[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202212231039.504D027B9@keescook>
Date: Fri, 23 Dec 2022 10:40:03 -0800
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Arnd Bergmann <arnd@...db.de>,
Daniel Díaz <daniel.diaz@...aro.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
James Morris <jmorris@...ei.org>, Jann Horn <jannh@...gle.com>,
Kees Cook <keescook@...omium.org>,
kernel test robot <lkp@...el.com>,
Kristina Martsenko <kristina.martsenko@....com>,
linux-hardening@...r.kernel.org,
linux-security-module@...r.kernel.org,
Luis Chamberlain <mcgrof@...nel.org>,
Marco Elver <elver@...gle.com>,
Mark Rutland <mark.rutland@....com>,
Nathan Chancellor <nathan@...nel.org>,
Paul Moore <paul@...l-moore.com>,
Peter Zijlstra <peterz@...radead.org>,
Petr Mladek <pmladek@...e.com>,
Ping-Ke Shih <pkshih@...ltek.com>,
Sami Tolvanen <samitolvanen@...gle.com>,
Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
"Serge E. Hallyn" <serge@...lyn.com>,
tangmeng <tangmeng@...ontech.com>,
Tiezhu Yang <yangtiezhu@...ngson.cn>
Subject: [GIT PULL] kernel hardening fixes for v6.2-rc1
Hi Linus,
Please pull these kernel hardening fixes for v6.2-rc1. (Yay typos.)
Thanks!
-Kees
The following changes since commit d272e01fa0a2f15c5c331a37cd99c6875c7b7186:
ksmbd: replace one-element arrays with flexible-array members (2022-12-02 13:14:29 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.2-rc1-fixes
for you to fetch changes up to cf8016408d880afe9c5dc495af40dc2932874e77:
cfi: Fix CFI failure with KASAN (2022-12-23 10:04:31 -0800)
----------------------------------------------------------------
kernel hardening fixes for v6.2-rc1
- Fix CFI failure with KASAN (Sami Tolvanen)
- Fix LKDTM + CFI under GCC 7 and 8 (Kristina Martsenko)
- Limit CONFIG_ZERO_CALL_USED_REGS to Clang > 15.0.6 (Nathan Chancellor)
- Ignore "contents" argument in LoadPin's LSM hook handling
- Fix paste-o in /sys/kernel/warn_count API docs
- Use READ_ONCE() consistently for oops/warn limit reading
----------------------------------------------------------------
Kees Cook (3):
LoadPin: Ignore the "contents" argument of the LSM hooks
docs: Fix path paste-o for /sys/kernel/warn_count
exit: Use READ_ONCE() for all oops/warn limit reads
Kristina Martsenko (1):
lkdtm: cfi: Make PAC test work with GCC 7 and 8
Nathan Chancellor (1):
security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
Sami Tolvanen (1):
cfi: Fix CFI failure with KASAN
Documentation/ABI/testing/sysfs-kernel-warn_count | 2 +-
drivers/misc/lkdtm/cfi.c | 6 ++++-
kernel/Makefile | 3 ---
kernel/exit.c | 6 +++--
kernel/panic.c | 7 ++++--
security/Kconfig.hardening | 3 +++
security/loadpin/loadpin.c | 30 ++++++++++++++---------
7 files changed, 36 insertions(+), 21 deletions(-)
--
Kees Cook
Powered by blists - more mailing lists