diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-10-05 10:19:14 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-10-05 10:19:14 -0700 |
| commit | 9ec2236a0260f88362ab00510d19397c0e396587 (patch) | |
| tree | d0a628903c52e3e5d74515f8b25b1bcf52905c2e | |
| parent | fb9b76749adb28d4cee88b296a9b21d834484541 (diff) | |
| parent | 045244dd5d75c61ae37b7b96fe0a95805bd1842d (diff) | |
Merge tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening fixes from Kees Cook:
- gcc plugins: Avoid Kconfig warnings with randstruct (Nathan
Chancellor)
- MAINTAINERS: Add security/Kconfig.hardening to hardening section
(Nathan Chancellor)
- MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
* tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
MAINTAINERS: Add security/Kconfig.hardening to hardening section
hardening: Adjust dependencies in selection of MODVERSIONS
MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list
| -rw-r--r-- | MAINTAINERS | 2 | ||||
| -rw-r--r-- | security/Kconfig.hardening | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/MAINTAINERS b/MAINTAINERS index 5153c995d429..d74a07f8b010 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8914,6 +8914,7 @@ F: include/linux/fortify-string.h F: lib/fortify_kunit.c F: lib/memcpy_kunit.c F: lib/test_fortify/* +K: \bunsafe_memcpy\b K: \b__NO_FORTIFY\b FPGA DFL DRIVERS @@ -12345,6 +12346,7 @@ F: include/linux/randomize_kstack.h F: kernel/configs/hardening.config F: lib/usercopy_kunit.c F: mm/usercopy.c +F: security/Kconfig.hardening K: \b(add|choose)_random_kstack_offset\b K: \b__check_(object_size|heap_object)\b K: \b__counted_by\b diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 2cff851ebfd7..c9d5ca3d8d08 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -340,7 +340,7 @@ choice config RANDSTRUCT_FULL bool "Fully randomize structure layout" depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS - select MODVERSIONS if MODULES + select MODVERSIONS if MODULES && !COMPILE_TEST help Fully randomize the member layout of sensitive structures as much as possible, which may have both a @@ -356,7 +356,7 @@ choice config RANDSTRUCT_PERFORMANCE bool "Limit randomization of structure layout to cache-lines" depends on GCC_PLUGINS - select MODVERSIONS if MODULES + select MODVERSIONS if MODULES && !COMPILE_TEST help Randomization of sensitive kernel structures will make a best effort at restricting randomization to cacheline-sized |