lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202409160146.2E6CDE4C2@keescook>
Date: Mon, 16 Sep 2024 02:39:12 -0700
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Andy Shevchenko <andy@...nel.org>,
	Andy Shevchenko <andy.shevchenko@...il.com>,
	Bryan O'Donoghue <bryan.odonoghue@...aro.org>,
	Dikshita Agarwal <quic_dikshita@...cinc.com>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	Hongbo Li <lihongbo22@...wei.com>,
	Justin Stitt <justinstitt@...gle.com>, Kees Cook <kees@...nel.org>,
	Laurent Pinchart <laurent.pinchart@...asonboard.com>,
	Masahiro Yamada <masahiroy@...nel.org>,
	Michal Wajdeczko <michal.wajdeczko@...el.com>,
	Miguel Ojeda <ojeda@...nel.org>,
	Vikash Garodia <quic_vgarodia@...cinc.com>
Subject: [GIT PULL] hardening updates for v6.12-rc1

Hi Linus,

Please pull these hardening updates for v6.12-rc1. Most of this is
string_choice additions, with some more straggling flexible array fixes,
selftest build improvements, and a new check for nonstring arguments.

A notable conflict is that str_up_down() got defined in drm too. So it
needs to be removed during the merge, which is rather awkward. It was
solved in linux-next with this:
https://lore.kernel.org/linux-next/20240909195939.067c1c13@canb.auug.org.au/

Thanks!

-Kees

The following changes since commit de9c2c66ad8e787abec7c9d7eff4f8c3cdd28aed:

  Linux 6.11-rc2 (2024-08-04 13:50:53 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.12-rc1

for you to fetch changes up to c121d5cc3a993cdbfab46a152bdd50227a4d5e8c:

  lib/string_choices: Add some comments to make more clear for string choices helpers. (2024-09-05 09:50:16 -0700)

----------------------------------------------------------------
hardening updates for v6.12-rc1

- lib/string_choices: Add str_up_down() helper (Michal Wajdeczko)

- lib/string_choices: Add str_true_false()/str_false_true() helper
  (Hongbo Li)

- lib/string_choices: Introduce several opposite string choice helpers
  (Hongbo Li)

- lib/string_helpers: rework overflow-dependent code (Justin Stitt)

- fortify: refactor test_fortify Makefile to fix some build problems
  (Masahiro Yamada)

- string: Check for "nonstring" attribute on strscpy() arguments

- virt: vbox: Replace 1-element arrays with flexible arrays

- media: venus: hfi_cmds: Replace 1-element arrays with flexible arrays

----------------------------------------------------------------
Hongbo Li (3):
      lib/string_choices: Add str_true_false()/str_false_true() helper
      lib/string_choices: Introduce several opposite string choice helpers
      lib/string_choices: Add some comments to make more clear for string choices helpers.

Justin Stitt (1):
      lib/string_helpers: rework overflow-dependent code

Kees Cook (6):
      string_choices: Add wrapper for str_down_up()
      coccinelle: Add rules to find str_down_up() replacements
      virt: vbox: struct vmmdev_hgcm_pagelist: Replace 1-element array with flexible array
      media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Replace 1-element array with flexible array
      media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Add __counted_by annotation
      string: Check for "nonstring" attribute on strscpy() arguments

Masahiro Yamada (3):
      fortify: refactor test_fortify Makefile to fix some build problems
      fortify: move test_fortify.sh to lib/test_fortify/
      fortify: use if_changed_dep to record header dependency in *.cmd files

Michal Wajdeczko (2):
      lib/string_choices: Add str_up_down() helper
      coccinelle: Add rules to find str_up_down() replacements

 MAINTAINERS                                   |  1 -
 drivers/media/platform/qcom/venus/hfi_cmds.h  |  2 +-
 include/linux/compiler.h                      |  3 ++
 include/linux/compiler_types.h                |  7 ++++
 include/linux/string.h                        | 12 ++++---
 include/linux/string_choices.h                | 29 +++++++++++++++++
 include/uapi/linux/vbox_vmmdev_types.h        |  5 ++-
 lib/.gitignore                                |  2 --
 lib/Makefile                                  | 38 +---------------------
 lib/string_helpers.c                          |  3 ++
 lib/test_fortify/.gitignore                   |  2 ++
 lib/test_fortify/Makefile                     | 28 ++++++++++++++++
 {scripts => lib/test_fortify}/test_fortify.sh |  0
 scripts/coccinelle/api/string_choices.cocci   | 46 +++++++++++++++++++++++++++
 scripts/remove-stale-files                    |  2 ++
 15 files changed, 134 insertions(+), 46 deletions(-)
 create mode 100644 lib/test_fortify/.gitignore
 create mode 100644 lib/test_fortify/Makefile
 rename {scripts => lib/test_fortify}/test_fortify.sh (100%)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ