system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-06 19:34:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/scripts
History
Linus Torvalds 216532e147 hardening updates for v6.9-rc1 
- string.h and related header cleanups (Tanzir Hasan, Andy Shevchenko)
 
 - VMCI memcpy() usage and struct_size() cleanups (Vasiliy Kovalev, Harshit
   Mogalapalli)
 
 - selftests/powerpc: Fix load_unaligned_zeropad build failure (Michael
   Ellerman)
 
 - hardened Kconfig fragment updates (Marco Elver, Lukas Bulwahn)
 
 - Handle tail call optimization better in LKDTM (Douglas Anderson)
 
 - Use long form types in overflow.h (Andy Shevchenko)
 
 - Add flags param to string_get_size() (Andy Shevchenko)
 
 - Add Coccinelle script for potential struct_size() use (Jacob Keller)
 
 - Fix objtool corner case under KCFI (Josh Poimboeuf)
 
 - Drop 13 year old backward compat CAP_SYS_ADMIN check (Jingzi Meng)
 
 - Add str_plural() helper (Michal Wajdeczko, Kees Cook)
 
 - Ignore relocations in .notes section
 
 - Add comments to explain how __is_constexpr() works
 
 - Fix m68k stack alignment expectations in stackinit Kunit test
 
 - Convert string selftests to KUnit
 
 - Add KUnit tests for fortified string functions
 
 - Improve reporting during fortified string warnings
 
 - Allow non-type arg to type_max() and type_min()
 
 - Allow strscpy() to be called with only 2 arguments
 
 - Add binary mode to leaking_addresses scanner
 
 - Various small cleanups to leaking_addresses scanner
 
 - Adding wrapping_*() arithmetic helper
 
 - Annotate initial signed integer wrap-around in refcount_t
 
 - Add explicit UBSAN section to MAINTAINERS
 
 - Fix UBSAN self-test warnings
 
 - Simplify UBSAN build via removal of CONFIG_UBSAN_SANITIZE_ALL
 
 - Reintroduce UBSAN's signed overflow sanitizer
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmXvm5kWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJiQqD/4mM6SWZpYHKlR1nEiqIyz7Hqr9
 g4oguuw6HIVNJXLyeBI5Hd43CTeHPA0e++EETqhUAt7HhErxfYJY+JB221nRYmu+
 zhhQ7N/xbTMV/Je7AR03kQjhiMm8LyEcM2X4BNrsAcoCieQzmO3g0zSp8ISzLUE0
 PEEmf1lOzMe3gK2KOFCPt5Hiz9sGWyN6at+BQubY18tQGtjEXYAQNXkpD5qhGn4a
 EF693r/17wmc8hvSsjf4AGaWy1k8crG0WfpMCZsaqftjj0BbvOC60IDyx4eFjpcy
 tGyAJKETq161AkCdNweIh2Q107fG3tm0fcvw2dv8Wt1eQCko6M8dUGCBinQs/thh
 TexjJFS/XbSz+IvxLqgU+C5qkOP23E0M9m1dbIbOFxJAya/5n16WOBlGr3ae2Wdq
 /+t8wVSJw3vZiku5emWdFYP1VsdIHUjVa5QizFaaRhzLGRwhxVV49SP4IQC/5oM5
 3MAgNOFTP6yRQn9Y9wP+SZs+SsfaIE7yfKa9zOi4S+Ve+LI2v4YFhh8NCRiLkeWZ
 R1dhp8Pgtuq76f/v0qUaWcuuVeGfJ37M31KOGIhi1sI/3sr7UMrngL8D1+F8UZMi
 zcLu+x4GtfUZCHl6znx1rNUBqE5S/5ndVhLpOqfCXKaQ+RAm7lkOJ3jXE2VhNkhp
 yVEmeSOLnlCaQjZvXQ==
 =OP+o
 -----END PGP SIGNATURE-----

Merge tag 'hardening-v6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening updates from Kees Cook:
 "As is pretty normal for this tree, there are changes all over the
  place, especially for small fixes, selftest improvements, and improved
  macro usability.

  Some header changes ended up landing via this tree as they depended on
  the string header cleanups. Also, a notable set of changes is the work
  for the reintroduction of the UBSAN signed integer overflow sanitizer
  so that we can continue to make improvements on the compiler side to
  make this sanitizer a more viable future security hardening option.

  Summary:

   - string.h and related header cleanups (Tanzir Hasan, Andy
     Shevchenko)

   - VMCI memcpy() usage and struct_size() cleanups (Vasiliy Kovalev,
     Harshit Mogalapalli)

   - selftests/powerpc: Fix load_unaligned_zeropad build failure
     (Michael Ellerman)

   - hardened Kconfig fragment updates (Marco Elver, Lukas Bulwahn)

   - Handle tail call optimization better in LKDTM (Douglas Anderson)

   - Use long form types in overflow.h (Andy Shevchenko)

   - Add flags param to string_get_size() (Andy Shevchenko)

   - Add Coccinelle script for potential struct_size() use (Jacob
     Keller)

   - Fix objtool corner case under KCFI (Josh Poimboeuf)

   - Drop 13 year old backward compat CAP_SYS_ADMIN check (Jingzi Meng)

   - Add str_plural() helper (Michal Wajdeczko, Kees Cook)

   - Ignore relocations in .notes section

   - Add comments to explain how __is_constexpr() works

   - Fix m68k stack alignment expectations in stackinit Kunit test

   - Convert string selftests to KUnit

   - Add KUnit tests for fortified string functions

   - Improve reporting during fortified string warnings

   - Allow non-type arg to type_max() and type_min()

   - Allow strscpy() to be called with only 2 arguments

   - Add binary mode to leaking_addresses scanner

   - Various small cleanups to leaking_addresses scanner

   - Adding wrapping_*() arithmetic helper

   - Annotate initial signed integer wrap-around in refcount_t

   - Add explicit UBSAN section to MAINTAINERS

   - Fix UBSAN self-test warnings

   - Simplify UBSAN build via removal of CONFIG_UBSAN_SANITIZE_ALL

   - Reintroduce UBSAN's signed overflow sanitizer"

* tag 'hardening-v6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (51 commits)
  selftests/powerpc: Fix load_unaligned_zeropad build failure
  string: Convert helpers selftest to KUnit
  string: Convert selftest to KUnit
  sh: Fix build with CONFIG_UBSAN=y
  compiler.h: Explain how __is_constexpr() works
  overflow: Allow non-type arg to type_max() and type_min()
  VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
  lib/string_helpers: Add flags param to string_get_size()
  x86, relocs: Ignore relocations in .notes section
  objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks
  overflow: Use POD in check_shl_overflow()
  lib: stackinit: Adjust target string to 8 bytes for m68k
  sparc: vdso: Disable UBSAN instrumentation
  kernel.h: Move lib/cmdline.c prototypes to string.h
  leaking_addresses: Provide mechanism to scan binary files
  leaking_addresses: Ignore input device status lines
  leaking_addresses: Use File::Temp for /tmp files
  MAINTAINERS: Update LEAKING_ADDRESSES details
  fortify: Improve buffer overflow reporting
  fortify: Add KUnit tests for runtime overflows
  ...
2024-03-12 14:49:30 -07:00
..
atomic locking/atomic: scripts: Clarify ordering of conditional atomics 2024-02-20 09:55:09 +01:00
basic kbuild: implement CONFIG_TRIM_UNUSED_KSYMS without recursion 2023-06-22 21:21:06 +09:00
clang-tools gen_compile_commands: fix invalid escape sequence warning 2024-02-15 06:57:19 +09:00
coccinelle coccinelle: semantic patch to check for potential struct_size calls 2024-02-29 13:38:01 -08:00
dtc dt: dt-extract-compatibles: Don't follow symlinks when walking tree 2023-11-09 11:56:39 -06:00
dummy-tools kbuild: dummy-tools: pretend we understand -fpatchable-function-entry 2023-11-01 23:24:56 +09:00
gcc-plugins gcc-plugins: randstruct: Update code comment in relayout_struct() 2023-11-27 16:30:05 -08:00
gdb asm-generic updates for 6.9 2024-03-12 10:56:28 -07:00
genksyms genksyms: use getopt_long() unconditionally 2023-11-28 11:22:50 +09:00
kconfig kconfig: initialize sym->curr.tri to 'no' for all symbol types again 2024-01-31 23:59:42 +09:00
ksymoops
mod Core x86 changes for v6.9: 2024-03-11 19:53:15 -07:00
package kbuild: rpm-pkg: simplify installkernel %post 2024-01-31 23:24:27 +09:00
selinux selinux: remove runtime disable message in the install_policy.sh script 2022-09-20 14:12:25 -04:00
tracing tracing: Always use canonical ftrace path 2023-02-18 14:34:09 -05:00
.gitignore rust: support running Rust documentation tests as KUnit ones 2023-07-19 09:32:53 -06:00
as-version.sh kbuild: Update assembler calls to use proper flags and language target 2023-01-26 12:41:38 +09:00
asn1_compiler.c ASN.1: Fix check for strdup() success 2023-04-21 08:58:00 -07:00
bloat-o-meter scripts/bloat-o-meter: count weak symbol sizes 2023-08-21 13:46:25 -07:00
bootgraph.pl
bpf_doc.py bpf, scripts: Correct GPL license name 2024-02-14 17:10:48 +01:00
cc-can-link.sh
cc-version.sh scripts: Remove ICC-related dead code 2023-04-24 10:18:32 -07:00
check-git kbuild: use git-archive for source package creation 2023-03-16 22:46:12 +09:00
check-sysctl-docs sysctl: Remove register_sysctl_table 2023-05-23 21:43:26 -07:00
check-uapi.sh check-uapi: Introduce check-uapi.sh 2023-12-29 22:25:20 +09:00
check_extable.sh scripts: check_extable: fix typo in user error message 2021-09-08 11:50:28 -07:00
checkdeclares.pl scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
checkincludes.pl
checkkconfigsymbols.py scripts: handle BrokenPipeError for python scripts 2023-01-26 12:43:33 +09:00
checkpatch.pl Char/Misc and other Driver changes for 6.8-rc1 2024-01-17 16:47:17 -08:00
checkstack.pl scripts/checkstack.pl: fix no space expression between sp and offset 2023-12-29 12:22:28 -08:00
checksyscalls.sh checksyscalls: ignore fstat to silence build warning on LoongArch 2023-03-23 17:18:32 -07:00
checkversion.pl scripts: checkversion: modernize linux/version.h search strings 2021-08-05 20:55:39 +09:00
cleanfile
cleanpatch
coccicheck scripts: coccicheck: Use /usr/bin/env 2023-02-25 20:11:06 +01:00
config kconfig: config script: add a little user help 2021-01-04 10:38:11 +09:00
const_structs.checkpatch const_structs.checkpatch: add xattr_handler 2023-10-12 17:14:11 +02:00
decode_stacktrace.sh scripts/decode_stacktrace.sh: optionally use LLVM utilities 2024-01-12 15:20:46 -08:00
decodecode scripts/decodecode: add support for LoongArch 2023-12-29 12:22:25 -08:00
depmod.sh kbuild: move depmod rule to scripts/Makefile.modinst 2023-08-29 22:38:23 +09:00
dev-needs.sh scripts/dev-needs: Add script to list device dependencies 2020-09-04 18:19:37 +02:00
diffconfig scripts: handle BrokenPipeError for python scripts 2023-01-26 12:43:33 +09:00
documentation-file-ref-check scripts: documentation-file-ref-check: fix bpf selftests path 2021-10-26 09:42:29 -06:00
export_report.pl
extract-ikconfig scripts/extract-ikconfig: add zstd compression support 2022-08-29 13:58:47 +09:00
extract-module-sig.pl
extract-sys-certs.pl
extract-vmlinux
extract_xc3028.pl
faddr2line scripts/faddr2line: Skip over mapping symbols in output from readelf 2023-10-23 08:36:46 -07:00
file-size.sh
find-unused-docs.sh
gcc-x86_32-has-stack-protector.sh x86/stackprotector/32: Make the canary into a regular percpu variable 2021-03-08 13:19:05 +01:00
gcc-x86_64-has-stack-protector.sh
gen-randstruct-seed.sh randstruct: Move seed generation into scripts/basic/ 2022-05-08 01:33:07 -07:00
generate_initcall_order.pl init: lto: ensure initcall ordering 2021-01-14 08:21:09 -08:00
generate_rust_analyzer.py scripts: generate_rust_analyzer: provide cfgs for core and alloc 2023-08-20 22:54:32 +02:00
generate_rust_target.rs Merge branch 'x86/bugs' into x86/core, to pick up pending changes before dependent patches 2024-02-14 10:49:37 +01:00
get_abi.pl scripts/get_abi.pl: ignore some temp files 2024-01-03 14:02:17 -07:00
get_dvb_firmware
get_feat.pl scripts: get_feat.pl: use /usr/bin/env to find perl 2022-06-30 12:22:17 -06:00
get_maintainer.pl get_maintainer: remove stray punctuation when cleaning file emails 2023-12-31 10:57:42 -08:00
gfp-translate scripts: fix the gfp flags header path in gfp-translate 2023-06-19 13:19:32 -07:00
git.orderFile scripts: Introduce a default git.orderFile 2023-12-29 22:25:20 +09:00
head-object-list.txt scripts: clean up IA-64 code 2023-12-03 18:51:48 +09:00
headerdep.pl
headers_install.sh hexagon: Remove CONFIG_HEXAGON_ARCH_VERSION from uapi header 2023-11-23 10:38:58 +01:00
insert-sys-cert.c
install.sh kbuild: factor out the common installation code into scripts/install.sh 2022-05-11 21:45:53 +09:00
jobserver-exec scripts: support GNU make 4.4 in jobserver-exec 2023-01-16 20:15:20 +09:00
kallsyms.c scripts/kallsyms: Fix build failure by setting errno before calling getline() 2023-07-29 15:57:32 +09:00
Kbuild.include kbuild: replace $(dot-target).tmp in filechk with $(tmp-target) 2023-01-22 23:43:33 +09:00
Kconfig.include kbuild: Add -Wa,--fatal-warnings to as-instr invocation 2024-02-16 16:07:07 -08:00
kernel-doc Another moderately busy cycle for documentation, including: 2024-01-11 19:46:52 -08:00
ld-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
leaking_addresses.pl leaking_addresses: Provide mechanism to scan binary files 2024-02-29 13:38:03 -08:00
Lindent
link-vmlinux.sh kbuild: Fix changing ELF file type for output of gen_btf for big endian 2024-02-15 06:56:40 +09:00
Makefile rust: support running Rust documentation tests as KUnit ones 2023-07-19 09:32:53 -06:00
Makefile.asm-generic kbuild: add kbuild-file macro 2022-11-22 23:40:02 +09:00
Makefile.btf kbuild: avoid too many execution of scripts/pahole-flags.sh 2023-10-28 21:10:08 +09:00
Makefile.build kbuild: mark rustc (and others) invocations as recursive 2024-02-29 22:16:38 +01:00
Makefile.clang Kbuild updates for v6.5 2023-07-01 09:24:31 -07:00
Makefile.clean kbuild: make clean rule robust against too long argument error 2023-06-25 23:12:20 +09:00
Makefile.compiler kbuild: Add -Wa,--fatal-warnings to as-instr invocation 2024-02-16 16:07:07 -08:00
Makefile.debug Makefile.debug: support for -gz=zstd 2022-11-21 10:18:39 +09:00
Makefile.defconf kbuild: defconf: use SRCARCH to find merged configs 2024-01-28 01:13:37 +09:00
Makefile.dtbinst kbuild: Support flat DTBs install 2023-06-21 07:51:08 -06:00
Makefile.extrawarn Makefile: Enable -Wstringop-overflow globally 2024-01-21 17:45:31 -06:00
Makefile.gcc-plugins gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file 2022-08-16 12:25:53 -07:00
Makefile.headersinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.host kbuild: mark rustc (and others) invocations as recursive 2024-02-29 22:16:38 +01:00
Makefile.kasan kasan: remove hwasan-kernel-mem-intrinsic-prefix=1 for clang-14 2023-04-18 16:29:43 -07:00
Makefile.kcov kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled 2020-08-10 01:32:59 +09:00
Makefile.kcsan kcsan: Ignore GCC 11+ warnings about TSan runtime support 2021-12-09 16:42:27 -08:00
Makefile.kmsan kmsan: add KMSAN runtime core 2022-10-03 14:03:19 -07:00
Makefile.lib hardening updates for v6.9-rc1 2024-03-12 14:49:30 -07:00
Makefile.modfinal kbuild: remove ARCH_POSTLINK from module builds 2023-10-28 21:10:08 +09:00
Makefile.modinst kbuild: Use CRC32 and a 1MiB dictionary for XZ compressed modules 2023-09-25 16:01:05 +09:00
Makefile.modpost linux/export.h: make <linux/export.h> independent of CONFIG_MODULES 2023-07-25 00:59:32 +09:00
Makefile.package kbuild: deb-pkg: remove the fakeroot builds support 2023-12-10 15:34:37 +09:00
Makefile.randstruct randstruct: Enable Clang support 2022-05-08 01:33:07 -07:00
Makefile.ubsan ubsan: Reintroduce signed overflow sanitizer 2024-02-20 20:44:49 -08:00
Makefile.userprogs kbuild: support 'userldlibs' syntax 2023-11-01 23:26:01 +09:00
Makefile.vdsoinst kbuild: fix build ID symlinks to installed debug VDSO files 2023-12-23 23:24:03 +09:00
Makefile.vmlinux x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN 2023-10-20 13:02:23 +02:00
Makefile.vmlinux_o x86/bugs: Rename CONFIG_CPU_SRSO => CONFIG_MITIGATION_SRSO 2024-01-10 10:52:29 +01:00
makelst
markup_oops.pl
min-tool-version.sh rust: upgrade to Rust 1.76.0 2024-02-29 22:18:05 +01:00
misc-check kbuild: make W=1 warn files that are tracked but ignored by git 2023-01-22 23:43:33 +09:00
mkcompile_h Revert "kbuild: Make scripts/compile.h when sh != bash" 2022-09-29 04:40:15 +09:00
mksysmap kallsyms: ignore ARMv4 thunks along with others 2024-02-15 22:44:56 +09:00
mkuboot.sh
module.lds.S arm64: unwind: add asynchronous unwind tables to kernel and modules 2022-11-09 18:06:35 +00:00
modules-check.sh kbuild: change module.order to list *.o instead of *.ko 2022-12-14 15:42:40 +09:00
nsdeps scripts/nsdeps: adjust to the format change of *.mod files 2022-06-08 20:14:13 +09:00
objdiff kbuild: clean .tmp_* pattern by make clean 2022-06-05 06:20:57 +09:00
objdump-func scripts/objdump-func: Support multiple functions 2023-04-14 16:08:28 +02:00
orc_hash.sh x86/unwind/orc: Add ELF section with ORC version identifier 2023-06-16 17:17:42 +02:00
pahole-version.sh kbuild: Add CONFIG_PAHOLE_VERSION 2022-02-02 11:19:33 +01:00
parse-maintainers.pl
patch-kernel
profile2linkerlist.pl
prune-kernel scripts/prune-kernel: Use kernel-install if available 2022-05-11 21:46:38 +09:00
recordmcount.c scripts: clean up IA-64 code 2023-12-03 18:51:48 +09:00
recordmcount.h recordmcount: Correct st_shndx handling 2021-06-18 09:09:17 -04:00
recordmcount.pl scripts: clean up IA-64 code 2023-12-03 18:51:48 +09:00
relocs_check.sh powerpc: Move script to check relocations at compile time in scripts/ 2023-04-19 07:46:31 -07:00
remove-stale-files kbuild: rpm-pkg: generate kernel.spec in rpmbuild/SPECS/ 2023-10-03 20:49:09 +09:00
rust_is_available.sh kbuild: rust_is_available: check that output looks as expected 2023-08-10 01:18:34 +02:00
rust_is_available_bindgen_libclang.h scripts: add rust_is_available.sh 2022-09-28 09:02:06 +02:00
rust_is_available_test.py kbuild: rust_is_available: add test suite 2023-08-10 01:18:34 +02:00
rustdoc_test_builder.rs rust: support running Rust documentation tests as KUnit ones 2023-07-19 09:32:53 -06:00
rustdoc_test_gen.rs rust: support running Rust documentation tests as KUnit ones 2023-07-19 09:32:53 -06:00
setlocalversion scripts/setlocalversion: also consider annotated tags of the form vx.y.z-${file_localversion} 2023-08-08 01:08:54 +09:00
show_delta scripts/show_delta: add __main__ judgement before main code 2023-10-18 14:43:23 -07:00
sign-file.c sign-file: Fix incorrect return values check 2023-12-13 12:55:11 -08:00
sorttable.c LoongArch: extable: Add type and data fields 2022-12-14 08:36:11 +08:00
sorttable.h x86,objtool: Split UNWIND_HINT_EMPTY in two 2023-03-23 23:18:58 +01:00
spdxcheck-test.sh docs: move Linux logo into a new images folder 2022-06-01 09:32:45 -06:00
spdxcheck.py scripts/spdxcheck: Put excluded files and directories into a separate file 2022-05-18 15:34:33 +02:00
spdxexclude scripts/spdxcheck: Exclude top-level README 2022-05-18 15:35:42 +02:00
spelling.txt scripts/spelling.txt: add more spellings to spelling.txt 2023-12-10 17:21:33 -08:00
sphinx-pre-install docs: Raise the minimum Sphinx requirement to 2.4.4 2023-12-15 08:36:33 -07:00
split-man.pl tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
stackdelta
stackusage
subarch.include LoongArch: Add build infrastructure 2022-06-03 20:09:27 +08:00
syscallhdr.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
syscallnr.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
syscalltbl.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
tags.sh scripts/tags.sh: remove find_sources 2024-01-04 17:01:15 +01:00
test_fortify.sh fortify: Update compile-time tests for Clang 14 2022-02-13 16:50:06 -08:00
tools-support-relr.sh Makefile: use -z pack-relative-relocs 2023-04-17 11:23:06 +09:00
unifdef.c
ver_linux Removed the oprofiled version option 2021-05-03 17:23:06 -06:00
xen-hypercalls.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
xz_wrap.sh scripts: clean up IA-64 code 2023-12-03 18:51:48 +09:00