| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202509291213.E313986EE@keescook>
Date: Mon, 29 Sep 2025 12:15:50 -0700
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Andy Shevchenko <andy@...nel.org>,
Christopher Fore <csfore@...teo.net>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
Junjie Cao <junjie.cao@...el.com>, Kees Cook <kees@...nel.org>,
Lad Prabhakar <prabhakar.mahadev-lad.rj@...renesas.com>,
Linus Walleij <linus.walleij@...aro.org>,
Nathan Chancellor <nathan@...nel.org>,
Philipp Zabel <p.zabel@...gutronix.de>,
Vegard Nossum <vegard.nossum@...cle.com>
Subject: [GIT PULL] hardening updates for v6.18-rc1
Hi Linus,
Please pull these hardening updates for v6.18-rc1. One notable addition
is the creation of the "transitional" keyword for kconfig so CONFIG
renaming can go more smoothly. This has been a long-standing deficiency,
and with the renaming of CONFIG_CFI_CLANG to CONFIG_CFI (since GCC will
soon have KCFI support), this came up again. The breadth of the diffstat
is mainly this renaming.
Thanks!
-Kees
The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.18-rc1
for you to fetch changes up to c8a935a31bc787db52296944890f300ba9479088:
lib/string_choices: Add str_assert_deassert() helper (2025-09-28 20:42:29 -0700)
----------------------------------------------------------------
hardening updates for v6.18-rc1
- Clean up usage of TRAILING_OVERLAP() (Gustavo A. R. Silva)
- lkdtm: fortify: Fix potential NULL dereference on kmalloc failure
(Junjie Cao)
- Add str_assert_deassert() helper (Lad Prabhakar)
- gcc-plugins: Remove TODO_verify_il for GCC >= 16
- kconfig: Fix BrokenPipeError warnings in selftests
- kconfig: Add transitional symbol attribute for migration support
- kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI
----------------------------------------------------------------
Gustavo A. R. Silva (2):
stddef: Remove token-pasting in TRAILING_OVERLAP()
stddef: Introduce __TRAILING_OVERLAP()
Junjie Cao (1):
lkdtm: fortify: Fix potential NULL dereference on kmalloc failure
Kees Cook (4):
gcc-plugins: Remove TODO_verify_il for GCC >= 16
kconfig: Fix BrokenPipeError warnings in selftests
kconfig: Add transitional symbol attribute for migration support
kcfi: Rename CONFIG_CFI_CLANG to CONFIG_CFI
Lad Prabhakar (1):
lib/string_choices: Add str_assert_deassert() helper
arch/Kconfig | 36 +++++---
arch/arm/Kconfig | 2 +-
arch/arm64/Kconfig | 4 +-
arch/riscv/Kconfig | 6 +-
arch/x86/Kconfig | 12 +--
init/Kconfig | 4 +-
kernel/module/Kconfig | 2 +-
scripts/kconfig/tests/err_transitional/Kconfig | 52 +++++++++++
scripts/kconfig/tests/transitional/Kconfig | 100 +++++++++++++++++++++
lib/Kconfig.debug | 2 +-
Makefile | 2 +-
arch/arm/mm/Makefile | 2 +-
arch/riscv/kernel/Makefile | 2 +-
arch/riscv/purgatory/Makefile | 2 +-
arch/x86/kernel/Makefile | 2 +-
arch/x86/purgatory/Makefile | 2 +-
kernel/Makefile | 2 +-
scripts/gcc-plugins/gcc-common.h | 7 ++
scripts/kconfig/expr.h | 1 +
scripts/kconfig/lexer.l | 1 +
scripts/kconfig/parser.y | 47 ++++++++++
scripts/kconfig/symbol.c | 7 +-
scripts/kconfig/tests/conftest.py | 17 +++-
scripts/kconfig/tests/err_transitional/__init__.py | 14 +++
.../kconfig/tests/err_transitional/expected_stderr | 7 ++
scripts/kconfig/tests/transitional/__init__.py | 18 ++++
scripts/kconfig/tests/transitional/expected_config | 12 +++
scripts/kconfig/tests/transitional/initial_config | 16 ++++
Documentation/kbuild/kconfig-language.rst | 32 +++++++
arch/riscv/include/asm/cfi.h | 4 +-
arch/x86/include/asm/cfi.h | 4 +-
include/asm-generic/vmlinux.lds.h | 2 +-
include/linux/cfi.h | 6 +-
include/linux/cfi_types.h | 8 +-
include/linux/compiler.h | 2 +-
include/linux/stddef.h | 24 ++++-
include/linux/string_choices.h | 6 ++
tools/include/linux/cfi_types.h | 6 +-
tools/perf/util/include/linux/linkage.h | 2 +-
arch/arm/mm/cache-fa.S | 2 +-
arch/arm/mm/cache-v4.S | 2 +-
arch/arm/mm/cache-v4wb.S | 4 +-
arch/arm/mm/cache-v4wt.S | 2 +-
arch/arm/mm/cache-v6.S | 2 +-
arch/arm/mm/cache-v7.S | 2 +-
arch/arm/mm/cache-v7m.S | 2 +-
arch/arm/mm/proc-arm1020.S | 2 +-
arch/arm/mm/proc-arm1020e.S | 2 +-
arch/arm/mm/proc-arm1022.S | 2 +-
arch/arm/mm/proc-arm1026.S | 2 +-
arch/arm/mm/proc-arm920.S | 2 +-
arch/arm/mm/proc-arm922.S | 2 +-
arch/arm/mm/proc-arm925.S | 2 +-
arch/arm/mm/proc-arm926.S | 2 +-
arch/arm/mm/proc-arm940.S | 2 +-
arch/arm/mm/proc-arm946.S | 2 +-
arch/arm/mm/proc-feroceon.S | 2 +-
arch/arm/mm/proc-mohawk.S | 2 +-
arch/arm/mm/proc-xsc3.S | 2 +-
arch/arm/mm/tlb-v4.S | 2 +-
arch/arm/kernel/hw_breakpoint.c | 2 +-
arch/arm64/kernel/debug-monitors.c | 2 +-
arch/arm64/kernel/traps.c | 4 +-
arch/arm64/kvm/handle_exit.c | 2 +-
arch/arm64/net/bpf_jit_comp.c | 2 +-
arch/riscv/net/bpf_jit_comp64.c | 4 +-
arch/x86/kernel/alternative.c | 4 +-
arch/x86/kernel/kprobes/core.c | 2 +-
drivers/misc/lkdtm/cfi.c | 2 +-
drivers/misc/lkdtm/fortify.c | 6 ++
kernel/module/tree_lookup.c | 2 +-
kernel/configs/hardening.config | 4 +-
72 files changed, 461 insertions(+), 96 deletions(-)
create mode 100644 scripts/kconfig/tests/err_transitional/Kconfig
create mode 100644 scripts/kconfig/tests/transitional/Kconfig
create mode 100644 scripts/kconfig/tests/err_transitional/__init__.py
create mode 100644 scripts/kconfig/tests/err_transitional/expected_stderr
create mode 100644 scripts/kconfig/tests/transitional/__init__.py
create mode 100644 scripts/kconfig/tests/transitional/expected_config
create mode 100644 scripts/kconfig/tests/transitional/initial_config
--
Kees Cook
Powered by blists - more mailing lists