Commit 48ea09cd authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'hardening-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull kernel hardening updates from Kees Cook:

 - Convert flexible array members, fix -Wstringop-overflow warnings, and
   fix KCFI function type mismatches that went ignored by maintainers
   (Gustavo A. R. Silva, Nathan Chancellor, Kees Cook)

 - Remove the remaining side-effect users of ksize() by converting
   dma-buf, btrfs, and coredump to using kmalloc_size_roundup(), add
   more __alloc_size attributes, and introduce full testing of all
   allocator functions. Finally remove the ksize() side-effect so that
   each allocation-aware checker can finally behave without exceptions

 - Introduce oops_limit (default 10,000) and warn_limit (default off) to
   provide greater granularity of control for panic_on_oops and
   panic_on_warn (Jann Horn, Kees Cook)

 - Introduce overflows_type() and castable_to_type() helpers for cleaner
   overflow checking

 - Improve code generation for strscpy() and update str*() kern-doc

 - Convert strscpy and sigphash tests to KUnit, and expand memcpy tests

 - Always use a non-NULL argument for prepare_kernel_cred()

 - Disable structleak plugin in FORTIFY KUnit test (Anders Roxell)

 - Adjust orphan linker section checking to respect CONFIG_WERROR (Xin
   Li)

 - Make sure siginfo is cleared for forced SIGKILL (haifeng.xu)

 - Fix um vs FORTIFY warnings for always-NULL arguments

* tag 'hardening-v6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (31 commits)
  ksmbd: replace one-element arrays with flexible-array members
  hpet: Replace one-element array with flexible-array member
  um: virt-pci: Avoid GCC non-NULL warning
  signal: Initialize the info in ksignal
  lib: fortify_kunit: build without structleak plugin
  panic: Expose "warn_count" to sysfs
  panic: Introduce warn_limit
  panic: Consolidate open-coded panic_on_warn checks
  exit: Allow oops_limit to be disabled
  exit: Expose "oops_count" to sysfs
  exit: Put an upper limit on how often we can oops
  panic: Separate sysctl logic from CONFIG_SMP
  mm/pgtable: Fix multiple -Wstringop-overflow warnings
  mm: Make ksize() a reporting-only function
  kunit/fortify: Validate __alloc_size attribute results
  drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
  drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
  driver core: Add __alloc_size hint to devm allocators
  overflow: Introduce overflows_type() and castable_to_type()
  coredump: Proactively round up to kmalloc bucket size
  ...
parents ad76bf1f d272e01f

Documentation/ABI/testing/sysfs-kernel-oops_count

0 → 100644
+6 −0
Original line number Diff line number Diff line 
What:		/sys/kernel/oops_count

Date:		November 2022

KernelVersion:	6.2.0

Contact:	Linux Kernel Hardening List <linux-hardening@vger.kernel.org>

Description:

		Shows how many times the system has Oopsed since last boot.

Documentation/ABI/testing/sysfs-kernel-warn_count

0 → 100644
+6 −0
Original line number Diff line number Diff line 
What:		/sys/kernel/oops_count

Date:		November 2022

KernelVersion:	6.2.0

Contact:	Linux Kernel Hardening List <linux-hardening@vger.kernel.org>

Description:

		Shows how many times the system has Warned since last boot.

Documentation/admin-guide/sysctl/kernel.rst

+19 −0
Original line number Diff line number Diff line
@@ -670,6 +670,15 @@ This is the default behavior. 
an oops event is detected.





oops_limit

==========



Number of kernel oopses after which the kernel should panic when

``panic_on_oops`` is not set. Setting this to 0 disables checking

the count. Setting this to  1 has the same effect as setting

``panic_on_oops=1``. The default value is 10000.





osrelease, ostype & version

===========================
@@ -1526,6 +1535,16 @@ entry will default to 2 instead of 0. 
2 Unprivileged calls to ``bpf()`` are disabled

= =============================================================





warn_limit

==========



Number of kernel warnings after which the kernel should panic when

``panic_on_warn`` is not set. Setting this to 0 disables checking

the warning count. Setting this to 1 has the same effect as setting

``panic_on_warn=1``. The default value is 0.





watchdog

========

Documentation/core-api/kernel-api.rst

+3 −0
Original line number Diff line number Diff line
@@ -36,6 +36,9 @@ String Conversions 
String Manipulation

-------------------



.. kernel-doc:: include/linux/fortify-string.h

   :internal:



.. kernel-doc:: lib/string.c

   :export:

MAINTAINERS

+5 −1
Original line number Diff line number Diff line
@@ -8105,6 +8105,8 @@ S: Supported 
T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	include/linux/fortify-string.h

F:	lib/fortify_kunit.c

F:	lib/memcpy_kunit.c

F:	lib/strscpy_kunit.c

F:	lib/test_fortify/*

F:	scripts/test_fortify.sh

K:	\b__NO_FORTIFY\b
@@ -11208,6 +11210,8 @@ M: Kees Cook <keescook@chromium.org> 
L:	linux-hardening@vger.kernel.org

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	Documentation/ABI/testing/sysfs-kernel-oops_count

F:	Documentation/ABI/testing/sysfs-kernel-warn_count

F:	include/linux/overflow.h

F:	include/linux/randomize_kstack.h

F:	mm/usercopy.c
@@ -19050,7 +19054,7 @@ M: Jason A. Donenfeld <Jason@zx2c4.com> 
S:	Maintained

F:	include/linux/siphash.h

F:	lib/siphash.c

F:	lib/test_siphash.c

F:	lib/siphash_kunit.c









SIS 190 ETHERNET DRIVER









M:	Francois Romieu <romieu@fr.zoreil.com>