[GIT PULL] hardening updates for v6.11-rc1

From: Kees Cook
Date: Mon Jul 15 2024 - 12:34:58 EST

Next message: Alex Williamson: "Re: [PATCH] vfio-mdev: add MODULE_DESCRIPTION() macros"
Previous message: Masahiro Yamada: "Re: [PATCH v3 2/2] kbuild: rpm-pkg: introduce a simple changelog section for kernel.spec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Linus,

Please pull these hardening updates for v6.11-rc1.

Thanks!

-Kees

The following changes since commit c3f38fa61af77b49866b006939479069cd451173:

Linux 6.10-rc2 (2024-06-02 15:44:56 -0700)

are available in the Git repository at:

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.11-rc1

for you to fetch changes up to 872bb37f6829d4f7f3ed5afe2786add3d4384b4b:

randomize_kstack: Improve stack alignment codegen (2024-07-13 21:36:36 -0700)

----------------------------------------------------------------
hardening updates for v6.11-rc1

- lkdtm/bugs: add test for hung smp_call_function_single() (Mark Rutland)

- gcc-plugins: Remove duplicate included header file stringpool.h
(Thorsten Blum)

- ARM: Remove address checking for MMUless devices (Yanjun Yang)

- randomize_kstack: Clean up per-arch entropy and codegen

- KCFI: Make FineIBT mode Kconfig selectable

- fortify: Do not special-case 0-sized destinations

----------------------------------------------------------------
Kees Cook (4):
x86/alternatives: Make FineIBT mode Kconfig selectable
fortify: Do not special-case 0-sized destinations
randomize_kstack: Remove non-functional per-arch entropy filtering
randomize_kstack: Improve stack alignment codegen

Mark Rutland (1):
lkdtm/bugs: add test for hung smp_call_function_single()

Thorsten Blum (1):
gcc-plugins: Remove duplicate included header file stringpool.h

Yanjun Yang (1):
ARM: Remove address checking for MMUless devices

arch/arm/mm/fault.c | 4 ++--
arch/arm64/kernel/syscall.c | 16 +++++++---------
arch/s390/include/asm/entry-common.h | 2 +-
arch/x86/Kconfig | 9 +++++++++
arch/x86/include/asm/cfi.h | 2 +-
arch/x86/include/asm/entry-common.h | 15 ++++++---------
arch/x86/kernel/alternative.c | 8 ++++----
drivers/misc/lkdtm/bugs.c | 30 ++++++++++++++++++++++++++++++
include/linux/fortify-string.h | 8 ++------
include/linux/randomize_kstack.h | 18 ++++++++++++------
lib/fortify_kunit.c | 3 +--
scripts/gcc-plugins/gcc-common.h | 5 -----
tools/testing/selftests/lkdtm/tests.txt | 1 +
13 files changed, 76 insertions(+), 45 deletions(-)

--
Kees Cook

Next message: Alex Williamson: "Re: [PATCH] vfio-mdev: add MODULE_DESCRIPTION() macros"
Previous message: Masahiro Yamada: "Re: [PATCH v3 2/2] kbuild: rpm-pkg: introduce a simple changelog section for kernel.spec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]