linux/arch/sh/kernel
Linus Torvalds d0989d01c6 hardening updates for v6.1-rc1
Various fixes across several hardening areas:
 
 - loadpin: Fix verity target enforcement (Matthias Kaehlcke).
 
 - zero-call-used-regs: Add missing clobbers in paravirt (Bill Wendling).
 
 - CFI: clean up sparc function pointer type mismatches (Bart Van Assche).
 
 - Clang: Adjust compiler flag detection for various Clang changes (Sami
   Tolvanen, Kees Cook).
 
 - fortify: Fix warnings in arch-specific code in sh, ARM, and xen.
 
 Improvements to existing features:
 
 - testing: improve overflow KUnit test, introduce fortify KUnit test,
   add more coverage to LKDTM tests (Bart Van Assche, Kees Cook).
 
 - overflow: Relax overflow type checking for wider utility.
 
 New features:
 
 - string: Introduce strtomem() and strtomem_pad() to fill a gap in
   strncpy() replacement needs.
 
 - um: Enable FORTIFY_SOURCE support.
 
 - fortify: Enable run-time struct member memcpy() overflow warning.
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmM4chcWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJvq1D/9uKU03RozAOnzhi4gcgRnHZSAK
 oOQOkPwnkUgFU0yOnMkNYOZ7njLnM+CjCN3RJ9SSpD2lrQ23PwLeThAuOzy0brPO
 0iAksIztSF3e5tAyFjtFkjswrY8MSv/TkF0WttTOSOj3lCUcwatF0FBkclCOXtwu
 ILXfG7K8E17r/wsUejN+oMAI42ih/YeVQAZpKRymEEJsK+Lly7OT4uu3fdFWVb1P
 M77eRLI2Vg1eSgMVwv6XdwGakpUdwsboK7do0GGX+JOrhayJoCfY2IpwyPz9ciel
 jsp9OQs8NrlPJMa2sQ7LDl+b5EQl/MtggX3JlQEbLs2LV7gDtYgAWNo6vxCT5Lvd
 zB7TZqIR3lrVjbtw4FAKQ+41bS4VOajk2NB3Mkiy5AfivB+6zKF+P56a+xSoNhOl
 iktpjCEP7bp4oxmTMXpOfmywjh/ZsyoMhQ2ABP7S+JZ5rHUndpPAjjuBetIcHxX2
 28Wlr4aFIF9ff9caasg4sMYXcQMGnuLUlUKngceUbd1umZZRNZ1gaIxYpm9poefm
 qd/lvTIvzn9V8IB8wHVmvafbvDbV88A+2bKJdSUDA352Dt9PvqT7yI0dmbMNliGL
 os+iLPW6Y6x38BxhXax0HR9FEhO3Eq7kLdNdc4J29NvISg8HHaifwNrG41lNwaWL
 cuc6IAjLxiRk3NsUpg==
 =HZ6+
 -----END PGP SIGNATURE-----

Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull kernel hardening updates from Kees Cook:
 "Most of the collected changes here are fixes across the tree for
  various hardening features (details noted below).

  The most notable new feature here is the addition of the memcpy()
  overflow warning (under CONFIG_FORTIFY_SOURCE), which is the next step
  on the path to killing the common class of "trivially detectable"
  buffer overflow conditions (i.e. on arrays with sizes known at compile
  time) that have resulted in many exploitable vulnerabilities over the
  years (e.g. BleedingTooth).

  This feature is expected to still have some undiscovered false
  positives. It's been in -next for a full development cycle and all the
  reported false positives have been fixed in their respective trees.
  All the known-bad code patterns we could find with Coccinelle are also
  either fixed in their respective trees or in flight.

  The commit message in commit 54d9469bc5 ("fortify: Add run-time WARN
  for cross-field memcpy()") for the feature has extensive details, but
  I'll repeat here that this is a warning _only_, and is not intended to
  actually block overflows (yet). The many patches fixing array sizes
  and struct members have been landing for several years now, and we're
  finally able to turn this on to find any remaining stragglers.

  Summary:

  Various fixes across several hardening areas:

   - loadpin: Fix verity target enforcement (Matthias Kaehlcke).

   - zero-call-used-regs: Add missing clobbers in paravirt (Bill
     Wendling).

   - CFI: clean up sparc function pointer type mismatches (Bart Van
     Assche).

   - Clang: Adjust compiler flag detection for various Clang changes
     (Sami Tolvanen, Kees Cook).

   - fortify: Fix warnings in arch-specific code in sh, ARM, and xen.

  Improvements to existing features:

   - testing: improve overflow KUnit test, introduce fortify KUnit test,
     add more coverage to LKDTM tests (Bart Van Assche, Kees Cook).

   - overflow: Relax overflow type checking for wider utility.

  New features:

   - string: Introduce strtomem() and strtomem_pad() to fill a gap in
     strncpy() replacement needs.

   - um: Enable FORTIFY_SOURCE support.

   - fortify: Enable run-time struct member memcpy() overflow warning"

* tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (27 commits)
  Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
  hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
  sparc: Unbreak the build
  x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled
  x86/paravirt: clean up typos and grammaros
  fortify: Convert to struct vs member helpers
  fortify: Explicitly check bounds are compile-time constants
  x86/entry: Work around Clang __bdos() bug
  ARM: decompressor: Include .data.rel.ro.local
  fortify: Adjust KUnit test for modular build
  sh: machvec: Use char[] for section boundaries
  kunit/memcpy: Avoid pathological compile-time string size
  lib: Improve the is_signed_type() kunit test
  LoadPin: Require file with verity root digests to have a header
  dm: verity-loadpin: Only trust verity targets with enforcement
  LoadPin: Fix Kconfig doc about format of file with verity digests
  um: Enable FORTIFY_SOURCE
  lkdtm: Update tests for memcpy() run-time warnings
  fortify: Add run-time WARN for cross-field memcpy()
  fortify: Use SIZE_MAX instead of (size_t)-1
  ...
2022-10-03 17:24:22 -07:00
..
cpu sh: sq: use default_groups in kobj_type 2022-01-05 19:11:52 +01:00
syscalls arch: syscalls: simplify uapi/kapi directory creation 2022-03-31 12:03:46 +09:00
vsyscall mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
asm-offsets.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
crash_dump.c vmcore: convert copy_oldmem_page() to take an iov_iter 2022-04-29 14:37:59 -07:00
debugtraps.S sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
disassemble.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
dma-coherent.c dma-mapping: merge <linux/dma-noncoherent.h> into <linux/dma-map-ops.h> 2020-10-06 07:07:06 +02:00
dumpstack.c sh: stacktrace: Remove stacktrace_ops.stack() 2020-08-14 22:05:11 -04:00
dwarf.c It appears that the zero-day bot did find a bug in my sh build. 2019-01-05 14:08:00 -08:00
entry-common.S sh: fix syscall tracing 2020-09-13 21:22:55 -04:00
ftrace.c ftrace: Cleanup ftrace_dyn_arch_init() 2021-10-08 19:41:39 -04:00
head_32.S sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
hw_breakpoint.c sh: kernel: hw_breakpoint: Fix missing break in switch statement 2019-08-11 16:15:16 -05:00
idle.c sched/idle: Fix arch_cpu_idle() vs tracing 2020-11-24 16:47:35 +01:00
io_trapped.c sh: remove CONFIG_SET_FS support 2022-02-25 09:36:06 +01:00
io.c sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
iomap.c iomap: constify ioreadX() iomem argument (as in generic implementation) 2020-08-14 19:56:57 -07:00
ioport.c sh: don't include <asm/io_trapped.h> in <asm/io.h> 2020-08-14 22:05:16 -04:00
irq_32.c sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
irq.c asm-generic: Conditionally enable do_softirq_own_stack() via Kconfig. 2022-09-05 17:20:55 +02:00
kdebugfs.c sh: no need to check return value of debugfs_create functions 2019-06-03 15:39:40 +02:00
kgdb.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
kprobes.c kprobes: treewide: Make it harder to refer kretprobe_trampoline directly 2021-09-30 21:24:06 -04:00
machine_kexec.c mm: remove unneeded includes of <asm/pgalloc.h> 2020-08-07 11:33:26 -07:00
machvec.c sh: machvec: Use char[] for section boundaries 2022-09-13 10:33:17 -07:00
Makefile sh: remove -Werror from Makefiles 2020-08-14 22:05:13 -04:00
module.c sh: remove sh5 support 2020-06-01 14:48:52 -04:00
nmi_debug.c sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
perf_callchain.c sh: stacktrace: Remove stacktrace_ops.stack() 2020-08-14 22:05:11 -04:00
perf_event.c sh: Get rid of oprofile leftovers 2021-04-22 13:32:39 +01:00
process_32.c fork: Generalize PF_IO_WORKER handling 2022-05-07 09:01:59 -05:00
process.c sh: remove sh5 support 2020-06-01 14:48:52 -04:00
ptrace_32.c ptrace: Create ptrace_report_syscall_{entry,exit} in ptrace.h 2022-03-10 13:35:08 -06:00
ptrace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
reboot.c sh: Use do_kernel_power_off() 2022-05-19 19:30:31 +02:00
relocate_kernel.S sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
return_address.c sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
setup.c sh: convert to setup_initial_init_mm() 2021-07-08 11:48:21 -07:00
sh_bios.c sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
sh_ksyms_32.c sh: Add missing DECLARE_EXPORT() for __ashiftrt_r4_xx 2020-06-01 14:48:49 -04:00
signal_32.c resume_user_mode: Move to resume_user_mode.h 2022-03-10 16:51:50 -06:00
smp.c sched/core: Initialize the idle task with preemption disabled 2021-05-12 13:01:45 +02:00
stacktrace.c sh: stacktrace: Remove stacktrace_ops.stack() 2020-08-14 22:05:11 -04:00
swsusp.c sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
sys_sh32.c mm: add ksys_fadvise64_64() helper; remove in-kernel call to sys_fadvise64_64() 2018-04-02 20:16:10 +02:00
sys_sh.c mmap locking API: use coccinelle to convert mmap_sem rwsem call sites 2020-06-09 09:39:14 -07:00
syscalls_32.S sh: remove nargs from __SYSCALL 2019-03-05 21:07:13 -08:00
time.c sh: add the sh_ prefix to early platform symbols 2019-10-07 13:50:48 +02:00
topology.c drivers/base/node: consolidate node device subsystem initialization in node_dev_init() 2022-03-22 15:57:10 -07:00
traps_32.c sh: remove CONFIG_SET_FS support 2022-02-25 09:36:06 +01:00
traps.c exit: Add and use make_task_dead. 2021-12-13 12:04:45 -06:00
unwinder.c sh: kernel: convert to SPDX identifiers 2018-12-28 12:11:45 -08:00
vmlinux.lds.S vmlinux.lds.h: Split ELF_DETAILS from STABS_DEBUG 2020-09-01 09:50:35 +02:00