diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2025-07-29 20:49:58 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-07-29 20:49:58 -0700 |
| commit | a26321ee4c935a63c29ed6518f27e38826b36e68 (patch) | |
| tree | f01a967746d2d158020d1afcbb891b082a772481 | |
| parent | beb6c8326eb4e7006c4aa16b0fee3e303d42e685 (diff) | |
| parent | f627b51aaa041cba715b59026cf2d9cb1476c7ed (diff) | |
Merge tag 'hardening-v6.17-rc1-fix1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening fixes from Kees Cook:
"Notably, this contains the fix for for the GCC __init mess I created
with the kstack_erase annotations.
- staging: media: atomisp: Fix stack buffer overflow in
gmin_get_var_int().
I was asked to carry this fix, so here it is. :)
- fortify: Fix incorrect reporting of read buffer size
- kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS
- compiler_types: Provide __no_kstack_erase to disable coverage only
on Clang"
* tag 'hardening-v6.17-rc1-fix1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
compiler_types: Provide __no_kstack_erase to disable coverage only on Clang
fortify: Fix incorrect reporting of read buffer size
kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS
staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
| -rw-r--r-- | arch/x86/include/asm/init.h | 2 | ||||
| -rw-r--r-- | drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c | 9 | ||||
| -rw-r--r-- | include/linux/compiler-clang.h | 3 | ||||
| -rw-r--r-- | include/linux/compiler_types.h | 4 | ||||
| -rw-r--r-- | include/linux/fortify-string.h | 2 | ||||
| -rw-r--r-- | include/linux/init.h | 2 | ||||
| -rw-r--r-- | scripts/Makefile.kstack_erase | 2 |
7 files changed, 16 insertions, 8 deletions
diff --git a/arch/x86/include/asm/init.h b/arch/x86/include/asm/init.h index 6bfdaeddbae88..5a68e9db65189 100644 --- a/arch/x86/include/asm/init.h +++ b/arch/x86/include/asm/init.h @@ -5,7 +5,7 @@ #if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000 #define __head __section(".head.text") __no_sanitize_undefined __no_stack_protector #else -#define __head __section(".head.text") __no_sanitize_undefined __no_sanitize_coverage +#define __head __section(".head.text") __no_sanitize_undefined __no_kstack_erase #endif struct x86_mapping_info { diff --git a/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c b/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c index 5f59519ac8e28..964cc3bcc0ac0 100644 --- a/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c +++ b/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c @@ -1272,14 +1272,15 @@ static int gmin_get_config_var(struct device *maindev, if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE)) status = efi.get_variable(var16, &GMIN_CFG_VAR_EFI_GUID, NULL, (unsigned long *)out_len, out); - if (status == EFI_SUCCESS) + if (status == EFI_SUCCESS) { dev_info(maindev, "found EFI entry for '%s'\n", var8); - else if (is_gmin) + return 0; + } + if (is_gmin) dev_info(maindev, "Failed to find EFI gmin variable %s\n", var8); else dev_info(maindev, "Failed to find EFI variable %s\n", var8); - - return ret; + return -ENOENT; } int gmin_get_var_int(struct device *dev, bool is_gmin, const char *var, int def) diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index 4fc8e26914adf..fa4ffe037bc77 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -89,6 +89,9 @@ #define __no_sanitize_coverage #endif +/* Only Clang needs to disable the coverage sanitizer for kstack_erase. */ +#define __no_kstack_erase __no_sanitize_coverage + #if __has_feature(shadow_call_stack) # define __noscs __attribute__((__no_sanitize__("shadow-call-stack"))) #endif diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 2b77d12e07b2e..16755431fc11e 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -424,6 +424,10 @@ struct ftrace_likely_data { # define randomized_struct_fields_end #endif +#ifndef __no_kstack_erase +# define __no_kstack_erase +#endif + #ifndef __noscs # define __noscs #endif diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h index e4ce1cae03bf7..b3b53f8c1b28e 100644 --- a/include/linux/fortify-string.h +++ b/include/linux/fortify-string.h @@ -596,7 +596,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size, if (p_size != SIZE_MAX && p_size < size) fortify_panic(func, FORTIFY_WRITE, p_size, size, true); else if (q_size != SIZE_MAX && q_size < size) - fortify_panic(func, FORTIFY_READ, p_size, size, true); + fortify_panic(func, FORTIFY_READ, q_size, size, true); /* * Warn when writing beyond destination field size. diff --git a/include/linux/init.h b/include/linux/init.h index c65a050d52a77..a60d32d227ee4 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -51,7 +51,7 @@ discard it in modules) */ #define __init __section(".init.text") __cold __latent_entropy \ __noinitretpoline \ - __no_sanitize_coverage + __no_kstack_erase #define __initdata __section(".init.data") #define __initconst __section(".init.rodata") #define __exitdata __section(".exit.data") diff --git a/scripts/Makefile.kstack_erase b/scripts/Makefile.kstack_erase index c7bc2379e1133..ee7e4ef7b8926 100644 --- a/scripts/Makefile.kstack_erase +++ b/scripts/Makefile.kstack_erase @@ -16,6 +16,6 @@ endif KSTACK_ERASE_CFLAGS := $(kstack-erase-cflags-y) -export STACKLEAK_CFLAGS DISABLE_KSTACK_ERASE +export KSTACK_ERASE_CFLAGS DISABLE_KSTACK_ERASE KBUILD_CFLAGS += $(KSTACK_ERASE_CFLAGS) |