lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <202401081012.7571CBB@keescook>
Date: Mon, 8 Jan 2024 10:20:13 -0800
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Alexander Potapenko <glider@...gle.com>,
	Anders Larsen <al@...rsen.net>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
	Anna Schumaker <anna@...nel.org>, Arnd Bergmann <arnd@...db.de>,
	Azeem Shaikh <azeemshaikh38@...il.com>,
	Christophe JAILLET <christophe.jaillet@...adoo.fr>,
	Chuck Lever <chuck.lever@...cle.com>, Dai Ngo <Dai.Ngo@...cle.com>,
	"David S. Miller" <davem@...emloft.net>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	Eric Dumazet <edumazet@...gle.com>,
	Geliang Tang <geliang.tang@...e.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Gurucharan G <gurucharanx.g@...el.com>,
	"Gustavo A. R. Silva" <gustavoars@...nel.org>,
	Jakub Kicinski <kuba@...nel.org>, Jeff Layton <jlayton@...nel.org>,
	Jesse Brandeburg <jesse.brandeburg@...el.com>,
	Justin Stitt <justinstitt@...gle.com>, kasan-dev@...glegroups.com,
	Kees Cook <keescook@...omium.org>, linux-hardening@...r.kernel.org,
	linux-nfs@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
	Luis Chamberlain <mcgrof@...nel.org>,
	Marco Elver <elver@...gle.com>,
	"Masami Hiramatsu (Google)" <mhiramat@...nel.org>,
	Neil Brown <neilb@...e.de>, netdev@...r.kernel.org,
	Olga Kornievskaia <kolga@...app.com>,
	Paolo Abeni <pabeni@...hat.com>,
	Ronald Monthero <debug.penguin32@...il.com>,
	Shiraz Saleem <shiraz.saleem@...el.com>,
	Stephen Boyd <swboyd@...omium.org>,
	"Steven Rostedt (Google)" <rostedt@...dmis.org>,
	Thomas Gleixner <tglx@...utronix.de>, Tom Talpey <tom@...pey.com>,
	Tony Nguyen <anthony.l.nguyen@...el.com>,
	Trond Myklebust <trond.myklebust@...merspace.com>,
	Valentin Schneider <vschneid@...hat.com>,
	Xu Panda <xu.panda@....com.cn>
Subject: [GIT PULL] hardening updates for v6.8-rc1

Hi Linus,

Please pull these hardening updates for v6.8-rc1. There will be a second
pull request coming at the end of the rc1 window, as we can now finally
remove the "strlcpy" API entirely from the kernel. However, that depends
on other trees landing first. As always, my tree has been in -next the
whole time, and anything touching other subsystems was either explicitly
Acked by those maintainers or they were sufficiently trivial and went
ignored so I picked them up.

Thanks!

-Kees

The following changes since commit 98b1cc82c4affc16f5598d4fa14b1858671b2263:

  Linux 6.7-rc2 (2023-11-19 15:02:14 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.8-rc1

for you to fetch changes up to a75b3809dce2ad006ebf7fa641f49881fa0d79d7:

  qnx4: Use get_directory_fname() in qnx4_match() (2023-12-13 11:19:18 -0800)

----------------------------------------------------------------
hardening updates for v6.8-rc1

- Introduce the param_unknown_fn type and other clean ups (Andy Shevchenko)

- Various __counted_by annotations (Christophe JAILLET, Gustavo A. R. Silva,
  Kees Cook)

- Add KFENCE test to LKDTM (Stephen Boyd)

- Various strncpy() refactorings (Justin Stitt)

- Fix qnx4 to avoid writing into the smaller of two overlapping buffers

- Various strlcpy() refactorings

----------------------------------------------------------------
Andy Shevchenko (5):
      params: Introduce the param_unknown_fn type
      params: Do not go over the limit when getting the string length
      params: Use size_add() for kmalloc()
      params: Sort headers
      params: Fix multi-line comment style

Christophe JAILLET (1):
      VMCI: Annotate struct vmci_handle_arr with __counted_by

Gustavo A. R. Silva (2):
      afs: Add __counted_by for struct afs_acl and use struct_size()
      atags_proc: Add __counted_by for struct buffer and use struct_size()

Justin Stitt (5):
      HID: uhid: replace deprecated strncpy with strscpy
      drm/modes: replace deprecated strncpy with strscpy_pad
      nvme-fabrics: replace deprecated strncpy with strscpy
      nvdimm/btt: replace deprecated strncpy with strscpy
      nvme-fc: replace deprecated strncpy with strscpy

Kees Cook (6):
      SUNRPC: Replace strlcpy() with strscpy()
      samples: Replace strlcpy() with strscpy()
      i40e: Annotate struct i40e_qvlist_info with __counted_by
      tracing/uprobe: Replace strlcpy() with strscpy()
      qnx4: Extract dir entry filename processing into helper
      qnx4: Use get_directory_fname() in qnx4_match()

Stephen Boyd (1):
      lkdtm: Add kfence read after free crash type

 arch/arm/kernel/atags_proc.c               |  4 +-
 drivers/gpu/drm/drm_modes.c                |  6 +--
 drivers/hid/uhid.c                         | 15 ++++----
 drivers/misc/lkdtm/heap.c                  | 60 ++++++++++++++++++++++++++++++
 drivers/misc/vmw_vmci/vmci_handle_array.h  |  2 +-
 drivers/nvdimm/btt.c                       |  2 +-
 drivers/nvme/host/fabrics.c                |  4 +-
 drivers/nvme/host/fc.c                     |  8 ++--
 fs/afs/internal.h                          |  2 +-
 fs/afs/xattr.c                             |  2 +-
 fs/qnx4/dir.c                              | 52 ++++----------------------
 fs/qnx4/namei.c                            | 29 ++++++---------
 fs/qnx4/qnx4.h                             | 60 ++++++++++++++++++++++++++++++
 include/linux/kfence.h                     |  2 +
 include/linux/moduleparam.h                |  6 +--
 include/linux/net/intel/i40e_client.h      |  2 +-
 kernel/params.c                            | 52 ++++++++++++++------------
 kernel/trace/trace_uprobe.c                |  2 +-
 net/sunrpc/clnt.c                          | 10 ++++-
 samples/trace_events/trace-events-sample.h |  2 +-
 samples/v4l/v4l2-pci-skeleton.c            | 10 ++---
 21 files changed, 208 insertions(+), 124 deletions(-)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ