Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp1473477lqp; Fri, 22 Mar 2024 16:57:28 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXsAxbg5/VStASonz+3MzZ/X6k3EiG+T+zeKp8xSxvKfWo1qYfnQWsbPnmuUJ1nEXU1pL7zr6Jo3OEHZhIfyFIFKEFTKrZBA4Jfhg/rIw== X-Google-Smtp-Source: AGHT+IH1V5JjbZgpuomz0+NNxAqUKleuDPvB3S5Xve8Gqlgb/xO3V+HS10TFFHu5A6JhZW7moCjZ X-Received: by 2002:a05:6830:1302:b0:6e6:ae49:243d with SMTP id p2-20020a056830130200b006e6ae49243dmr1059112otq.34.1711151848584; Fri, 22 Mar 2024 16:57:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711151848; cv=pass; d=google.com; s=arc-20160816; b=xyJm4NO8jriemsAmPmT6GaQOPsWA4YCh5rhxjP/TE+2FipW4T4EvEFDtoKB9DirPcn ODmvX1XgcSYh5CPFuixxWc9QbTnq+XhvtEAF8Bm7nWTZuATZe0ZYvWVK1ciD5iC6lbNe Uum08y/Q16hQq2X6zYXzMk8lCL8oOv2zhd+f9nIp3Hbjb59szOtbNviGc/WwA/J3Idu5 O5reGWFKbSH/W8zHKVYK74Gohy06oEBvzVbuv3481cVGrVX2puEGp4iq152nIkjnnzFL yNANIi8Z8B0C5Act9mAOu5I9IU8VpQBo3RRXzmZaS1TQuNRSKJ4Hhq7qUChSoR2N4Rwd lzmQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:message-id:subject:cc:to:from:date :dkim-signature; bh=3BvBQsbrJmViGYUyffjiNgWneo+LjEJnsprmW9VkcYk=; fh=zo/K7GCNVLs+Gbs/6YC2xuGcw9rJV1gbvy5OkHyv3/E=; b=m3BTLXeVOczfGV6DxmJdx9ln0r4BC0qSAhpSedkZmvVcIIKEbKKQ3o1ifO+1P+sSfL sclOK1Rx2cPTmLEooV0x0YxajLcpoSwzmPhjn7b6v1ykrkUmm9SgQLNX3f8w3kyx2MqF q5KKkVbaDzM/KNgPPQcVHVEqq2t7fGVWkmy6Aeeypt23qz+q6HibiprdfRHR7Tw8Me3c To2cLDOV8OPgukblJonCrySkZmYiiMYeIQVOWG8y2ghzhz5XZ9jtwA2ZxJ/Sq8ID+8BN nj4GFm4cZLyxDBBNV5y1I8DdLgGsbps9eFnca3wiFiJcoqKS7OSS414r7jG6SUPO/dah qrKQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PlPjukNo; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-112118-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112118-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id t2-20020a63b702000000b005dc34da7200si2989119pgf.722.2024.03.22.16.57.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 16:57:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-112118-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=PlPjukNo; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-112118-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-112118-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 9462EB22714 for ; Fri, 22 Mar 2024 23:57:25 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EB80D82C7E; Fri, 22 Mar 2024 23:57:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="PlPjukNo" Received: from mail-oa1-f53.google.com (mail-oa1-f53.google.com [209.85.160.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B1428174C for ; Fri, 22 Mar 2024 23:57:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.160.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711151838; cv=none; b=T/fqu0pbwcb74wCpimJIZ7Ef7Y7mO4RFxui5JOSfz4fnh+B4T6Jb/QnEdKKylD0/Noh2Zp6iZUNjOUkml8J6i4AEnZ4oFGDyiQeSGwd5HVU8tzculydp5QqofvmhBp4bWGy462y6XMHLv93roPOzVug7tGXG0hgTGmrXDcwKh3M= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711151838; c=relaxed/simple; bh=uU8lVmAuNAcGsbGMACEh+b0UM7t1xrJOGABQ/Hqy2M4=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=Ss9rbB2xp1ewWPailapcwSphuaxbyihHzOmxWGgi3aOqsONBrLddkiCq9hoUiaRD2Nh+33tiHQEdFU0wCS01YblEP0kA4unQKNH0l1uLchFexXtLseteTZsfhi0gKRmG+mFRhsqgscj5rapVtoQmBp9Ah2V3ymu4IErtawCYeVk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=PlPjukNo; arc=none smtp.client-ip=209.85.160.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-oa1-f53.google.com with SMTP id 586e51a60fabf-2226572ccf8so1602237fac.2 for ; Fri, 22 Mar 2024 16:57:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1711151835; x=1711756635; darn=vger.kernel.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=3BvBQsbrJmViGYUyffjiNgWneo+LjEJnsprmW9VkcYk=; b=PlPjukNogDOFK9/38KmhzIs1sOzqU0c001HlzoWjV/7edSHzgdPzbBCNaaRuBkzZX6 s8aJw+rjzRmU4CW68Ek3dJhIGv1L1bK9rE8RXXEhduZnWxiuCoNUT26IOmPOLM49x+id oz85IVLU6YPoljy7u/Te3LtnULFUlW4VyJz4U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711151835; x=1711756635; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3BvBQsbrJmViGYUyffjiNgWneo+LjEJnsprmW9VkcYk=; b=cdPW2cSaTA3uUX4Ew49OSVtYaHRxCbPd0pcV700Uz+sZ7zTDEi9vgnGTbSS+QRGkZQ SYvITPQ/qXuoKzrJ2jlVa+9pZQTxWeM0ihRq0Jb6uOXIWiClgzSDD+m0NntfLtmCD/1A 3G9stUZnURX/symOFB5XzenQ9Ah/Rjtxp32VLZYT12ttDXou7o67wQTsv0AEMeNqLUF4 YVLrOifiqlFYaa1dUjbKLY21j99Yy00e4tzi5JX2qr4eRpUWALRbCFeNd2+psofSweZg BTe3m2kwLQXggtbI8ntOF6d/kSY/YrNf4v1nTcoCfdZoDhyr+HyYOCZkDcYwl/3nO+Og dj6w== X-Gm-Message-State: AOJu0YwnE9g5xMh8xMUnSHDVx0iZmGUKDGqLewvD8x3E5k9MVtOlZwTk DLmVD7f87Y6e80mq+dzLCnZPr90Nb70rCHC/OdgqiDDhCloqtEcW1wLgzRy/iw== X-Received: by 2002:a05:6870:1641:b0:221:3c64:fbb with SMTP id c1-20020a056870164100b002213c640fbbmr1353951oae.30.1711151835770; Fri, 22 Mar 2024 16:57:15 -0700 (PDT) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id p6-20020aa78606000000b006e73508485bsm322293pfn.100.2024.03.22.16.57.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Mar 2024 16:57:15 -0700 (PDT) Date: Fri, 22 Mar 2024 16:57:14 -0700 From: Kees Cook To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, Bjorn Helgaas , David Gow , Guenter Roeck , "Gustavo A. R. Silva" , Kees Cook , kernel test robot , Liu Song , Marco Elver , Nathan Chancellor , Przemek Kitszel , Randy Dunlap Subject: [GIT PULL] hardening fixes for v6.9-rc1 Message-ID: <202403221655.A2BCB96145@keescook> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Linus, Please pull these handful of hardening fixes for v6.9-rc1. One of the two "end of -rc1 API refactors" I mentioned in the first PR is included here, for DEFINE_FLEX(), now that netdev has landed. Thanks! -Kees The following changes since commit 0a7b0acecea273c8816f4f5b0e189989470404cf: Merge tag 'vfs-6.9-rc1.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs (2024-03-18 09:15:50 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.9-rc1-fixes for you to fetch changes up to 231dc3f0c936db142ef3fa922f1ab751dd532d70: lkdtm/bugs: Improve warning message for compilers without counted_by support (2024-03-22 16:25:31 -0700) ---------------------------------------------------------------- hardening fixes for v6.9-rc1 - CONFIG_MEMCPY_SLOW_KUNIT_TEST is no longer needed (Guenter Roeck) - Fix needless UTF-8 character in arch/Kconfig (Liu Song) - Improve __counted_by warning message in LKDTM (Nathan Chancellor) - Refactor DEFINE_FLEX() for default use of __counted_by - Disable signed integer overflow sanitizer on GCC < 8 ---------------------------------------------------------------- Guenter Roeck (1): Revert "kunit: memcpy: Split slow memcpy tests into MEMCPY_SLOW_KUNIT_TEST" Kees Cook (2): ubsan: Disable signed integer overflow sanitizer on GCC < 8 overflow: Change DEFINE_FLEX to take __counted_by member Liu Song (1): arch/Kconfig: eliminate needless UTF-8 character in Kconfig help Nathan Chancellor (1): lkdtm/bugs: Improve warning message for compilers without counted_by support arch/Kconfig | 2 +- drivers/misc/lkdtm/bugs.c | 2 +- drivers/net/ethernet/intel/ice/ice_base.c | 4 ++-- drivers/net/ethernet/intel/ice/ice_common.c | 4 ++-- drivers/net/ethernet/intel/ice/ice_ddp.c | 8 ++++---- drivers/net/ethernet/intel/ice/ice_lag.c | 6 +++--- drivers/net/ethernet/intel/ice/ice_sched.c | 4 ++-- drivers/net/ethernet/intel/ice/ice_switch.c | 10 +++++----- include/linux/overflow.h | 25 +++++++++++++++++++++---- lib/Kconfig.debug | 12 ------------ lib/Kconfig.ubsan | 2 ++ lib/memcpy_kunit.c | 3 --- lib/overflow_kunit.c | 19 +++++++++++++++++++ 13 files changed, 62 insertions(+), 39 deletions(-) -- Kees Cook