lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 19 Aug 2022 12:01:15 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org, Andrew Donnellan <ajd@...ux.ibm.com>,
        Dan Carpenter <dan.carpenter@...cle.com>,
        Erhard Furtner <erhard_f@...lbox.org>,
        James Morris <jmorris@...ei.org>,
        Kees Cook <keescook@...omium.org>,
        kernel test robot <lkp@...el.com>,
        linux-security-module@...r.kernel.org,
        Matthias Kaehlcke <mka@...omium.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Yury Norov <yury.norov@...il.com>
Subject: [GIT PULL] hardening fixes for v6.0-rc2

Hi Linus,

Please pull these two kernel hardening fixes for v6.0-rc2.

Thanks!

-Kees

The following changes since commit 27603a606fda0806d7c08914bc976931aa42020e:

  dm: verity-loadpin: Drop use of dm_table_get_num_targets() (2022-07-28 21:48:12 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.0-rc2

for you to fetch changes up to 012e8d2034f1bda8863435cd589636e618d6a659:

  gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file (2022-08-16 12:25:53 -0700)

----------------------------------------------------------------
hardening fixes for v6.0-rc2

- Also undef LATENT_ENTROPY_PLUGIN for per-file disabling (Andrew Donnellan)

- Return EFAULT on copy_from_user() failures in LoadPin (Kees Cook)

----------------------------------------------------------------
Andrew Donnellan (1):
      gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file

Kees Cook (1):
      LoadPin: Return EFAULT on copy_from_user() failures

 scripts/Makefile.gcc-plugins | 2 +-
 security/loadpin/loadpin.c   | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ