Commit 9ec2236a authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux 

Pull hardening fixes from Kees Cook:

 - gcc plugins: Avoid Kconfig warnings with randstruct (Nathan
   Chancellor)

 - MAINTAINERS: Add security/Kconfig.hardening to hardening section
   (Nathan Chancellor)

 - MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list

* tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  MAINTAINERS: Add security/Kconfig.hardening to hardening section
  hardening: Adjust dependencies in selection of MODVERSIONS
  MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
parents fb9b7674 045244dd

MAINTAINERS

+2 −0
Original line number Diff line number Diff line
@@ -8914,6 +8914,7 @@ F: include/linux/fortify-string.h 
F:	lib/fortify_kunit.c

F:	lib/memcpy_kunit.c

F:	lib/test_fortify/*

K:	\bunsafe_memcpy\b

K:	\b__NO_FORTIFY\b









FPGA DFL DRIVERS








@@ -12345,6 +12346,7 @@ F:	include/linux/randomize_kstack.h







F:	kernel/configs/hardening.config









F:	lib/usercopy_kunit.c









F:	mm/usercopy.c









F:	security/Kconfig.hardening









K:	\b(add|choose)_random_kstack_offset\b









K:	\b__check_(object_size|heap_object)\b









K:	\b__counted_by\b
































security/Kconfig.hardening



+2
−2






























Original line number
Diff line number
Diff line







@@ -340,7 +340,7 @@ choice







	config RANDSTRUCT_FULL









		bool "Fully randomize structure layout"









		depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS









		select MODVERSIONS if MODULES









		select MODVERSIONS if MODULES && !COMPILE_TEST









		help









		  Fully randomize the member layout of sensitive









		  structures as much as possible, which may have both a








@@ -356,7 +356,7 @@ choice







	config RANDSTRUCT_PERFORMANCE









		bool "Limit randomization of structure layout to cache-lines"









		depends on GCC_PLUGINS









		select MODVERSIONS if MODULES









		select MODVERSIONS if MODULES && !COMPILE_TEST









		help









		  Randomization of sensitive kernel structures will make a









		  best effort at restricting randomization to cacheline-sized