[GIT PULL] hardening updates for v6.15-rc1

[Kees Cook]

Hi Linus,

Please pull these hardening updates for v6.15-rc1. As usual, it's
scattered changes all over. Patches touching things outside of our
traditional areas in the tree have been Acked by maintainers or were
trivial changes.

Thanks!

-Kees

The following changes since commit a64dcfb451e254085a7daee5fe51bf22959d52d3:

  Linux 6.14-rc2 (2025-02-09 12:45:03 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.15-rc1

for you to fetch changes up to b688f369ae0d5d25865f5441fa62e54c7d5d0de6:

  compiler_types: Introduce __nonstring_array (2025-03-12 13:21:09 -0700)

----------------------------------------------------------------
hardening updates for v6.15-rc1

- loadpin: remove unsupported MODULE_COMPRESS_NONE (Arulpandiyan Vadivel)

- samples/check-exec: Fix script name (Mickaël Salaün)

- yama: remove needless locking in yama_task_prctl() (Oleg Nesterov)

- lib/string_choices: Sort by function name (R Sundar)

- hardening: Allow default HARDENED_USERCOPY to be set at compile time
  (Mel Gorman)

- uaccess: Split out compile-time checks into ucopysize.h

- kbuild: clang: Support building UM with SUBARCH=i386

- x86: Enable i386 FORTIFY_SOURCE on Clang 16+

- ubsan/overflow: Rework integer overflow sanitizer option

- Add missing __nonstring annotations for callers of memtostr*()/strtomem*()

- Add __must_be_noncstr() and have memtostr*()/strtomem*() check for it

- Introduce __nonstring_array for silencing future GCC 15 warnings

----------------------------------------------------------------
Arulpandiyan Vadivel (1):
      loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported

Kees Cook (18):
      uaccess: Introduce ucopysize.h
      scsi: mptfusion: Mark device strings as nonstring
      scsi: mpi3mr: Mark device strings as nonstring
      scsi: mpt3sas: Mark device strings as nonstring
      scsi: qla2xxx: Mark device strings as nonstring
      string: kunit: Mark nonstring test strings as __nonstring
      x86/tdx: Mark message.bytes as nonstring
      uapi: stddef.h: Introduce __kernel_nonstring
      nilfs2: Mark on-disk strings as nonstring
      compiler.h: Introduce __must_be_noncstr()
      string.h: Validate memtostr*()/strtomem*() arguments more carefully
      kbuild: clang: Support building UM with SUBARCH=i386
      ubsan/overflow: Rework integer overflow sanitizer option to turn on everything
      ubsan/overflow: Enable pattern exclusions
      ubsan/overflow: Enable ignorelist parsing and add type filter
      x86/build: Remove -ffreestanding on i386 with GCC
      hardening: Enable i386 FORTIFY_SOURCE on Clang 16+
      compiler_types: Introduce __nonstring_array

Mel Gorman (4):
      mm: security: Move hardened usercopy under 'Kernel hardening options'
      mm: security: Allow default HARDENED_USERCOPY to be set at compile time
      mm: security: Check early if HARDENED_USERCOPY is enabled
      fortify: Move FORTIFY_SOURCE under 'Kernel hardening options'

Mickaël Salaün (1):
      samples/check-exec: Fix script name

Oleg Nesterov (1):
      yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl()

R Sundar (1):
      lib/string_choices: Rearrange functions in sorted order

 Documentation/admin-guide/kernel-parameters.txt    |  4 +-
 MAINTAINERS                                        |  1 +
 arch/x86/Makefile                                  |  4 +-
 arch/x86/coco/tdx/tdx.c                            |  4 +-
 drivers/message/fusion/mptsas.c                    |  8 +--
 drivers/scsi/mpi3mr/mpi3mr_transport.c             |  8 +--
 drivers/scsi/mpt3sas/mpi/mpi2_cnfg.h               |  2 +-
 drivers/scsi/mpt3sas/mpt3sas_transport.c           |  8 +--
 drivers/scsi/qla2xxx/qla_mr.h                      |  4 +-
 include/linux/compiler.h                           | 18 ++++++-
 include/linux/compiler_types.h                     | 23 ++++++--
 include/linux/string.h                             | 16 ++++--
 include/linux/string_choices.h                     | 24 ++++-----
 include/linux/thread_info.h                        | 48 -----------------
 include/linux/uaccess.h                            |  2 +-
 include/linux/ucopysize.h                          | 63 ++++++++++++++++++++++
 include/linux/uio.h                                |  2 +-
 include/uapi/linux/nilfs2_ondisk.h                 |  3 +-
 include/uapi/linux/stddef.h                        |  6 +++
 init/Kconfig                                       |  3 ++
 kernel/configs/hardening.config                    |  2 +-
 lib/Kconfig.ubsan                                  | 25 ++++-----
 lib/string_kunit.c                                 |  4 +-
 lib/test_ubsan.c                                   | 18 +++++--
 lib/ubsan.c                                        | 28 +++++++++-
 lib/ubsan.h                                        |  8 +++
 mm/usercopy.c                                      | 18 ++++---
 .../{run-script-ask.inc => run-script-ask.sh}      |  0
 scripts/Makefile.clang                             |  2 +
 scripts/Makefile.lib                               |  4 +-
 scripts/Makefile.ubsan                             | 10 +++-
 scripts/integer-wrap-ignore.scl                    |  3 ++
 security/Kconfig                                   | 21 --------
 security/Kconfig.hardening                         | 33 ++++++++++++
 security/loadpin/Kconfig                           |  2 +-
 security/yama/yama_lsm.c                           |  9 +---
 36 files changed, 285 insertions(+), 153 deletions(-)
 create mode 100644 include/linux/ucopysize.h
 rename samples/check-exec/{run-script-ask.inc => run-script-ask.sh} (100%)
 create mode 100644 scripts/integer-wrap-ignore.scl

-- 
Kees Cook