Merge tag 'hardening-v6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Usage

-----

To enable UBSAN configure kernel with::

To enable UBSAN, configure the kernel with::

  CONFIG_UBSAN=y

and to check the entire kernel::

        CONFIG_UBSAN_SANITIZE_ALL=y

To enable instrumentation for specific files or directories, add a line

similar to the following to the respective kernel Makefile:

- For a single file (e.g. main.o)::

    UBSAN_SANITIZE_main.o := y

- For all files in one directory::

    UBSAN_SANITIZE := y

To exclude files from being instrumented even if

``CONFIG_UBSAN_SANITIZE_ALL=y``, use::

To exclude files from being instrumented use::

  UBSAN_SANITIZE_main.o := n

and::

and to exclude all targets in one directory use::

  UBSAN_SANITIZE := n

When disabled for all targets, specific files can be enabled using::

  UBSAN_SANITIZE_main.o := y

Detection of unaligned accesses controlled through the separate option -

CONFIG_UBSAN_ALIGNMENT. It's off by default on architectures that support

unaligned accesses (CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y). One could

F:	include/linux/string_choices.h

F:	include/linux/string_helpers.h

F:	lib/string.c

F:	lib/string_kunit.c

F:	lib/string_helpers.c

F:	lib/test-string_helpers.c

F:	lib/test_string.c

F:	lib/string_helpers_kunit.c

F:	scripts/coccinelle/api/string_choices.cocci

GENERIC UIO DRIVER FOR PCI DEVICES

M:	"Michael S. Tsirkin" <mst@redhat.com>

F:	drivers/scsi/53c700*

LEAKING_ADDRESSES

M:	Tobin C. Harding <me@tobin.cc>

M:	Tycho Andersen <tycho@tycho.pizza>

R:	Kees Cook <keescook@chromium.org>

L:	linux-hardening@vger.kernel.org

S:	Maintained

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	scripts/leaking_addresses.pl

LED SUBSYSTEM

F:	drivers/block/ublk_drv.c

F:	include/uapi/linux/ublk_cmd.h

UBSAN

M:	Kees Cook <keescook@chromium.org>

R:	Marco Elver <elver@google.com>

R:	Andrey Konovalov <andreyknvl@gmail.com>

R:	Andrey Ryabinin <ryabinin.a.a@gmail.com>

L:	kasan-dev@googlegroups.com

L:	linux-hardening@vger.kernel.org

S:	Supported

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/hardening

F:	Documentation/dev-tools/ubsan.rst

F:	include/linux/ubsan.h

F:	lib/Kconfig.ubsan

F:	lib/test_ubsan.c

F:	lib/ubsan.c

F:	scripts/Makefile.ubsan

K:	\bARCH_HAS_UBSAN\b

UCLINUX (M68KNOMMU AND COLDFIRE)

M:	Greg Ungerer <gerg@linux-m68k.org>

L:	linux-m68k@lists.linux-m68k.org

	select ARCH_HAVE_NMI_SAFE_CMPXCHG if CPU_V7 || CPU_V7M || CPU_V6K

	select ARCH_HAS_GCOV_PROFILE_ALL

	select ARCH_KEEP_MEMBLOCK

	select ARCH_HAS_UBSAN_SANITIZE_ALL

	select ARCH_HAS_UBSAN

	select ARCH_MIGHT_HAVE_PC_PARPORT

	select ARCH_OPTIONAL_KERNEL_RWX if ARCH_HAS_STRICT_KERNEL_RWX

	select ARCH_OPTIONAL_KERNEL_RWX_DEFAULT if CPU_V7

		putstr(" done, booting the kernel.\n");

}

void fortify_panic(const char *name)

void __fortify_panic(const u8 reason, size_t avail, size_t size)

{

	error("detected buffer overflow");

}

void

decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p,

		  unsigned long free_mem_ptr_end_p, int arch_id);

void fortify_panic(const char *name);

void __fortify_panic(const u8 reason, size_t avail, size_t size);

int atags_to_fdt(void *atag_list, void *fdt, int total_space);

uint32_t fdt_check_mem_start(uint32_t mem_start, const void *fdt);

int do_decompress(u8 *input, int len, u8 *output, void (*error)(char *x));