Merge tag 'hardening-v6.9-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux (2d412262) · Commits · git / linux-net

kernel/configs/hardening.config

+6 −5

Original line number	Diff line number	Diff line
		@@ -39,11 +39,12 @@ CONFIG_UBSAN=y
		CONFIG_UBSAN_TRAP=y
		CONFIG_UBSAN_BOUNDS=y
		# CONFIG_UBSAN_SHIFT is not set
		# CONFIG_UBSAN_DIV_ZERO
		# CONFIG_UBSAN_UNREACHABLE
		# CONFIG_UBSAN_BOOL
		# CONFIG_UBSAN_ENUM
		# CONFIG_UBSAN_ALIGNMENT
		# CONFIG_UBSAN_DIV_ZERO is not set
		# CONFIG_UBSAN_UNREACHABLE is not set
		# CONFIG_UBSAN_SIGNED_WRAP is not set
		# CONFIG_UBSAN_BOOL is not set
		# CONFIG_UBSAN_ENUM is not set
		# CONFIG_UBSAN_ALIGNMENT is not set

		# Sampling-based heap out-of-bounds and use-after-free detection.
		CONFIG_KFENCE=y

+16 −2

Original line number	Diff line number	Diff line
		@@ -44,9 +44,10 @@ const char report_ubsan_failure(struct pt_regs regs, u32 check_type)
		case ubsan_shift_out_of_bounds:
		return "UBSAN: shift out of bounds";
		#endif
		#ifdef CONFIG_UBSAN_DIV_ZERO
		#if defined(CONFIG_UBSAN_DIV_ZERO) \|\| defined(CONFIG_UBSAN_SIGNED_WRAP)
		/*
		* SanitizerKind::IntegerDivideByZero emits
		* SanitizerKind::IntegerDivideByZero and
		* SanitizerKind::SignedIntegerOverflow emit
		* SanitizerHandler::DivremOverflow.
		*/
		case ubsan_divrem_overflow:
		@@ -77,6 +78,19 @@ const char report_ubsan_failure(struct pt_regs regs, u32 check_type)
		return "UBSAN: alignment assumption";
		case ubsan_type_mismatch:
		return "UBSAN: type mismatch";
		#endif
		#ifdef CONFIG_UBSAN_SIGNED_WRAP
		/*
		* SanitizerKind::SignedIntegerOverflow emits
		* SanitizerHandler::AddOverflow, SanitizerHandler::SubOverflow,
		* or SanitizerHandler::MulOverflow.
		*/
		case ubsan_add_overflow:
		return "UBSAN: integer addition overflow";
		case ubsan_sub_overflow:
		return "UBSAN: integer subtraction overflow";
		case ubsan_mul_overflow:
		return "UBSAN: integer multiplication overflow";
		#endif
		default:
		return "UBSAN: unrecognized failure code";