linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [GIT PULL] kernel hardening fixes for v6.2-rc1
@ 2022-12-23 18:40 Kees Cook
  0 siblings, 0 replies; only message in thread
From: Kees Cook @ 2022-12-23 18:40 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: linux-kernel, Andrew Morton, Arnd Bergmann, Daniel Díaz,
	Eric W. Biederman, James Morris, Jann Horn, Kees Cook,
	kernel test robot, Kristina Martsenko, linux-hardening,
	linux-security-module, Luis Chamberlain, Marco Elver,
	Mark Rutland, Nathan Chancellor, Paul Moore, Peter Zijlstra,
	Petr Mladek, Ping-Ke Shih, Sami Tolvanen,
	Sebastian Andrzej Siewior, Serge E. Hallyn, tangmeng, Tiezhu Yang

Hi Linus,

Please pull these kernel hardening fixes for v6.2-rc1. (Yay typos.)

Thanks!

-Kees

The following changes since commit d272e01fa0a2f15c5c331a37cd99c6875c7b7186:

  ksmbd: replace one-element arrays with flexible-array members (2022-12-02 13:14:29 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.2-rc1-fixes

for you to fetch changes up to cf8016408d880afe9c5dc495af40dc2932874e77:

  cfi: Fix CFI failure with KASAN (2022-12-23 10:04:31 -0800)

----------------------------------------------------------------
kernel hardening fixes for v6.2-rc1

- Fix CFI failure with KASAN (Sami Tolvanen)

- Fix LKDTM + CFI under GCC 7 and 8 (Kristina Martsenko)

- Limit CONFIG_ZERO_CALL_USED_REGS to Clang > 15.0.6 (Nathan Chancellor)

- Ignore "contents" argument in LoadPin's LSM hook handling

- Fix paste-o in /sys/kernel/warn_count API docs

- Use READ_ONCE() consistently for oops/warn limit reading

----------------------------------------------------------------
Kees Cook (3):
      LoadPin: Ignore the "contents" argument of the LSM hooks
      docs: Fix path paste-o for /sys/kernel/warn_count
      exit: Use READ_ONCE() for all oops/warn limit reads

Kristina Martsenko (1):
      lkdtm: cfi: Make PAC test work with GCC 7 and 8

Nathan Chancellor (1):
      security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6

Sami Tolvanen (1):
      cfi: Fix CFI failure with KASAN

 Documentation/ABI/testing/sysfs-kernel-warn_count |  2 +-
 drivers/misc/lkdtm/cfi.c                          |  6 ++++-
 kernel/Makefile                                   |  3 ---
 kernel/exit.c                                     |  6 +++--
 kernel/panic.c                                    |  7 ++++--
 security/Kconfig.hardening                        |  3 +++
 security/loadpin/loadpin.c                        | 30 ++++++++++++++---------
 7 files changed, 36 insertions(+), 21 deletions(-)

-- 
Kees Cook

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2022-12-23 18:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-23 18:40 [GIT PULL] kernel hardening fixes for v6.2-rc1 Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).