tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'hardening-v6.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening fixes from Kees Cook:

- yama: document function parameter (Christian Göttsche)

- mm/util: Swap kmemdup_array() arguments (Jean-Philippe Brucker)

- kunit/overflow: Adjust for __counted_by with DEFINE_RAW_FLEX()

- MAINTAINERS: Update entries for Kees Cook

* tag 'hardening-v6.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
MAINTAINERS: Update entries for Kees Cook
kunit/overflow: Adjust for __counted_by with DEFINE_RAW_FLEX()
yama: document function parameter
mm/util: Swap kmemdup_array() arguments

Linus Torvalds 5cf81d7b 6226e749

+38 -23
+14 -14
MAINTAINERS
··· 5295 5295 5296 5296 CLANG CONTROL FLOW INTEGRITY SUPPORT 5297 5297 M: Sami Tolvanen <samitolvanen@google.com> 5298 - M: Kees Cook <keescook@chromium.org> 5298 + M: Kees Cook <kees@kernel.org> 5299 5299 R: Nathan Chancellor <nathan@kernel.org> 5300 5300 L: llvm@lists.linux.dev 5301 5301 S: Supported ··· 8211 8211 8212 8212 EXEC & BINFMT API, ELF 8213 8213 R: Eric Biederman <ebiederm@xmission.com> 8214 - R: Kees Cook <keescook@chromium.org> 8214 + R: Kees Cook <kees@kernel.org> 8215 8215 L: linux-mm@kvack.org 8216 8216 S: Supported 8217 8217 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/execve ··· 8612 8612 F: drivers/net/ethernet/nvidia/* 8613 8613 8614 8614 FORTIFY_SOURCE 8615 - M: Kees Cook <keescook@chromium.org> 8615 + M: Kees Cook <kees@kernel.org> 8616 8616 L: linux-hardening@vger.kernel.org 8617 8617 S: Supported 8618 8618 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening ··· 9102 9102 F: include/linux/platform_data/gsc_hwmon.h 9103 9103 9104 9104 GCC PLUGINS 9105 - M: Kees Cook <keescook@chromium.org> 9105 + M: Kees Cook <kees@kernel.org> 9106 9106 L: linux-hardening@vger.kernel.org 9107 9107 S: Maintained 9108 9108 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening ··· 9236 9236 F: drivers/input/touchscreen/resistive-adc-touch.c 9237 9237 9238 9238 GENERIC STRING LIBRARY 9239 - M: Kees Cook <keescook@chromium.org> 9239 + M: Kees Cook <kees@kernel.org> 9240 9240 R: Andy Shevchenko <andy@kernel.org> 9241 9241 L: linux-hardening@vger.kernel.org 9242 9242 S: Supported ··· 11950 11950 F: usr/ 11951 11951 11952 11952 KERNEL HARDENING (not covered by other areas) 11953 - M: Kees Cook <keescook@chromium.org> 11953 + M: Kees Cook <kees@kernel.org> 11954 11954 R: Gustavo A. R. Silva <gustavoars@kernel.org> 11955 11955 L: linux-hardening@vger.kernel.org 11956 11956 S: Supported ··· 12478 12478 12479 12479 LEAKING_ADDRESSES 12480 12480 M: Tycho Andersen <tycho@tycho.pizza> 12481 - R: Kees Cook <keescook@chromium.org> 12481 + R: Kees Cook <kees@kernel.org> 12482 12482 L: linux-hardening@vger.kernel.org 12483 12483 S: Maintained 12484 12484 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening ··· 12774 12774 F: arch/powerpc/platforms/83xx/ 12775 12775 12776 12776 LINUX KERNEL DUMP TEST MODULE (LKDTM) 12777 - M: Kees Cook <keescook@chromium.org> 12777 + M: Kees Cook <kees@kernel.org> 12778 12778 S: Maintained 12779 12779 F: drivers/misc/lkdtm/* 12780 12780 F: tools/testing/selftests/lkdtm/* ··· 12904 12904 F: drivers/media/usb/dvb-usb-v2/lmedm04* 12905 12905 12906 12906 LOADPIN SECURITY MODULE 12907 - M: Kees Cook <keescook@chromium.org> 12907 + M: Kees Cook <kees@kernel.org> 12908 12908 S: Supported 12909 12909 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening 12910 12910 F: Documentation/admin-guide/LSM/LoadPin.rst ··· 17996 17996 17997 17997 PROC SYSCTL 17998 17998 M: Luis Chamberlain <mcgrof@kernel.org> 17999 - M: Kees Cook <keescook@chromium.org> 17999 + M: Kees Cook <kees@kernel.org> 18000 18000 M: Joel Granados <j.granados@samsung.com> 18001 18001 L: linux-kernel@vger.kernel.org 18002 18002 L: linux-fsdevel@vger.kernel.org ··· 18052 18052 F: drivers/net/pse-pd/ 18053 18053 18054 18054 PSTORE FILESYSTEM 18055 - M: Kees Cook <keescook@chromium.org> 18055 + M: Kees Cook <kees@kernel.org> 18056 18056 R: Tony Luck <tony.luck@intel.com> 18057 18057 R: Guilherme G. Piccoli <gpiccoli@igalia.com> 18058 18058 L: linux-hardening@vger.kernel.org ··· 20058 20058 F: drivers/media/cec/platform/seco/seco-cec.h 20059 20059 20060 20060 SECURE COMPUTING 20061 - M: Kees Cook <keescook@chromium.org> 20061 + M: Kees Cook <kees@kernel.org> 20062 20062 R: Andy Lutomirski <luto@amacapital.net> 20063 20063 R: Will Drewry <wad@chromium.org> 20064 20064 S: Supported ··· 22972 22972 F: include/uapi/linux/ublk_cmd.h 22973 22973 22974 22974 UBSAN 22975 - M: Kees Cook <keescook@chromium.org> 22975 + M: Kees Cook <kees@kernel.org> 22976 22976 R: Marco Elver <elver@google.com> 22977 22977 R: Andrey Konovalov <andreyknvl@gmail.com> 22978 22978 R: Andrey Ryabinin <ryabinin.a.a@gmail.com> ··· 24810 24810 F: include/linux/yam.h 24811 24811 24812 24812 YAMA SECURITY MODULE 24813 - M: Kees Cook <keescook@chromium.org> 24813 + M: Kees Cook <kees@kernel.org> 24814 24814 S: Supported 24815 24815 T: git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening 24816 24816 F: Documentation/admin-guide/LSM/Yama.rst
+2 -2
drivers/soc/tegra/fuse/fuse-tegra.c
··· 127 127 128 128 static int tegra_fuse_add_lookups(struct tegra_fuse *fuse) 129 129 { 130 - fuse->lookups = kmemdup_array(fuse->soc->lookups, sizeof(*fuse->lookups), 131 - fuse->soc->num_lookups, GFP_KERNEL); 130 + fuse->lookups = kmemdup_array(fuse->soc->lookups, fuse->soc->num_lookups, 131 + sizeof(*fuse->lookups), GFP_KERNEL); 132 132 if (!fuse->lookups) 133 133 return -ENOMEM; 134 134
+1 -1
include/linux/string.h
··· 289 289 290 290 extern void *kvmemdup(const void *src, size_t len, gfp_t gfp) __realloc_size(2); 291 291 extern char *kmemdup_nul(const char *s, size_t len, gfp_t gfp); 292 - extern void *kmemdup_array(const void *src, size_t element_size, size_t count, gfp_t gfp) 292 + extern void *kmemdup_array(const void *src, size_t count, size_t element_size, gfp_t gfp) 293 293 __realloc_size(2, 3); 294 294 295 295 /* lib/argv_split.c */
+1 -1
lib/fortify_kunit.c
··· 374 374 for (i = 0; i < ARRAY_SIZE(test_strs); i++) { \ 375 375 len = strlen(test_strs[i]); \ 376 376 KUNIT_EXPECT_EQ(test, __builtin_constant_p(len), 0); \ 377 - checker(len, kmemdup_array(test_strs[i], len, 1, gfp), \ 377 + checker(len, kmemdup_array(test_strs[i], 1, len, gfp), \ 378 378 kfree(p)); \ 379 379 checker(len, kmemdup(test_strs[i], len, gfp), \ 380 380 kfree(p)); \
+17 -3
lib/overflow_kunit.c
··· 1178 1178 s16 array[] __counted_by(counter); 1179 1179 }; 1180 1180 1181 + struct bar { 1182 + int a; 1183 + u32 counter; 1184 + s16 array[]; 1185 + }; 1186 + 1181 1187 static void DEFINE_FLEX_test(struct kunit *test) 1182 1188 { 1183 - DEFINE_RAW_FLEX(struct foo, two, array, 2); 1189 + /* Using _RAW_ on a __counted_by struct will initialize "counter" to zero */ 1190 + DEFINE_RAW_FLEX(struct foo, two_but_zero, array, 2); 1191 + #if __has_attribute(__counted_by__) 1192 + int expected_raw_size = sizeof(struct foo); 1193 + #else 1194 + int expected_raw_size = sizeof(struct foo) + 2 * sizeof(s16); 1195 + #endif 1196 + /* Without annotation, it will always be on-stack size. */ 1197 + DEFINE_RAW_FLEX(struct bar, two, array, 2); 1184 1198 DEFINE_FLEX(struct foo, eight, array, counter, 8); 1185 1199 DEFINE_FLEX(struct foo, empty, array, counter, 0); 1186 1200 1187 - KUNIT_EXPECT_EQ(test, __struct_size(two), 1188 - sizeof(struct foo) + sizeof(s16) + sizeof(s16)); 1201 + KUNIT_EXPECT_EQ(test, __struct_size(two_but_zero), expected_raw_size); 1202 + KUNIT_EXPECT_EQ(test, __struct_size(two), sizeof(struct bar) + 2 * sizeof(s16)); 1189 1203 KUNIT_EXPECT_EQ(test, __struct_size(eight), 24); 1190 1204 KUNIT_EXPECT_EQ(test, __struct_size(empty), sizeof(struct foo)); 1191 1205 }
+2 -2
mm/util.c
··· 139 139 * kmemdup_array - duplicate a given array. 140 140 * 141 141 * @src: array to duplicate. 142 - * @element_size: size of each element of array. 143 142 * @count: number of elements to duplicate from array. 143 + * @element_size: size of each element of array. 144 144 * @gfp: GFP mask to use. 145 145 * 146 146 * Return: duplicated array of @src or %NULL in case of error, 147 147 * result is physically contiguous. Use kfree() to free. 148 148 */ 149 - void *kmemdup_array(const void *src, size_t element_size, size_t count, gfp_t gfp) 149 + void *kmemdup_array(const void *src, size_t count, size_t element_size, gfp_t gfp) 150 150 { 151 151 return kmemdup(src, size_mul(element_size, count), gfp); 152 152 }
+1
security/yama/yama_lsm.c
··· 111 111 112 112 /** 113 113 * yama_relation_cleanup - remove invalid entries from the relation list 114 + * @work: unused 114 115 * 115 116 */ 116 117 static void yama_relation_cleanup(struct work_struct *work)