linux-next/scripts
Linus Torvalds 4a7d37e824 hardening updates for v6.3-rc1
- Replace 0-length and 1-element arrays with flexible arrays in various
   subsystems (Paulo Miguel Almeida, Stephen Rothwell, Kees Cook)
 
 - randstruct: Disable Clang 15 support (Eric Biggers)
 
 - GCC plugins: Drop -std=gnu++11 flag (Sam James)
 
 - strpbrk(): Refactor to use strchr() (Andy Shevchenko)
 
 - LoadPin LSM: Allow root filesystem switching when non-enforcing
 
 - fortify: Use dynamic object size hints when available
 
 - ext4: Fix CFI function prototype mismatch
 
 - Nouveau: Fix DP buffer size arguments
 
 - hisilicon: Wipe entire crypto DMA pool on error
 
 - coda: Fully allocate sig_inputArgs
 
 - UBSAN: Improve arm64 trap code reporting
 
 - copy_struct_from_user(): Add minimum bounds check on kernel buffer size
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmPv1Y8WHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJg5UD/9x3Lx0EG3iL4qPtjmohaXd899r
 AzP1ysoxYnmo/cY0//W3DPCJrUaVlTm7M2xXOpzi7YPVD8Jcofzy6Uxm9BiG/OJ9
 bla7uQixlDMA2MBmWzAXhM7337WgEtBcr6kbXk6rHFnzmk8CdAY3wjmLmiefxEWT
 gkdeJlbkBFynssSF2nejgCvr/ZyiWQr2V9hRdEavLQH/MDS785bmNwbLyUNqK+eo
 gOtuyjyV90t+cSIN0bF7gOCFGf1ivKA/+GNFrob0jY0Fy2kGx1I2wQMn9yzjzerC
 o6Majz9r+7Z7xIaz2Pm9nDaWyZDI05RfoRpQZ9dSEJ+zYgbFBFpDpJShcJvSpNa0
 POqeR400n/6VWBcbk7UU0s7VCVU13IsOFhBSVMQM5FfzIcUkj0/VBm0Jm0ODrpM9
 13/nKyAkvHkH0uSJbQjn79rXvEvqQyi5f28emm2CuhiHHUiDEUdsmMD7fE8UXo4r
 U8dgfwTOLLQBKmOQJcgiLo8iLDPhatZKYQAZ7LMY9kbHLsJlRVxfzY9PriNCuI5o
 XuMLJG33TrlUDfqQrKeSJ9srVRiiIBAzoWnIfIVE3Xb46LqFNXVRdJCt4A2678jn
 gYIzkQ2HbVe2chUhUyjsjGTjmmeX9qZG0UOlhRQ0RvWFxi390wwYqhkSaOEGtDGv
 QbVh0Lb86m3H/G+M9g==
 =XnVa
 -----END PGP SIGNATURE-----

Merge tag 'hardening-v6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening updates from Kees Cook:
 "Beyond some specific LoadPin, UBSAN, and fortify features, there are
  other fixes scattered around in various subsystems where maintainers
  were okay with me carrying them in my tree or were non-responsive but
  the patches were reviewed by others:

   - Replace 0-length and 1-element arrays with flexible arrays in
     various subsystems (Paulo Miguel Almeida, Stephen Rothwell, Kees
     Cook)

   - randstruct: Disable Clang 15 support (Eric Biggers)

   - GCC plugins: Drop -std=gnu++11 flag (Sam James)

   - strpbrk(): Refactor to use strchr() (Andy Shevchenko)

   - LoadPin LSM: Allow root filesystem switching when non-enforcing

   - fortify: Use dynamic object size hints when available

   - ext4: Fix CFI function prototype mismatch

   - Nouveau: Fix DP buffer size arguments

   - hisilicon: Wipe entire crypto DMA pool on error

   - coda: Fully allocate sig_inputArgs

   - UBSAN: Improve arm64 trap code reporting

   - copy_struct_from_user(): Add minimum bounds check on kernel buffer
     size"

* tag 'hardening-v6.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  randstruct: disable Clang 15 support
  uaccess: Add minimum bounds check on kernel buffer size
  arm64: Support Clang UBSAN trap codes for better reporting
  coda: Avoid partial allocation of sig_inputArgs
  gcc-plugins: drop -std=gnu++11 to fix GCC 13 build
  lib/string: Use strchr() in strpbrk()
  crypto: hisilicon: Wipe entire pool on error
  net/i40e: Replace 0-length array with flexible array
  io_uring: Replace 0-length array with flexible array
  ext4: Fix function prototype mismatch for ext4_feat_ktype
  i915/gvt: Replace one-element array with flexible-array member
  drm/nouveau/disp: Fix nvif_outp_acquire_dp() argument size
  LoadPin: Allow filesystem switch when not enforcing
  LoadPin: Move pin reporting cleanly out of locking
  LoadPin: Refactor sysctl initialization
  LoadPin: Refactor read-only check into a helper
  ARM: ixp4xx: Replace 0-length arrays with flexible arrays
  fortify: Use __builtin_dynamic_object_size() when available
  rxrpc: replace zero-lenth array with DECLARE_FLEX_ARRAY() helper
2023-02-21 11:07:23 -08:00
..
atomic Fix up more non-executable files marked executable 2023-01-28 11:17:57 -08:00
basic fixdep: remove unneeded <stdarg.h> inclusion 2022-12-30 17:26:19 +09:00
clang-tools kbuild: change module.order to list *.o instead of *.ko 2022-12-14 15:42:40 +09:00
coccinelle update Coccinelle URL 2022-08-07 21:30:36 +02:00
dtc scripts/dtc: Update to upstream version v1.6.1-63-g55778a03df61 2022-11-10 08:37:19 -06:00
dummy-tools kbuild: dummy-tools: pretend we understand __LONG_DOUBLE_128__ 2022-08-21 02:47:48 +09:00
gcc-plugins Merge branch 'for-linus/hardening' into for-next/hardening 2023-02-02 18:43:28 +00:00
gdb scripts/gdb: fix 'lx-current' for x86 2023-02-09 15:56:51 -08:00
genksyms genksyms: adjust the output format to modpost 2022-05-24 16:33:20 +09:00
kconfig ARM: defconfigs for 6.3 2023-02-20 15:43:36 -08:00
ksymoops
mod Kbuild updates for v6.2 2022-12-19 12:33:32 -06:00
package scripts: rpm: make clear that mkspec script contains 4.13 feature 2023-01-11 20:42:34 +09:00
selinux selinux: remove runtime disable message in the install_policy.sh script 2022-09-20 14:12:25 -04:00
tracing ftrace/scripts: Update the instructions for ftrace-bisect.sh 2023-01-24 13:13:07 -05:00
.gitignore scripts: add generate_rust_target.rs 2022-09-28 09:02:06 +02:00
adjust_autoksyms.sh kbuild: split the second line of *.mod into *.usyms 2022-05-08 03:16:59 +09:00
as-version.sh kbuild: Switch to 'f' variants of integrated assembler flag 2021-09-03 08:17:20 +09:00
asn1_compiler.c scripts: remove unused argument 'type' 2022-09-29 04:40:16 +09:00
bin2c.c kbuild: move bin2c back to scripts/ from scripts/basic/ 2018-07-18 01:18:05 +09:00
bloat-o-meter scripts/bloat-o-meter: add -p argument 2022-07-17 17:31:40 -07:00
bootgraph.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 391 2019-06-05 17:37:11 +02:00
bpf_doc.py bpf: Rework process_dynptr_func 2022-12-08 18:25:31 -08:00
cc-can-link.sh bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
cc-version.sh Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
check_extable.sh scripts: check_extable: fix typo in user error message 2021-09-08 11:50:28 -07:00
check-local-export kbuild: rewrite check-local-export in sh/awk 2022-09-29 04:40:15 +09:00
check-sysctl-docs docs: add a script to check sysctl docs 2020-02-25 03:35:16 -07:00
checkdeclares.pl scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
checkincludes.pl
checkkconfigsymbols.py checkkconfigsymbols.py: Remove skipping of help lines in parse_kconfig_file 2021-09-19 10:13:03 +09:00
checkpatch.pl checkpatch: add check for array allocator family argument order 2022-11-30 16:13:16 -08:00
checkstack.pl checkstack: add riscv support for scripts/checkstack.pl 2022-07-27 21:18:00 +09:00
checksyscalls.sh checksyscalls: ignore -Wunused-macros 2022-05-08 03:16:59 +09:00
checkversion.pl scripts: checkversion: modernize linux/version.h search strings 2021-08-05 20:55:39 +09:00
cleanfile
cleanpatch
coccicheck scripts: coccicheck: use "grep -E" instead of "egrep" 2022-09-21 21:23:56 +02:00
config kconfig: config script: add a little user help 2021-01-04 10:38:11 +09:00
const_structs.checkpatch const_structs.checkpatch: add frequently used ops structs 2022-01-20 08:52:54 +02:00
decode_stacktrace.sh scripts: decode_stacktrace: demangle Rust symbols 2022-09-28 09:01:40 +02:00
decodecode scripts/decodecode: improve faulting line determination 2022-09-11 21:55:05 -07:00
depmod.sh depmod: handle the case of /sbin/depmod without /sbin in PATH 2021-01-01 12:26:39 -08:00
dev-needs.sh scripts/dev-needs: Add script to list device dependencies 2020-09-04 18:19:37 +02:00
diffconfig scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
documentation-file-ref-check scripts: documentation-file-ref-check: fix bpf selftests path 2021-10-26 09:42:29 -06:00
export_report.pl modpost: move the namespace field in Module.symvers last 2020-03-17 08:59:03 +09:00
extract_xc3028.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 339 2019-06-05 17:37:07 +02:00
extract-ikconfig scripts/extract-ikconfig: add zstd compression support 2022-08-29 13:58:47 +09:00
extract-module-sig.pl
extract-sys-certs.pl
extract-vmlinux treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 378 2019-06-05 17:37:10 +02:00
faddr2line scripts/faddr2line: Fix regression in name resolution on ppc64le 2022-11-16 10:42:10 +01:00
file-size.sh kbuild: Use ls(1) instead of stat(1) to obtain file size 2018-03-26 02:01:24 +09:00
find-unused-docs.sh scripts/find-unused-docs: Fix massive false positives 2020-01-27 14:25:06 -07:00
gcc-x86_32-has-stack-protector.sh x86/stackprotector/32: Make the canary into a regular percpu variable 2021-03-08 13:19:05 +01:00
gcc-x86_64-has-stack-protector.sh stack-protector: Fix test with 32-bit userland and CONFIG_64BIT=y 2018-06-25 23:21:13 +09:00
gen_autoksyms.sh kbuild: change module.order to list *.o instead of *.ko 2022-12-14 15:42:40 +09:00
gen_ksymdeps.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
gen-randstruct-seed.sh randstruct: Move seed generation into scripts/basic/ 2022-05-08 01:33:07 -07:00
generate_initcall_order.pl init: lto: ensure initcall ordering 2021-01-14 08:21:09 -08:00
generate_rust_analyzer.py rust: add build_error crate 2022-12-04 01:59:16 +01:00
generate_rust_target.rs x86: enable initial Rust support 2022-09-28 09:02:45 +02:00
get_abi.pl scripts/get_abi: Fix wrong script file name in the help message 2022-04-24 10:38:44 +02:00
get_dvb_firmware treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 61 2019-05-24 17:36:45 +02:00
get_feat.pl scripts: get_feat.pl: use /usr/bin/env to find perl 2022-06-30 12:22:17 -06:00
get_maintainer.pl get_maintainer: Honor mailmap for in file emails 2022-04-29 14:38:00 -07:00
gfp-translate treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 166 2019-05-30 11:26:39 -07:00
head-object-list.txt scripts/head-object-list: Remove x86 from the list 2023-01-09 18:22:21 +01:00
headerdep.pl
headers_install.sh scripts: headers_install.sh: Update config leak ignore entries 2022-07-27 21:18:00 +09:00
insert-sys-cert.c
install.sh kbuild: factor out the common installation code into scripts/install.sh 2022-05-11 21:45:53 +09:00
is_rust_module.sh scripts: add is_rust_module.sh 2022-09-28 09:02:06 +02:00
jobserver-exec scripts: support GNU make 4.4 in jobserver-exec 2023-01-16 20:15:20 +09:00
kallsyms.c Char/Misc driver changes for 6.2-rc1 2022-12-16 03:49:24 -08:00
Kbuild.include kbuild: use .NOTINTERMEDIATE for future GNU Make versions 2022-12-13 22:29:10 +09:00
Kconfig.include Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
kernel-doc hardening updates for v6.2-rc1 2022-12-14 12:20:00 -08:00
ld-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
leaking_addresses.pl leaking_addresses: Always print a trailing newline 2021-10-15 11:25:13 +02:00
Lindent
link-vmlinux.sh kallsyms: Correctly sequence symbols when CONFIG_LTO_CLANG=y 2022-11-12 18:47:36 -08:00
Makefile Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
Makefile.asm-generic kbuild: add kbuild-file macro 2022-11-22 23:40:02 +09:00
Makefile.build Kbuild updates for v6.2 2022-12-19 12:33:32 -06:00
Makefile.clang um: Allow builds with Clang 2022-03-21 08:13:03 -07:00
Makefile.clean kbuild: add kbuild-file macro 2022-11-22 23:40:02 +09:00
Makefile.compiler kbuild: add test-{ge,gt,le,lt} macros 2022-12-13 22:21:14 +09:00
Makefile.debug Makefile.debug: support for -gz=zstd 2022-11-21 10:18:39 +09:00
Makefile.defconf kbuild: Provide a version of merge_into_defconfig without override warnings 2023-02-13 20:18:28 +01:00
Makefile.dtbinst kbuild: add kbuild-file macro 2022-11-22 23:40:02 +09:00
Makefile.extrawarn kbuild: add -Wundef to KBUILD_CPPFLAGS for W=1 builds 2022-12-11 17:28:32 +09:00
Makefile.gcc-plugins gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file 2022-08-16 12:25:53 -07:00
Makefile.headersinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.host Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
Makefile.kasan kasan: always respect CONFIG_KASAN_STACK 2021-09-24 16:13:35 -07:00
Makefile.kcov kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled 2020-08-10 01:32:59 +09:00
Makefile.kcsan kcsan: Ignore GCC 11+ warnings about TSan runtime support 2021-12-09 16:42:27 -08:00
Makefile.kmsan kmsan: add KMSAN runtime core 2022-10-03 14:03:19 -07:00
Makefile.lib powerpc updates for 6.2 2022-12-19 07:13:33 -06:00
Makefile.modfinal kbuild: change module.order to list *.o instead of *.ko 2022-12-14 15:42:40 +09:00
Makefile.modinst kbuild: modinst: Fix build error when CONFIG_MODULE_SIG_KEY is a PKCS#11 URI 2023-01-31 17:53:01 +09:00
Makefile.modpost kbuild: readd -w option when vmlinux.o or Module.symver is missing 2023-01-05 16:53:48 +09:00
Makefile.package kbuild: add a missing line for help message 2022-12-30 17:22:14 +09:00
Makefile.randstruct randstruct: Enable Clang support 2022-05-08 01:33:07 -07:00
Makefile.ubsan ubsan: remove CONFIG_UBSAN_OBJECT_SIZE 2022-01-20 08:52:55 +02:00
Makefile.userprogs kbuild: add infrastructure to build userspace programs 2020-05-17 18:52:01 +09:00
Makefile.vmlinux kbuild: Fix CFI hash randomization with KASAN 2023-01-13 15:22:03 -08:00
Makefile.vmlinux_o kbuild: move modules.builtin(.modinfo) rules to Makefile.vmlinux_o 2022-10-03 03:52:58 +09:00
makelst
markup_oops.pl treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 373 2019-06-05 17:37:10 +02:00
min-tool-version.sh Documentation: raise minimum supported version of binutils to 2.25 2022-12-13 22:21:14 +09:00
mkcompile_h Revert "kbuild: Make scripts/compile.h when sh != bash" 2022-09-29 04:40:15 +09:00
mksysmap kallsyms: ignore __kstrtab_* and __kstrtabns_* symbols 2022-10-03 03:51:58 +09:00
mkuboot.sh
module.lds.S arm64: unwind: add asynchronous unwind tables to kernel and modules 2022-11-09 18:06:35 +00:00
modules-check.sh kbuild: change module.order to list *.o instead of *.ko 2022-12-14 15:42:40 +09:00
nsdeps scripts/nsdeps: adjust to the format change of *.mod files 2022-06-08 20:14:13 +09:00
objdiff kbuild: clean .tmp_* pattern by make clean 2022-06-05 06:20:57 +09:00
objdump-func scripts: Create objdump-func helper script 2022-05-12 10:08:43 -07:00
pahole-flags.sh scripts/pahole-flags.sh: Parse DWARF and generate BTF with multithreading. 2022-02-22 14:32:44 -08:00
pahole-version.sh kbuild: Add CONFIG_PAHOLE_VERSION 2022-02-02 11:19:33 +01:00
parse-maintainers.pl parse-maintainers: Do not sort section content by default 2020-03-26 15:08:27 -07:00
patch-kernel
profile2linkerlist.pl
prune-kernel scripts/prune-kernel: Use kernel-install if available 2022-05-11 21:46:38 +09:00
recordmcount.c LoongArch/ftrace: Add recordmcount support 2022-12-14 08:41:53 +08:00
recordmcount.h recordmcount: Correct st_shndx handling 2021-06-18 09:09:17 -04:00
recordmcount.pl nds32: Remove the architecture 2022-03-07 13:54:59 +01:00
remove-stale-files kconfig: refactor Makefile to reduce process forks 2022-12-13 22:29:10 +09:00
rust_is_available_bindgen_libclang.h scripts: add rust_is_available.sh 2022-09-28 09:02:06 +02:00
rust_is_available.sh scripts: add rust_is_available.sh 2022-09-28 09:02:06 +02:00
setlocalversion kbuild: do not quote string values in include/config/auto.conf 2022-01-08 18:03:57 +09:00
show_delta tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
sign-file.c sign-file: Fix confusing error messages 2022-08-03 23:56:20 +03:00
sorttable.c LoongArch: extable: Add type and data fields 2022-12-14 08:36:11 +08:00
sorttable.h script/sorttable: Fix some initialization problems 2022-01-18 10:17:18 -05:00
spdxcheck-test.sh docs: move Linux logo into a new images folder 2022-06-01 09:32:45 -06:00
spdxcheck.py scripts/spdxcheck: Put excluded files and directories into a separate file 2022-05-18 15:34:33 +02:00
spdxexclude scripts/spdxcheck: Exclude top-level README 2022-05-18 15:35:42 +02:00
spelling.txt scripts/spelling.txt: add more spellings to spelling.txt 2022-11-18 13:55:09 -08:00
sphinx-pre-install docs: sphinx-pre-install: don't require the RTD theme 2022-10-13 11:14:43 -06:00
split-man.pl tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
stackdelta
stackusage
subarch.include LoongArch: Add build infrastructure 2022-06-03 20:09:27 +08:00
syscallhdr.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
syscallnr.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
syscalltbl.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
tags.sh scripts/tags.sh: Include tools directory in tags generation 2022-07-01 10:32:30 +02:00
test_fortify.sh fortify: Update compile-time tests for Clang 14 2022-02-13 16:50:06 -08:00
tools-support-relr.sh Makefile: fix GDB warning with CONFIG_RELR 2021-06-08 13:09:34 +01:00
unifdef.c unifdef: use memcpy instead of strncpy 2018-11-30 14:45:01 -08:00
ver_linux Removed the oprofiled version option 2021-05-03 17:23:06 -06:00
xen-hypercalls.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
xz_wrap.sh kbuild: add variables for compression tools 2020-06-06 23:42:01 +09:00