[GIT PULL] hardening updates for v6.12-rc1
From: Kees Cook
Date: Mon Sep 16 2024 - 05:39:20 EST
Hi Linus,
Please pull these hardening updates for v6.12-rc1. Most of this is
string_choice additions, with some more straggling flexible array fixes,
selftest build improvements, and a new check for nonstring arguments.
A notable conflict is that str_up_down() got defined in drm too. So it
needs to be removed during the merge, which is rather awkward. It was
solved in linux-next with this:
https://lore.kernel.org/linux-next/20240909195939.067c1c13@xxxxxxxxxxxxxxxx/
Thanks!
-Kees
The following changes since commit de9c2c66ad8e787abec7c9d7eff4f8c3cdd28aed:
Linux 6.11-rc2 (2024-08-04 13:50:53 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.12-rc1
for you to fetch changes up to c121d5cc3a993cdbfab46a152bdd50227a4d5e8c:
lib/string_choices: Add some comments to make more clear for string choices helpers. (2024-09-05 09:50:16 -0700)
----------------------------------------------------------------
hardening updates for v6.12-rc1
- lib/string_choices: Add str_up_down() helper (Michal Wajdeczko)
- lib/string_choices: Add str_true_false()/str_false_true() helper
(Hongbo Li)
- lib/string_choices: Introduce several opposite string choice helpers
(Hongbo Li)
- lib/string_helpers: rework overflow-dependent code (Justin Stitt)
- fortify: refactor test_fortify Makefile to fix some build problems
(Masahiro Yamada)
- string: Check for "nonstring" attribute on strscpy() arguments
- virt: vbox: Replace 1-element arrays with flexible arrays
- media: venus: hfi_cmds: Replace 1-element arrays with flexible arrays
----------------------------------------------------------------
Hongbo Li (3):
lib/string_choices: Add str_true_false()/str_false_true() helper
lib/string_choices: Introduce several opposite string choice helpers
lib/string_choices: Add some comments to make more clear for string choices helpers.
Justin Stitt (1):
lib/string_helpers: rework overflow-dependent code
Kees Cook (6):
string_choices: Add wrapper for str_down_up()
coccinelle: Add rules to find str_down_up() replacements
virt: vbox: struct vmmdev_hgcm_pagelist: Replace 1-element array with flexible array
media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Replace 1-element array with flexible array
media: venus: hfi_cmds: struct hfi_session_release_buffer_pkt: Add __counted_by annotation
string: Check for "nonstring" attribute on strscpy() arguments
Masahiro Yamada (3):
fortify: refactor test_fortify Makefile to fix some build problems
fortify: move test_fortify.sh to lib/test_fortify/
fortify: use if_changed_dep to record header dependency in *.cmd files
Michal Wajdeczko (2):
lib/string_choices: Add str_up_down() helper
coccinelle: Add rules to find str_up_down() replacements
MAINTAINERS | 1 -
drivers/media/platform/qcom/venus/hfi_cmds.h | 2 +-
include/linux/compiler.h | 3 ++
include/linux/compiler_types.h | 7 ++++
include/linux/string.h | 12 ++++---
include/linux/string_choices.h | 29 +++++++++++++++++
include/uapi/linux/vbox_vmmdev_types.h | 5 ++-
lib/.gitignore | 2 --
lib/Makefile | 38 +---------------------
lib/string_helpers.c | 3 ++
lib/test_fortify/.gitignore | 2 ++
lib/test_fortify/Makefile | 28 ++++++++++++++++
{scripts => lib/test_fortify}/test_fortify.sh | 0
scripts/coccinelle/api/string_choices.cocci | 46 +++++++++++++++++++++++++++
scripts/remove-stale-files | 2 ++
15 files changed, 134 insertions(+), 46 deletions(-)
create mode 100644 lib/test_fortify/.gitignore
create mode 100644 lib/test_fortify/Makefile
rename {scripts => lib/test_fortify}/test_fortify.sh (100%)
--
Kees Cook