lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202602091037.93F180E@keescook>
Date: Mon, 9 Feb 2026 10:39:21 -0800
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Bill Wendling <morbo@...gle.com>,
	Christian Lamparter <chunkeey@...il.com>,
	Danilo Krummrich <dakr@...nel.org>,
	David Laight <david.laight.linux@...il.com>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	Jan Kara <jack@...e.cz>, Justin Stitt <justinstitt@...gle.com>,
	Kees Cook <kees@...nel.org>, Nathan Chancellor <nathan@...nel.org>,
	Nicolas Schier <nsc@...nel.org>, Simon Horman <horms@...nel.org>,
	Stefan Wiehler <stefan.wiehler@...ia.com>,
	Thorsten Blum <thorsten.blum@...ux.dev>,
	Tyler Hicks <code@...icks.com>, WangYuli <wangyuli@...c.io>
Subject: [GIT PULL] hardening updates for v7.0-rc1

Hi Linus,

Please pull these hardening updates for v7.0-rc1. Mostly small cleanups
and various scattered annotations and flex array warning fixes that we
reviewed by unlanded in other trees. Introduces new annotation for expanding
counted_by to pointer members, now that compiler behavior between GCC
and Clang has been normalized.

Thanks!

-Kees

The following changes since commit 9448598b22c50c8a5bb77a9103e2d49f134c9578:

  Linux 6.19-rc2 (2025-12-21 15:52:04 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v7.0-rc1

for you to fetch changes up to 44dd7cfbd1db5199cf7afe03158a578a64b55800:

  MAINTAINERS: pstore: Remove L: entry (2026-01-17 11:00:37 -0800)

----------------------------------------------------------------
hardening updates for v7.0-rc1

- Various missed __counted_by annotations (Thorsten Blum)

- Various missed -Wflex-array-member-not-at-end fixes (Gustavo A. R. Silva)

- Avoid leftover tempfiles for interrupted compile-time FORTIFY tests
  (Nicolas Schier)

- Remove non-existant CONFIG_UBSAN_REPORT_FULL from docs (Stefan Wiehler)

- fortify: Use C arithmetic not FIELD_xxx() in FORTIFY_REASON defines
  (David Laight)

- Add __counted_by_ptr attribute, tests, and first user (Bill Wendling,
  Kees Cook)

- Update MAINTAINERS file to make hardening section not include pstore

----------------------------------------------------------------
Bill Wendling (1):
      compiler_types.h: Attributes: Add __counted_by_ptr macro

David Laight (1):
      fortify: Use C arithmetic not FIELD_xxx() in FORTIFY_REASON defines

Gustavo A. R. Silva (3):
      drm/nouveau: fifo: Avoid -Wflex-array-member-not-at-end warning
      carl9170: Avoid -Wflex-array-member-not-at-end warning
      nfp: tls: Avoid -Wflex-array-member-not-at-end warnings

Kees Cook (3):
      lkdtm/bugs: Add __counted_by_ptr() test PTR_BOUNDS
      coredump: Use __counted_by_ptr for struct core_name::corename
      MAINTAINERS: pstore: Remove L: entry

Nicolas Schier (2):
      fortify: Rename temporary file to match ignore pattern
      fortify: Cleanup temp file also on non-successful exit

Stefan Wiehler (1):
      Kconfig.ubsan: Remove CONFIG_UBSAN_REPORT_FULL from documentation

Thorsten Blum (3):
      crypto: af_alg - Annotate struct af_alg_iv with __counted_by
      fs/xattr: Annotate struct simple_xattr with __counted_by
      ecryptfs: Annotate struct ecryptfs_message with __counted_by

 init/Kconfig                                    |  7 ++
 lib/Kconfig.ubsan                               |  2 +-
 Makefile                                        |  6 ++
 drivers/net/ethernet/netronome/nfp/crypto/fw.h  | 24 ++++---
 drivers/net/wireless/ath/carl9170/carl9170.h    | 12 ++--
 fs/ecryptfs/ecryptfs_kernel.h                   |  2 +-
 include/linux/compiler_types.h                  | 18 ++++-
 include/linux/fortify-string.h                  |  8 +--
 include/linux/xattr.h                           |  2 +-
 include/uapi/linux/if_alg.h                     |  2 +-
 include/uapi/linux/stddef.h                     |  4 ++
 drivers/gpu/drm/nouveau/nvif/fifo.c             |  5 +-
 drivers/misc/lkdtm/bugs.c                       | 90 ++++++++++++++++++++++---
 drivers/net/ethernet/netronome/nfp/crypto/tls.c |  8 ++-
 fs/coredump.c                                   |  8 +--
 MAINTAINERS                                     |  1 -
 lib/test_fortify/test_fortify.sh                |  4 +-
 tools/testing/selftests/lkdtm/tests.txt         |  2 +
 18 files changed, 161 insertions(+), 44 deletions(-)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ