lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202308281138.5E9835A@keescook>
Date:   Mon, 28 Aug 2023 11:42:58 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     linux-kernel@...r.kernel.org,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Anton Ivanov <anton.ivanov@...bridgegreys.com>,
        Azeem Shaikh <azeemshaikh38@...il.com>,
        Christian Brauner <brauner@...nel.org>,
        David Windsor <dwindsor@...il.com>,
        Elena Reshetova <elena.reshetova@...el.com>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Hans Liljestrand <ishkamiel@...il.com>,
        Jann Horn <jannh@...gle.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        Juergen Gross <jgross@...e.com>,
        Justin Stitt <justinstitt@...gle.com>,
        Marco Elver <elver@...gle.com>,
        Mark Rutland <mark.rutland@....com>,
        Miguel Ojeda <ojeda@...nel.org>,
        Mimi Zohar <zohar@...ux.ibm.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Song Liu <song@...nel.org>,
        "Steven Rostedt (Google)" <rostedt@...dmis.org>,
        Yonghong Song <yonghong.song@...ux.dev>,
        Zhen Lei <thunder.leizhen@...wei.com>,
        linux-hardening@...r.kernel.org
Subject: [GIT PULL] hardening updates for v6.6-rc1

Hi Linus,

Please pull these hardening updates for v6.6-rc1. As has become normal,
changes are scattered around the tree (either explicitly maintainer
Acked or for trivial stuff that went ignored). Details in the log below,
and all have been in -next for a while.

Thanks!

-Kees

The following changes since commit fdf0eaf11452d72945af31804e2a1048ee1b574c:

  Linux 6.5-rc2 (2023-07-16 15:10:37 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.6-rc1

for you to fetch changes up to 5f536ac6a5a7b67351e4e5ae4f9e1e57d31268e6:

  LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by (2023-08-25 16:07:30 -0700)

----------------------------------------------------------------
hardening updates for v6.6-rc1

- Carve out the new CONFIG_LIST_HARDENED as a more focused subset of
  CONFIG_DEBUG_LIST (Marco Elver).

- Fix kallsyms lookup failure under Clang LTO (Yonghong Song).

- Clarify documentation for CONFIG_UBSAN_TRAP (Jann Horn).

- Flexible array member conversion not carried in other tree (Gustavo
  A. R. Silva).

- Various strlcpy() and strncpy() removals not carried in other trees
  (Azeem Shaikh, Justin Stitt).

- Convert nsproxy.count to refcount_t (Elena Reshetova).

- Add handful of __counted_by annotations not carried in other trees,
  as well as an LKDTM test.

- Fix build failure with gcc-plugins on GCC 14+.

- Fix selftests to respect SKIP for signal-delivery tests.

- Fix CFI warning for paravirt callback prototype.

- Clarify documentation for seq_show_option_n() usage.

----------------------------------------------------------------
Azeem Shaikh (4):
      soc: fsl: qe: Replace all non-returning strlcpy with strscpy
      um: Remove strlcpy declaration
      perf: Replace strlcpy with strscpy
      EISA: Replace all non-returning strlcpy with strscpy

Elena Reshetova (1):
      nsproxy: Convert nsproxy.count to refcount_t

Gustavo A. R. Silva (1):
      alpha: Replace one-element array with flexible-array member

Jann Horn (1):
      ubsan: Clarify Kconfig text for CONFIG_UBSAN_TRAP

Justin Stitt (2):
      um: vector: refactor deprecated strncpy
      um: refactor deprecated strncpy to memcpy

Kees Cook (8):
      seq_file: seq_show_option_n() is used for precise sizes
      x86/paravirt: Fix tlb_remove_table function callback prototype warning
      selftests/harness: Actually report SKIP for signal tests
      gcc-plugins: Rename last_stmt() for GCC 14+
      Compiler Attributes: counted_by: Adjust name and identifier expansion
      lkdtm: Add FAM_BOUNDS test for __counted_by
      integrity: Annotate struct ima_rule_opt_list with __counted_by
      LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by

Marco Elver (4):
      compiler_types: Introduce the Clang __preserve_most function attribute
      list_debug: Introduce inline wrappers for debug checks
      list: Introduce CONFIG_LIST_HARDENED
      hardening: Move BUG_ON_DATA_CORRUPTION to hardening options

Yonghong Song (2):
      kallsyms: Fix kallsyms_selftest failure
      kallsyms: Change func signature for cleanup_symbol_name()

 arch/alpha/kernel/osf_sys.c                 |  2 +-
 arch/arm64/kvm/hyp/nvhe/Makefile            |  2 +-
 arch/arm64/kvm/hyp/nvhe/list_debug.c        |  8 ++-
 arch/um/drivers/mconsole_kern.c             |  4 +-
 arch/um/drivers/vector_user.c               |  4 +-
 arch/um/include/shared/user.h               |  1 -
 arch/um/os-Linux/umid.c                     |  6 +-
 arch/x86/kernel/paravirt.c                  |  8 ++-
 drivers/eisa/eisa-bus.c                     |  2 +-
 drivers/misc/lkdtm/bugs.c                   | 51 +++++++++++++++--
 drivers/soc/fsl/qe/qe.c                     |  4 +-
 include/linux/compiler_attributes.h         | 26 ++++-----
 include/linux/compiler_types.h              | 28 +++++++++
 include/linux/dm-verity-loadpin.h           |  2 +-
 include/linux/list.h                        | 89 +++++++++++++++++++++++++++--
 include/linux/nsproxy.h                     |  7 +--
 include/linux/seq_file.h                    |  7 ++-
 include/uapi/linux/stddef.h                 |  4 ++
 kernel/events/core.c                        |  6 +-
 kernel/kallsyms.c                           | 27 ++++-----
 kernel/kallsyms_selftest.c                  | 23 +-------
 kernel/nsproxy.c                            |  4 +-
 lib/Kconfig.debug                           | 21 +++----
 lib/Kconfig.ubsan                           | 10 +++-
 lib/Makefile                                |  2 +-
 lib/list_debug.c                            | 16 +++---
 scripts/gcc-plugins/gcc-common.h            |  4 ++
 security/Kconfig.hardening                  | 23 ++++++++
 security/integrity/ima/ima_policy.c         |  4 +-
 security/loadpin/loadpin.c                  |  3 +-
 tools/testing/selftests/kselftest_harness.h | 11 ++--
 31 files changed, 286 insertions(+), 123 deletions(-)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ