[GIT PULL] kernel hardening updates for v6.2-rc1

From: Kees Cook
Date: Tue Dec 13 2022 - 23:05:03 EST

Next message: Yunke Cao: "Re: [PATCH v2 1/2] media: uvcvideo: Fix race condition with usb_kill_urb"
Previous message: hanjinke: "Re: [External] Re: [RFC PATCH] blk-throtl: Introduce sync queue for write ios"
Next in thread: pr-tracker-bot: "Re: [GIT PULL] kernel hardening updates for v6.2-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

Please pull these hardening updates for v6.2-rc1. This tree's various
collected improvements, noted below, have been in -next for a while
now. The only merge note I have is that this tree's ksize() work depends
on behavioral changes in the slab and netdev trees, but those trees have
now been merged into your tree, so there should be no surprises.

Thanks!

-Kees

The following changes since commit 9abf2313adc1ca1b6180c508c25f22f9395cc780:

Linux 6.1-rc1 (2022-10-16 15:36:24 -0700)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.2-rc1

for you to fetch changes up to d272e01fa0a2f15c5c331a37cd99c6875c7b7186:

ksmbd: replace one-element arrays with flexible-array members (2022-12-02 13:14:29 -0800)

----------------------------------------------------------------
hardening updates for v6.2-rc1

- Convert flexible array members, fix -Wstringop-overflow warnings,
and fix KCFI function type mismatches that went ignored by
maintainers (Gustavo A. R. Silva, Nathan Chancellor, Kees Cook).

- Remove the remaining side-effect users of ksize() by converting
dma-buf, btrfs, and coredump to using kmalloc_size_roundup(),
add more __alloc_size attributes, and introduce full testing
of all allocator functions. Finally remove the ksize() side-effect
so that each allocation-aware checker can finally behave without
exceptions.

- Introduce oops_limit (default 10,000) and warn_limit (default off)
to provide greater granularity of control for panic_on_oops and
panic_on_warn (Jann Horn, Kees Cook).

- Introduce overflows_type() and castable_to_type() helpers for
cleaner overflow checking.

- Disable structleak plugin in FORTIFY KUnit test (Anders Roxell).

- Adjust orphan linker section checking to respect CONFIG_WERROR
(Xin Li).

- Make sure siginfo is cleared for forced SIGKILL (haifeng.xu).

- Improve code generation for strscpy() and update str*() kern-doc.

- Convert strscpy and sigphash tests to KUnit, and expand memcpy
tests.

- Always use a non-NULL argument for prepare_kernel_cred().

- Fix um vs FORTIFY warnings for always-NULL arguments.

----------------------------------------------------------------
Anders Roxell (1):
lib: fortify_kunit: build without structleak plugin

Gustavo A. R. Silva (2):
mm/pgtable: Fix multiple -Wstringop-overflow warnings
ksmbd: replace one-element arrays with flexible-array members

Jann Horn (1):
exit: Put an upper limit on how often we can oops

Kees Cook (27):
overflow: Fix kern-doc markup for functions
overflow: Refactor test skips for Clang-specific issues
fortify: Capture __bos() results in const temp vars
string: Rewrite and add more kern-doc for the str*() functions
kunit/memcpy: Add dynamic size and window tests
string: Add __realloc_size hint to kmemdup()
string: Convert strscpy() self-test to KUnit
fortify: Short-circuit known-safe calls to strscpy()
siphash: Convert selftest to KUnit
fortify: Do not cast to "unsigned char"
cred: Do not default to init_cred in prepare_kernel_cred()
dma-buf: Proactively round up to kmalloc bucket size
btrfs: send: Proactively round up to kmalloc bucket size
coredump: Proactively round up to kmalloc bucket size
overflow: Introduce overflows_type() and castable_to_type()
Merge branch 'for-linus/hardening' into for-next/hardening
driver core: Add __alloc_size hint to devm allocators
kunit/fortify: Validate __alloc_size attribute results
mm: Make ksize() a reporting-only function
panic: Separate sysctl logic from CONFIG_SMP
exit: Expose "oops_count" to sysfs
exit: Allow oops_limit to be disabled
panic: Consolidate open-coded panic_on_warn checks
panic: Introduce warn_limit
panic: Expose "warn_count" to sysfs
um: virt-pci: Avoid GCC non-NULL warning
hpet: Replace one-element array with flexible-array member

Nathan Chancellor (3):
vmlinux.lds.h: Fix placement of '.data..decrypted' section
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()

Nick Desaulniers (1):
overflow: disable failing tests for older clang versions

Xin Li (1):
kbuild: upgrade the orphan section warning to an error if CONFIG_WERROR is set

haifeng.xu (1):
signal: Initialize the info in ksignal

Documentation/ABI/testing/sysfs-kernel-oops_count | 6 +
Documentation/ABI/testing/sysfs-kernel-warn_count | 6 +
Documentation/admin-guide/sysctl/kernel.rst | 19 +
Documentation/core-api/kernel-api.rst | 9 +
Documentation/driver-api/basics.rst | 3 -
MAINTAINERS | 6 +-
Makefile | 2 +-
arch/arm/boot/compressed/Makefile | 2 +-
arch/arm64/kernel/vdso/Makefile | 2 +-
arch/arm64/kernel/vdso32/Makefile | 2 +-
arch/um/drivers/virt-pci.c | 9 +-
arch/x86/boot/compressed/Makefile | 2 +-
arch/x86/mm/pgtable.c | 22 +-
drivers/base/firmware_loader/main.c | 2 +-
drivers/dma-buf/dma-resv.c | 9 +-
drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c | 5 +-
drivers/gpu/drm/i915/i915_user_extensions.c | 2 +-
drivers/gpu/drm/i915/i915_utils.h | 4 -
drivers/gpu/drm/sti/sti_dvo.c | 5 +-
drivers/gpu/drm/sti/sti_hda.c | 5 +-
drivers/gpu/drm/sti/sti_hdmi.c | 5 +-
fs/btrfs/send.c | 11 +-
fs/cifs/cifs_spnego.c | 2 +-
fs/cifs/cifsacl.c | 2 +-
fs/coredump.c | 7 +-
fs/ksmbd/smb2pdu.c | 4 +-
fs/ksmbd/smb2pdu.h | 2 +-
fs/ksmbd/smb_common.c | 2 +-
fs/ksmbd/smb_common.h | 12 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 4 +-
fs/nfs/nfs4idmap.c | 2 +-
fs/nfsd/nfs4callback.c | 2 +-
include/asm-generic/vmlinux.lds.h | 2 +-
include/linux/compiler.h | 1 +
include/linux/device.h | 7 +-
include/linux/fortify-string.h | 161 +++++++-
include/linux/hpet.h | 2 +-
include/linux/overflow.h | 85 +++--
include/linux/panic.h | 1 +
include/linux/string.h | 2 +-
init/Kconfig | 15 +-
kernel/cred.c | 15 +-
kernel/exit.c | 60 +++
kernel/kcsan/report.c | 3 +-
kernel/panic.c | 45 ++-
kernel/sched/core.c | 3 +-
kernel/signal.c | 1 +
lib/Kconfig.debug | 28 +-
lib/Makefile | 7 +-
lib/fortify_kunit.c | 255 +++++++++++++
lib/memcpy_kunit.c | 205 +++++++++++
lib/overflow_kunit.c | 428 +++++++++++++++++++++-
lib/{test_siphash.c => siphash_kunit.c} | 165 ++++-----
lib/string.c | 82 -----
lib/strscpy_kunit.c | 142 +++++++
lib/test_strscpy.c | 150 --------
lib/ubsan.c | 3 +-
mm/kasan/kasan_test.c | 19 +-
mm/kasan/report.c | 4 +-
mm/kfence/report.c | 3 +-
mm/slab_common.c | 26 +-
net/dns_resolver/dns_key.c | 2 +-
scripts/kernel-doc | 6 +-
63 files changed, 1601 insertions(+), 504 deletions(-)
create mode 100644 Documentation/ABI/testing/sysfs-kernel-oops_count
create mode 100644 Documentation/ABI/testing/sysfs-kernel-warn_count
rename lib/{test_siphash.c => siphash_kunit.c} (60%)
create mode 100644 lib/strscpy_kunit.c
delete mode 100644 lib/test_strscpy.c

--
Kees Cook

Next message: Yunke Cao: "Re: [PATCH v2 1/2] media: uvcvideo: Fix race condition with usb_kill_urb"
Previous message: hanjinke: "Re: [External] Re: [RFC PATCH] blk-throtl: Introduce sync queue for write ios"
Next in thread: pr-tracker-bot: "Re: [GIT PULL] kernel hardening updates for v6.2-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]