From patchwork Mon Oct 30 17:02:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 159821 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2361588vqb; Mon, 30 Oct 2023 10:03:27 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGZHr1v5tqfp+P/Oo7XLmV/yo+6RjoW0Lmi4EFencqjqNsiHgptiHSHwn/OExK40QcT10iJ X-Received: by 2002:a05:6a21:a105:b0:155:5c28:ea67 with SMTP id aq5-20020a056a21a10500b001555c28ea67mr8072818pzc.38.1698685406843; Mon, 30 Oct 2023 10:03:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698685406; cv=none; d=google.com; s=arc-20160816; b=OVPa9f00bcxb7d7S4/ON52Tm/qjk1hepMMqx/PtlxtWxxZVaJpvNFxqSyxPBT3f84Z FPkoMXyn6AbrrjiQNQn+MYkWLkTIeY1chzSx71Gk2/JIy9q3+TAbF8RUEtQj1boKqc6v ivvzJHem42ljAp82oSnSNkwlCvchfAVc7qikMQ/mdZFH8LQyrD5+WexxXxwKytAOitTL m+wcr9X5qKllnsiPVNEGlyMzenjjOkdN42Dj44sVCbO3gFsUT0Ha3Sj2daVvQEXrIcKr +DaYXn7uGbxdFX2SvWN/DxLD9cs2zK5tC7b02wQnQeK6wZRTYX8H9WnKiiqJum7YBd7j GuAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=yXEikiGWleMG1vf5W2vMzUdql/v6NvL8kEAoxYpaxGU=; fh=TOgn9BOa/visxHjg9lh5kwwflgd4scWbt9pmE31ucOs=; b=wfr+bEr11iCHz65kAin1qUl+SXU03hR8DQtaMFNZELDVfj6dpYvMfYax8hzf6I2f1e BRy1f6Tsb7VxumWS5iVKkORr68jaR8wDvy2b3XZpfs4JmLgoPCOhXOdCjshldyYLbqEU hxAxyG21kQyWRPOR6dqMjQOHfeCYHpKCD/MkJWLC6eTutsY/PJ0VFuPSlHWKjl1uREw7 ZMPi9Bmt9EbzyixufusbbbikSFpfNpNLfEVHAw1lnBpfOvO7cxzt0d79DpQwU0JkkAY9 huVyWKIi3gZC3IGtc7RVvhgk1PVIcSmxGxtT77h4mQE0ZOCZvhiR013lImys+96WDCDi PCIQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=VK0GmCIq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id q18-20020aa79612000000b006935df3019esi5060911pfg.235.2023.10.30.10.03.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 10:03:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=VK0GmCIq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 0C26B80A5F00; Mon, 30 Oct 2023 10:03:18 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232272AbjJ3RC7 (ORCPT + 32 others); Mon, 30 Oct 2023 13:02:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229514AbjJ3RC6 (ORCPT ); Mon, 30 Oct 2023 13:02:58 -0400 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A020CAB for ; Mon, 30 Oct 2023 10:02:55 -0700 (PDT) Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1cc3216b2a1so10470575ad.2 for ; Mon, 30 Oct 2023 10:02:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1698685375; x=1699290175; darn=vger.kernel.org; h=content-transfer-encoding:content-disposition:mime-version :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=yXEikiGWleMG1vf5W2vMzUdql/v6NvL8kEAoxYpaxGU=; b=VK0GmCIqP71zu24avvtvpELgK1nDWRPyEDcao85bHQManbbYIEmWkeOa6gb47ZmwaL O3vqnpgZWnsqld8viqVyx9w8rkLq74J6uJZZMH1Sv+HAF+tN+cqTFz+ZlGjMXtRL8/HS Sv29lLAUEb1RJia7bDuFvC0+x3IP/6fVP0hgs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698685375; x=1699290175; h=content-transfer-encoding:content-disposition:mime-version :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yXEikiGWleMG1vf5W2vMzUdql/v6NvL8kEAoxYpaxGU=; b=WPtROoHrIBIrj4Wjw/M0hZrIJnZu9+j2ADT213iidJu8K/sER4QhV9gcxm6EPGTi6d m6JFGqiTAi2B6qxKALKiKdP/uVfK3+ufUZ5WTzOi9mdCcxAgMqPD1/JsJkq7taRGb+Yv DwOR150/J+DcUOBTQ3yBUf+eQYVNOzRA8SVdVe6wTW0O1D54sEnBty8tBuLEQRiAJRo8 6HwOejs7ZSvORSahjTjR0LXDa2sd2ilP0fDoPmXNUXyEmEYzKqnAQGrPuip4C+isidxQ i80iCBSSQjR+h2py1cVNnTBnL/maMV3zkw3AD3U6/cfyPmHI7RIWzEaNIventFl/QN6U ZBFw== X-Gm-Message-State: AOJu0YyukY0UhAMN/QJVAdypfsPYyTyUNINvi3bAlc6Gb++3J5oo3C3s eJmBK8LqLRsw35Qelk7lJoUpVA== X-Received: by 2002:a17:902:bf44:b0:1ca:c490:8537 with SMTP id u4-20020a170902bf4400b001cac4908537mr7821244pls.14.1698685375020; Mon, 30 Oct 2023 10:02:55 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id b11-20020a170902d50b00b001c625d6ffccsm2627300plg.129.2023.10.30.10.02.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Oct 2023 10:02:54 -0700 (PDT) Date: Mon, 30 Oct 2023 10:02:53 -0700 From: Kees Cook To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, Mark Rutland , Elena Reshetova , Ricardo =?iso-8859-1?q?Ca=F1ue?= =?iso-8859-1?q?lo?= , "Gustavo A. R. Silva" , Justin Stitt , Azeem Shaikh , Lukas Bulwahn , Amit Shah , Arnd Bergmann , Baoquan He , David Windsor , Douglas Anderson , Hans Liljestrand , Joseph Qi , Lukas Loidolt , Michael Ellerman , Michal Simek , Mimi Zohar , Stanislaw Gruszka , Stephen Boyd , Vasant Hegde , Viresh Kumar , Xiubo Li , linux-hardening@vger.kernel.org Subject: [GIT PULL] hardening updates for v6.7-rc1 Message-ID: <202310300946.C0E11C5@keescook> MIME-Version: 1.0 Content-Disposition: inline X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Mon, 30 Oct 2023 10:03:18 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781200749360088752 X-GMAIL-MSGID: 1781200749360088752 Hi Linus, Please pull these kernel hardening updates for v6.7-rc1. As always, changes made outside of the more traditional kernel hardening areas of the tree are patches that were either explicitly asked to be carried by the respective maintainers or were reviewed by others but ignored by regular maintainers for the duration of the development window. One of the more voluminous set of changes is for adding the new __counted_by annotation[1] to gain run-time bounds checking of dynamically sized arrays with UBSan. Thanks! -Kees [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/compiler_attributes.h?h=v6.6#n97 The following changes since commit ce9ecca0238b140b88f43859b211c9fdfd8e5b70: Linux 6.6-rc2 (2023-09-17 14:40:24 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.7-rc1 for you to fetch changes up to 9cca73d7b4bfec75b2fcef751015f31691afa792: hwmon: (acpi_power_meter) replace open-coded kmemdup_nul (2023-10-24 14:10:53 -0700) ---------------------------------------------------------------- hardening updates for v6.7-rc1 - Add LKDTM test for stuck CPUs (Mark Rutland) - Improve LKDTM selftest behavior under UBSan (Ricardo Cañuelo) - Refactor more 1-element arrays into flexible arrays (Gustavo A. R. Silva) - Analyze and replace strlcpy and strncpy uses (Justin Stitt, Azeem Shaikh) - Convert group_info.usage to refcount_t (Elena Reshetova) - Add __counted_by annotations (Kees Cook, Gustavo A. R. Silva) - Add Kconfig fragment for basic hardening options (Kees Cook, Lukas Bulwahn) - Fix randstruct GCC plugin performance mode to stay in groups (Kees Cook) - Fix strtomem() compile-time check for small sources (Kees Cook) ---------------------------------------------------------------- Azeem Shaikh (2): init/version.c: Replace strlcpy with strscpy kobject: Replace strlcpy with strscpy Elena Reshetova (1): groups: Convert group_info.usage to refcount_t Gustavo A. R. Silva (5): nouveau/svm: Replace one-element array with flexible-array member in struct nouveau_svm nouveau/svm: Split assignment from if conditional drm/gud: Use size_add() in call to struct_size() usb: atm: Use size_add() in call to struct_size() ima: Add __counted_by for struct modsig and use struct_size() Justin Stitt (13): um,ethertap: Replace deprecated strncpy() with strscpy() auxdisplay: panel: Replace deprecated strncpy() with strtomem_pad() bus: fsl-mc: Replace deprecated strncpy() with strscpy_pad() cpufreq: Replace deprecated strncpy() with strscpy() cpuidle: dt: Replace deprecated strncpy() with strscpy() firmware: tegra: bpmp: Replace deprecated strncpy() with strscpy_pad() HID: prodikeys: Replace deprecated strncpy() with strscpy() hwmon: (ibmpowernv) Replace deprecated strncpy() with memcpy() hwmon: (asus_wmi_sensors) Replace deprecated strncpy() with strscpy() EDAC/mc_sysfs: Replace deprecated strncpy() with memcpy() isdn: replace deprecated strncpy with strscpy isdn: kcapi: replace deprecated strncpy with strscpy_pad hwmon: (acpi_power_meter) replace open-coded kmemdup_nul Kees Cook (32): hardening: Provide Kconfig fragments for basic options MAINTAINERS: hardening: Add __counted_by regex accel/ivpu: Annotate struct ivpu_job with __counted_by MAINTAINERS: hardening: Add Gustavo as Reviewer ocfs2: Annotate struct ocfs2_slot_info with __counted_by ceph: Annotate struct ceph_osd_request with __counted_by afs: Annotate struct afs_permits with __counted_by afs: Annotate struct afs_addr_list with __counted_by usb: Annotate struct urb_priv with __counted_by usb: gadget: f_fs: Annotate struct ffs_buffer with __counted_by usb: gadget: f_midi: Annotate struct f_midi with __counted_by drbd: Annotate struct fifo_buffer with __counted_by dm raid: Annotate struct raid_set with __counted_by dm crypt: Annotate struct crypt_config with __counted_by dm: Annotate struct stripe_c with __counted_by dm: Annotate struct dm_stat with __counted_by dm: Annotate struct dm_bio_prison with __counted_by nfs41: Annotate struct nfs4_file_layout_dsaddr with __counted_by NFS/flexfiles: Annotate struct nfs4_ff_layout_segment with __counted_by sparc: Annotate struct cpuinfo_tree with __counted_by hwmon: Annotate struct gsc_hwmon_platform_data with __counted_by virt: acrn: Annotate struct vm_memory_region_batch with __counted_by KVM: Annotate struct kvm_irq_routing_table with __counted_by irqchip/imx-intmux: Annotate struct intmux_data with __counted_by drivers: thermal: tsens: Annotate struct tsens_priv with __counted_by mailbox: zynqmp: Annotate struct zynqmp_ipi_pdata with __counted_by randstruct: Fix gcc-plugin performance mode to stay in group string: Adjust strtomem() logic to allow for smaller sources MAINTAINERS: Include stackleak paths in hardening entry virtio_console: Annotate struct port_buffer with __counted_by kexec: Annotate struct crash_mem with __counted_by reset: Annotate struct reset_control_array with __counted_by Lukas Bulwahn (1): hardening: x86: drop reference to removed config AMD_IOMMU_V2 Mark Rutland (1): lkdtm/bugs: add test for panic() with stuck secondary CPUs Ricardo Cañuelo (1): selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config MAINTAINERS | 6 ++ arch/arm/configs/hardening.config | 7 ++ arch/arm64/configs/hardening.config | 22 ++++++ arch/powerpc/configs/hardening.config | 10 +++ arch/sparc/kernel/cpumap.c | 2 +- arch/um/os-Linux/drivers/ethertap_user.c | 2 +- arch/x86/configs/hardening.config | 14 ++++ drivers/accel/ivpu/ivpu_job.h | 2 +- drivers/auxdisplay/panel.c | 7 +- drivers/block/drbd/drbd_int.h | 2 +- drivers/bus/fsl-mc/dprc.c | 12 ++-- drivers/char/virtio_console.c | 2 +- drivers/cpufreq/cpufreq.c | 4 +- drivers/cpuidle/dt_idle_states.c | 4 +- drivers/edac/edac_mc_sysfs.c | 4 +- drivers/firmware/tegra/bpmp-debugfs.c | 4 +- drivers/gpu/drm/gud/gud_pipe.c | 2 +- drivers/gpu/drm/nouveau/nouveau_svm.c | 5 +- drivers/hid/hid-prodikeys.c | 8 +-- drivers/hwmon/acpi_power_meter.c | 5 +- drivers/hwmon/asus_wmi_sensors.c | 2 +- drivers/hwmon/ibmpowernv.c | 2 +- drivers/irqchip/irq-imx-intmux.c | 2 +- drivers/isdn/capi/kcapi.c | 4 +- drivers/isdn/mISDN/clock.c | 2 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 2 +- drivers/md/dm-bio-prison-v1.c | 2 +- drivers/md/dm-crypt.c | 2 +- drivers/md/dm-raid.c | 2 +- drivers/md/dm-stats.c | 2 +- drivers/md/dm-stripe.c | 2 +- drivers/misc/lkdtm/bugs.c | 30 +++++++- drivers/reset/core.c | 4 +- drivers/thermal/qcom/tsens.h | 2 +- drivers/usb/atm/usbatm.c | 3 +- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/function/f_midi.c | 4 +- drivers/usb/host/ohci.h | 2 +- drivers/usb/host/xhci.h | 2 +- drivers/virt/acrn/acrn_drv.h | 2 +- drivers/virt/acrn/mm.c | 2 +- fs/afs/internal.h | 4 +- fs/nfs/filelayout/filelayout.h | 2 +- fs/nfs/flexfilelayout/flexfilelayout.h | 2 +- fs/ocfs2/slot_map.c | 2 +- include/linux/ceph/osd_client.h | 2 +- include/linux/crash_core.h | 2 +- include/linux/cred.h | 7 +- include/linux/kvm_host.h | 2 +- include/linux/platform_data/gsc_hwmon.h | 2 +- include/linux/string.h | 7 +- init/version.c | 6 +- kernel/configs/hardening.config | 98 +++++++++++++++++++++++++++ kernel/cred.c | 2 +- kernel/groups.c | 2 +- lib/kobject_uevent.c | 8 +-- scripts/gcc-plugins/randomize_layout_plugin.c | 11 ++- security/integrity/ima/ima_modsig.c | 6 +- tools/testing/selftests/lkdtm/config | 1 - tools/testing/selftests/lkdtm/tests.txt | 3 +- 60 files changed, 280 insertions(+), 90 deletions(-) create mode 100644 arch/arm/configs/hardening.config create mode 100644 arch/arm64/configs/hardening.config create mode 100644 arch/powerpc/configs/hardening.config create mode 100644 arch/x86/configs/hardening.config create mode 100644 kernel/configs/hardening.config