| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202507291728.51BAA26@keescook>
Date: Tue, 29 Jul 2025 17:29:41 -0700
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Hans de Goede <hansg@...nel.org>, Kees Cook <kees@...nel.org>,
kernel test robot <lkp@...el.com>, Marco Elver <elver@...gle.com>,
Nathan Chancellor <nathan@...nel.org>,
syzbot+5245cb609175fb6e8122@...kaller.appspotmail.com,
zepta <z3ptaa@...il.com>
Subject: [GIT PULL] hardening fixes for v6.17-rc1
Hi Linus,
Please pull these hardening fixes for v6.17-rc1. Notably, this contains
the fix for for the GCC __init mess I created with the kstack_erase
annotations.
Thanks!
-Kees
The following changes since commit 32e42ab9fc88a884435c27527a433f61c4d2b61b:
sched/task_stack: Add missing const qualifier to end_of_stack() (2025-07-26 14:28:35 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.17-rc1-fix1
for you to fetch changes up to f627b51aaa041cba715b59026cf2d9cb1476c7ed:
compiler_types: Provide __no_kstack_erase to disable coverage only on Clang (2025-07-29 17:19:35 -0700)
----------------------------------------------------------------
hardening fixes for v6.17-rc1
- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
I was asked to carry this fix, so here it is. :)
- fortify: Fix incorrect reporting of read buffer size
- kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS
- compiler_types: Provide __no_kstack_erase to disable coverage only on Clang
----------------------------------------------------------------
Kees Cook (4):
staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS
fortify: Fix incorrect reporting of read buffer size
compiler_types: Provide __no_kstack_erase to disable coverage only on Clang
scripts/Makefile.kstack_erase | 2 +-
arch/x86/include/asm/init.h | 2 +-
include/linux/compiler-clang.h | 3 +++
include/linux/compiler_types.h | 4 ++++
include/linux/fortify-string.h | 2 +-
include/linux/init.h | 2 +-
drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c | 9 +++++----
7 files changed, 16 insertions(+), 8 deletions(-)
--
Kees Cook
Powered by blists - more mailing lists