Merge tag 'hardening-v6.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull hardening fixes from Kees Cook:

- stackleak: add declarations for global functions (Arnd Bergmann)

- gcc-plugins: randstruct: Only warn about true flexible arrays (Kees
Cook)

- gcc-plugins: latent_entropy: Fix description typo (Konstantin Runov)

* tag 'hardening-v6.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: latent_entropy: Fix typo (args -> argc) in plugin description
gcc-plugins: randstruct: Only warn about true flexible arrays
stackleak: add declarations for global functions

Linus Torvalds 2 years ago c42d9eee 86d11b0e

+8 -12

3 changed files

expand all

include

linux

stackleak.h

scripts

gcc-plugins

latent_entropy_plugin.c

randomize_layout_plugin.c

include/linux/stackleak.h

··· 14 14 15 15 #ifdef CONFIG_GCC_PLUGIN_STACKLEAK 16 16 #include <asm/stacktrace.h> 17 + #include <linux/linkage.h> 17 18 18 19 /* 19 20 * The lowest address on tsk's stack which we can plausibly erase. ··· 76 75 t->prev_lowest_stack = t->lowest_stack; 77 76 # endif 78 77 } 78 + 79 + asmlinkage void noinstr stackleak_erase(void); 80 + asmlinkage void noinstr stackleak_erase_on_task_stack(void); 81 + asmlinkage void noinstr stackleak_erase_off_task_stack(void); 82 + void __no_caller_saved_registers noinstr stackleak_track_stack(void); 79 83 80 84 #else /* !CONFIG_GCC_PLUGIN_STACKLEAK */ 81 85 static inline void stackleak_task_init(struct task_struct *t) { }

+2 -2

scripts/gcc-plugins/latent_entropy_plugin.c

··· 17 17 * if (argc <= 1) 18 18 * printf("%s: no command arguments :(\n", *argv); 19 19 * else 20 - * printf("%s: %d command arguments!\n", *argv, args - 1); 20 + * printf("%s: %d command arguments!\n", *argv, argc - 1); 21 21 * } 22 22 * 23 23 * after: ··· 47 47 * // perturb_local_entropy() 48 48 * } else { 49 49 * local_entropy ^= 3896280633962944730; 50 - * printf("%s: %d command arguments!\n", *argv, args - 1); 50 + * printf("%s: %d command arguments!\n", *argv, argc - 1); 51 51 * } 52 52 * 53 53 * // latent_entropy_execute() 4.

-10

scripts/gcc-plugins/randomize_layout_plugin.c

··· 278 278 { 279 279 const_tree fieldtype; 280 280 const_tree typesize; 281 - const_tree elemtype; 282 - const_tree elemsize; 283 281 284 282 fieldtype = TREE_TYPE(field); 285 283 typesize = TYPE_SIZE(fieldtype); ··· 285 287 if (TREE_CODE(fieldtype) != ARRAY_TYPE) 286 288 return false; 287 289 288 - elemtype = TREE_TYPE(fieldtype); 289 - elemsize = TYPE_SIZE(elemtype); 290 - 291 290 /* size of type is represented in bits */ 292 291 293 292 if (typesize == NULL_TREE && TYPE_DOMAIN(fieldtype) != NULL_TREE && 294 293 TYPE_MAX_VALUE(TYPE_DOMAIN(fieldtype)) == NULL_TREE) 295 - return true; 296 - 297 - if (typesize != NULL_TREE && 298 - (TREE_CONSTANT(typesize) && (!tree_to_uhwi(typesize) || 299 - tree_to_uhwi(typesize) == tree_to_uhwi(elemsize)))) 300 294 return true; 301 295 302 296 return false;