tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / security / landlock / errata.h
at master 99 lines 2.7 kB view raw
1/* SPDX-License-Identifier: GPL-2.0-only */ 2/* 3 * Landlock - Errata information 4 * 5 * Copyright © 2025 Microsoft Corporation 6 */ 7 8#ifndef _SECURITY_LANDLOCK_ERRATA_H 9#define _SECURITY_LANDLOCK_ERRATA_H 10 11#include <linux/init.h> 12 13struct landlock_erratum { 14 const int abi; 15 const u8 number; 16}; 17 18/* clang-format off */ 19#define LANDLOCK_ERRATUM(NUMBER) \ 20 { \ 21 .abi = LANDLOCK_ERRATA_ABI, \ 22 .number = NUMBER, \ 23 }, 24/* clang-format on */ 25 26/* 27 * Some fixes may require user space to check if they are applied on the running 28 * kernel before using a specific feature. For instance, this applies when a 29 * restriction was previously too restrictive and is now getting relaxed (for 30 * compatibility or semantic reasons). However, non-visible changes for 31 * legitimate use (e.g. security fixes) do not require an erratum. 32 */ 33static const struct landlock_erratum landlock_errata_init[] __initconst = { 34 35/* 36 * Only Sparse may not implement __has_include. If a compiler does not 37 * implement __has_include, a warning will be printed at boot time (see 38 * setup.c). 39 */ 40#ifdef __has_include 41 42#define LANDLOCK_ERRATA_ABI 1 43#if __has_include("errata/abi-1.h") 44#include "errata/abi-1.h" 45#endif 46#undef LANDLOCK_ERRATA_ABI 47 48#define LANDLOCK_ERRATA_ABI 2 49#if __has_include("errata/abi-2.h") 50#include "errata/abi-2.h" 51#endif 52#undef LANDLOCK_ERRATA_ABI 53 54#define LANDLOCK_ERRATA_ABI 3 55#if __has_include("errata/abi-3.h") 56#include "errata/abi-3.h" 57#endif 58#undef LANDLOCK_ERRATA_ABI 59 60#define LANDLOCK_ERRATA_ABI 4 61#if __has_include("errata/abi-4.h") 62#include "errata/abi-4.h" 63#endif 64#undef LANDLOCK_ERRATA_ABI 65 66#define LANDLOCK_ERRATA_ABI 5 67#if __has_include("errata/abi-5.h") 68#include "errata/abi-5.h" 69#endif 70#undef LANDLOCK_ERRATA_ABI 71 72#define LANDLOCK_ERRATA_ABI 6 73#if __has_include("errata/abi-6.h") 74#include "errata/abi-6.h" 75#endif 76#undef LANDLOCK_ERRATA_ABI 77 78/* 79 * For each new erratum, we need to include all the ABI files up to the impacted 80 * ABI to make all potential future intermediate errata easy to backport. 81 * 82 * If such change involves more than one ABI addition, then it must be in a 83 * dedicated commit with the same Fixes tag as used for the actual fix. 84 * 85 * Each commit creating a new security/landlock/errata/abi-*.h file must have a 86 * Depends-on tag to reference the commit that previously added the line to 87 * include this new file, except if the original Fixes tag is enough. 88 * 89 * Each erratum must be documented in its related ABI file, and a dedicated 90 * commit must update Documentation/userspace-api/landlock.rst to include this 91 * erratum. This commit will not be backported. 92 */ 93 94#endif 95 96 {} 97}; 98 99#endif /* _SECURITY_LANDLOCK_ERRATA_H */