lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202505262001.561C185@keescook>
Date: Mon, 26 May 2025 20:25:28 -0700
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	Ard Biesheuvel <ardb@...nel.org>, Arnd Bergmann <arnd@...db.de>,
	Christoph Hellwig <hch@....de>, Coly Li <colyli@...nel.org>,
	David Gow <davidgow@...gle.com>,
	"Dr. David Alan Gilbert" <linux@...blig.org>,
	Guenter Roeck <linux@...ck-us.net>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	Harry Yoo <harry.yoo@...cle.com>,
	Jan Hendrik Farr <kernel@...rr.cc>,
	Justin Stitt <justinstitt@...gle.com>, Kees Cook <kees@...nel.org>,
	Mark Brown <broonie@...nel.org>, Miguel Ojeda <ojeda@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nicolas Schier <n.schier@....de>,
	Thomas Weißschuh <thomas.weissschuh@...utronix.de>,
	Venkat Rao Bagalkote <venkat88@...ux.ibm.com>,
	WangYuli <wangyuli@...ontech.com>
Subject: [GIT PULL] hardening updates for v6.16-rc1

Hi Linus,

Please pull these hardening updates for v6.16-rc1.

The randstruct GCC plugin was fixed but it uncovered a missed
randomization opportunity (that was similarly missed in Clang but has
also now been fixed there too).

There are two patches in this pull that are duplicated in other trees: 1
in netdev and 1 in watchdog. They were needed to build the hardening tree
(due to the randstruct fixes), but they were taken into their respective
trees kind of later in the dev cycle. I debated splitting up this tree
and ripping out the patches, but they're both small, and it seemed like
more trouble for both of us (2 pulls). If you'd rather have it split up,
let me know and I can resend it that way.

Another item of note is the kbuild change that will induce a full kernel
rebuild when other dependencies of the compile change (randstruct seed,
GCC plugins are rebuilt, or the Clang sanitizer .scl file content
changes). Several variations were attempted by myself and kbuild
maintainers was the version ultimately agreed to (and I carried in my
tree since it's all due to hardening features anyway).

Thanks!

-Kees

The following changes since commit b4432656b36e5cc1d50a1f2dc15357543add530e:

  Linux 6.15-rc4 (2025-04-27 15:19:23 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.16-rc1

for you to fetch changes up to f0cd6012c40da99b45f8f63052b97ec89d5f307b:

  Revert "hardening: Disable GCC randstruct for COMPILE_TEST" (2025-05-08 09:42:40 -0700)

----------------------------------------------------------------
hardening updates for v6.16-rc1

- Update overflow helpers to ease refactoring of on-stack flex array
  instances (Gustavo A. R. Silva, Kees Cook)

- lkdtm: Use SLAB_NO_MERGE instead of constructors (Harry Yoo)

- Simplify CONFIG_CC_HAS_COUNTED_BY (Jan Hendrik Farr)

- Disable u64 usercopy KUnit test on 32-bit SPARC (Thomas Weißschuh)

- Add missed designated initializers now exposed by fixed randstruct
  (Nathan Chancellor, Kees Cook)

- Document compilers versions for __builtin_dynamic_object_size

- Remove ARM_SSP_PER_TASK GCC plugin

- Fix GCC plugin randstruct, add selftests, and restore COMPILE_TEST
  builds

- Kbuild: induce full rebuilds when dependencies change with GCC plugins,
  the Clang sanitizer .scl file, or the randstruct seed.

- Kbuild: Switch from -Wvla to -Wvla-larger-than=1

- Correct several __nonstring uses for -Wunterminated-string-initialization

----------------------------------------------------------------
Gustavo A. R. Silva (3):
      overflow: Add STACK_FLEX_ARRAY_SIZE() helper
      kunit/overflow: Add tests for STACK_FLEX_ARRAY_SIZE() helper
      overflow: Fix direct struct member initialization in _DEFINE_FLEX()

Harry Yoo (1):
      lkdtm: use SLAB_NO_MERGE instead of an empty constructor

Jan Hendrik Farr (1):
      hardening: simplify CONFIG_CC_HAS_COUNTED_BY

Kees Cook (16):
      gcc-plugins: Remove ARM_SSP_PER_TASK plugin
      compiler_types: Identify compiler versions for __builtin_dynamic_object_size
      overflow: Clarify expectations for getting DEFINE_FLEX variable sizes
      mod_devicetable: Enlarge the maximum platform_device_id name length
      watchdog: exar: Shorten identity name to fit correctly
      input/joystick: magellan: Mark __nonstring look-up table const
      kbuild: Switch from -Wvla to -Wvla-larger-than=1
      gcc-plugins: Force full rebuild when plugins change
      randstruct: Force full rebuild when seed changes
      integer-wrap: Force full rebuild when .scl file changes
      md/bcache: Mark __nonstring look-up table
      scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops
      randstruct: gcc-plugin: Remove bogus void member
      lib/tests: Add randstruct KUnit test
      lib/tests: randstruct: Add deep function pointer layout test
      Revert "hardening: Disable GCC randstruct for COMPILE_TEST"

Nathan Chancellor (1):
      net: qede: Initialize qede_ll_ops with designated initializer

Thomas Weißschuh (1):
      kunit/usercopy: Disable u64 test on 32-bit SPARC

 arch/arm/Kconfig                              |   3 +-
 init/Kconfig                                  |   9 +-
 scripts/gcc-plugins/Kconfig                   |   4 -
 lib/Kconfig.debug                             |   8 +
 security/Kconfig.hardening                    |   2 +-
 arch/arm/boot/compressed/Makefile             |   2 +-
 lib/Makefile                                  |   1 -
 lib/tests/Makefile                            |   1 +
 mm/kasan/Makefile                             |   3 +-
 scripts/basic/Makefile                        |   5 +
 scripts/gcc-plugins/Makefile                  |   4 +
 scripts/Makefile.extrawarn                    |   9 +-
 scripts/Makefile.gcc-plugins                  |   8 +-
 scripts/Makefile.lib                          |  18 ++
 scripts/Makefile.ubsan                        |   1 +
 scripts/gcc-plugins/arm_ssp_per_task_plugin.c | 107 ---------
 scripts/gcc-plugins/randomize_layout_plugin.c |  18 +-
 include/linux/compiler-version.h              |  30 +++
 include/linux/compiler_types.h                |   5 +
 include/linux/mod_devicetable.h               |   2 +-
 include/linux/overflow.h                      |  23 +-
 include/linux/vermagic.h                      |   1 -
 drivers/input/joystick/magellan.c             |   2 +-
 drivers/md/bcache/super.c                     |   3 +-
 drivers/misc/lkdtm/heap.c                     |  17 +-
 drivers/net/ethernet/qlogic/qede/qede_main.c  |   2 +-
 drivers/scsi/qedf/qedf_main.c                 |   2 +-
 drivers/watchdog/exar_wdt.c                   |   2 +-
 lib/tests/overflow_kunit.c                    |   4 +
 lib/tests/randstruct_kunit.c                  | 334 ++++++++++++++++++++++++++
 lib/tests/usercopy_kunit.c                    |   1 +
 MAINTAINERS                                   |   1 +
 32 files changed, 461 insertions(+), 171 deletions(-)
 delete mode 100644 scripts/gcc-plugins/arm_ssp_per_task_plugin.c
 create mode 100644 lib/tests/randstruct_kunit.c

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ