for v5.19-rc1. As hardening
features are now supported by various combinations of native GCC,
native Clang, and GCC plugins, the dependencies don't allow for a clean
separation between a "gcc plugins" tree and a "clang features" tree, and
similarly, the tweaks for the "small" LSMs (e.g. LoadPin) don't really
make sense to carry separately either. So, here is the combined tree,
which I was already heading toward during the last merge window.
Please note there are 2 easy conflicts to deal with, but I wanted to
make sure they were clear and to give some context for why they happened:
1) drivers/misc/lkdtm/stackleak.c
char-misc
73f62e60d80c ("lkdtm: Move crashtype definitions into each category")
hardening:
f03a50938dec ("lkdtm/stackleak: prevent unexpected stack usage")
73f62e60d80c is a larger refactoring of how all the LKDTM tests are
registered with the LKDTM core, but the stackleak test updates depend on
the arm64 changes, so these came via separate trees. The resolution is
easy; the linux-next notes are here:
https://lore.kernel.org/linux-next/202205091610.4375DD0A@keescook/
2) include/linux/netfs.h
fscache
713423282ae1 ("netfs: Fix gcc-12 warning by embedding vfs inode in netfs_i_context")
hardening
3b5eed3c71a2 ("netfs: Eliminate Clang randstruct warning")
3b5eed3c71a2 can be entirely dropped in favor of 713423282ae1, which
is the more complete solution, keeping both Clang and GCC happy.
3b5eed3c71a2 was committed before GCC 12 was released and 713423282ae1
was being worked on right up until yesterday, so to keep the commit history
intact and avoid Clang-specific allmodconfig warnings to appear, I kept it
in the hardening tree rather than doing a revert just to avoid the conflict.
The linux-next notes are here:
https://lore.kernel.org/linux-next/20220523205716.4a641c41@canb.auug.org.au/
Thanks!
-Kees
The following changes since commit a19944809fe9942e6a96292490717904d0690c21:
Merge tag 'hardening-v5.18-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux (2022-04-12 14:29:40 -1000)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/kernel-hardening-v5.19-rc1
for you to fetch changes up to ed5edd5a70b9525085403f193786395179ea303d:
loadpin: stop using bdevname (2022-05-16 16:02:21 -0700)
----------------------------------------------------------------
kernel-hardening updates for v5.19-rc1
- usercopy hardening expanded to check other allocation types
(Matthew Wilcox, Yuanzheng Song)
- arm64 stackleak behavioral improvements (Mark Rutland)
- arm64 CFI code gen improvement (Sami Tolvanen)
- LoadPin LSM block dev API adjustment (Christoph Hellwig)
- Clang randstruct support (Bill Wendling, Kees Cook)
----------------------------------------------------------------
Bill Wendling (1):
security: don't treat structure as an array of struct hlist_head
Christoph Hellwig (1):
loadpin: stop using bdevname
Kees Cook (12):
netfs: Eliminate Clang randstruct warning
sancov: Split plugin build from plugin CFLAGS
randstruct: Reorganize Kconfigs and attribute macros
randstruct: Split randstruct Makefile and CFLAGS
randstruct: Move seed generation into scripts/basic/
randstruct: Enable Clang support
randomize_kstack: Improve docs on requirements/rationale
gcc-plugins: Change all version strings match kernel
big_keys: Use struct for internal payload
niu: Silence randstruct warnings
af_unix: Silence randstruct GCC plugin warning
gcc-plugins: randstruct: Remove cast exception handling
Mark Rutland (14):
arm64: stackleak: fix current_top_of_stack()
stackleak: move skip_erasing() check earlier
stackleak: remove redundant check
stackleak: rework stack low bound handling
stackleak: clarify variable names
stackleak: rework stack high bound handling
stackleak: rework poison scanning
lkdtm/stackleak: avoid spurious failure
lkdtm/stackleak: rework boundary management
lkdtm/stackleak: prevent unexpected stack usage
lkdtm/stackleak: check stack boundaries
stackleak: add on/off stack variants
arm64: entry: use stackleak_erase_on_task_stack()
lkdtm/stackleak: fix CONFIG_GCC_PLUGIN_STACKLEAK=n
Matthew Wilcox (Oracle) (4):
mm/usercopy: Check kmap addresses properly
mm/usercopy: Detect vmalloc overruns
mm/usercopy: Detect large folio overruns
usercopy: Remove HARDENED_USERCOPY_PAGESPAN
Sami Tolvanen (1):
cfi: Use __builtin_function_start
Yuanzheng Song (1):
mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()
Documentation/dontdiff | 1 +
Documentation/kbuild/reproducible-builds.rst | 8 +-
Makefile | 1 +
arch/Kconfig | 5 +-
arch/arm/vdso/Makefile | 2 +-
arch/arm64/include/asm/compiler.h | 16 ---
arch/arm64/include/asm/processor.h | 10 +-
arch/arm64/kernel/entry.S | 2 +-
arch/arm64/kernel/vdso/Makefile | 3 +-
arch/riscv/Kconfig | 2 +-
arch/sparc/vdso/Makefile | 3 +-
arch/x86/entry/vdso/Makefile | 3 +-
arch/x86/include/asm/highmem.h | 1 +
arch/x86/mm/pti.c | 2 +-
drivers/misc/lkdtm/stackleak.c | 145 ++++++++++++++++++--------
drivers/net/ethernet/sun/niu.c | 41 ++++++--
include/linux/compiler-clang.h | 10 ++
include/linux/compiler-gcc.h | 8 --
include/linux/compiler_types.h | 14 +--
include/linux/highmem-internal.h | 10 ++
include/linux/netfs.h | 4 +-
include/linux/randomize_kstack.h | 27 ++++-
include/linux/stackleak.h | 55 +++++++++-
include/linux/vermagic.h | 10 +-
kernel/panic.c | 2 +-
kernel/stackleak.c | 105 +++++++++++--------
mm/usercopy.c | 91 +++++-----------
net/unix/af_unix.c | 8 +-
scripts/Makefile.gcc-plugins | 22 ++--
scripts/Makefile.randstruct | 17 +++
scripts/basic/.gitignore | 1 +
scripts/basic/Makefile | 11 ++
scripts/gcc-plugins/Kconfig | 38 -------
scripts/gcc-plugins/Makefile | 24 +++--
scripts/gcc-plugins/gen-random-seed.sh | 9 --
scripts/gcc-plugins/latent_entropy_plugin.c | 2 +-
scripts/gcc-plugins/randomize_layout_plugin.c | 89 +---------------
scripts/gcc-plugins/sancov_plugin.c | 2 +-
scripts/gcc-plugins/stackleak_plugin.c | 2 +-
scripts/gcc-plugins/structleak_plugin.c | 2 +-
scripts/gen-randstruct-seed.sh | 7 ++
security/Kconfig | 13 +--
security/Kconfig.hardening | 73 +++++++++++++
security/keys/big_key.c | 73 +++++++------
security/loadpin/loadpin.c | 5 +-
security/security.c | 9 +-
46 files changed, 539 insertions(+), 449 deletions(-)
create mode 100644 scripts/Makefile.randstruct
delete mode 100755 scripts/gcc-plugins/gen-random-seed.sh
create mode 100755 scripts/gen-randstruct-seed.sh
--
Kees Cook
Powered by blists - more mailing lists