mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-16 01:54:00 +00:00
hardening fixes for v6.12-rc2
- gcc plugins: Avoid Kconfig warnings with randstruct (Nathan Chancellor) - MAINTAINERS: Add security/Kconfig.hardening to hardening section (Nathan Chancellor) - MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRSPkdeREjth1dHnSE2KwveOeQkuwUCZwCJTQAKCRA2KwveOeQk u5pCAQDxyLgRdmDtwif6jtZA+++A9UcJtqwrqx+qecQ/mPbXZgD/eXyl1nKYIvCi Q7yDyhyL8ACl0olfIchVz8F4pBnePAg= =a0sJ -----END PGP SIGNATURE----- Merge tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull hardening fixes from Kees Cook: - gcc plugins: Avoid Kconfig warnings with randstruct (Nathan Chancellor) - MAINTAINERS: Add security/Kconfig.hardening to hardening section (Nathan Chancellor) - MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list * tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: MAINTAINERS: Add security/Kconfig.hardening to hardening section hardening: Adjust dependencies in selection of MODVERSIONS MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
This commit is contained in:
commit
9ec2236a02
@ -8914,6 +8914,7 @@ F: include/linux/fortify-string.h
|
||||
F: lib/fortify_kunit.c
|
||||
F: lib/memcpy_kunit.c
|
||||
F: lib/test_fortify/*
|
||||
K: \bunsafe_memcpy\b
|
||||
K: \b__NO_FORTIFY\b
|
||||
|
||||
FPGA DFL DRIVERS
|
||||
@ -12345,6 +12346,7 @@ F: include/linux/randomize_kstack.h
|
||||
F: kernel/configs/hardening.config
|
||||
F: lib/usercopy_kunit.c
|
||||
F: mm/usercopy.c
|
||||
F: security/Kconfig.hardening
|
||||
K: \b(add|choose)_random_kstack_offset\b
|
||||
K: \b__check_(object_size|heap_object)\b
|
||||
K: \b__counted_by\b
|
||||
|
@ -340,7 +340,7 @@ choice
|
||||
config RANDSTRUCT_FULL
|
||||
bool "Fully randomize structure layout"
|
||||
depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS
|
||||
select MODVERSIONS if MODULES
|
||||
select MODVERSIONS if MODULES && !COMPILE_TEST
|
||||
help
|
||||
Fully randomize the member layout of sensitive
|
||||
structures as much as possible, which may have both a
|
||||
@ -356,7 +356,7 @@ choice
|
||||
config RANDSTRUCT_PERFORMANCE
|
||||
bool "Limit randomization of structure layout to cache-lines"
|
||||
depends on GCC_PLUGINS
|
||||
select MODVERSIONS if MODULES
|
||||
select MODVERSIONS if MODULES && !COMPILE_TEST
|
||||
help
|
||||
Randomization of sensitive kernel structures will make a
|
||||
best effort at restricting randomization to cacheline-sized
|
||||
|
Loading…
x
Reference in New Issue
Block a user