* [GIT PULL] kernel hardening fixes for v6.1-rc1
@ 2022-12-23 18:10 Kees Cook
2022-12-23 18:41 ` Kees Cook
0 siblings, 1 reply; 2+ messages in thread
From: Kees Cook @ 2022-12-23 18:10 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, Andrew Morton, Arnd Bergmann, Daniel Díaz,
Eric W. Biederman, James Morris, Jann Horn, Kees Cook,
kernel test robot, Kristina Martsenko, linux-hardening,
linux-security-module, Luis Chamberlain, Marco Elver,
Mark Rutland, Nathan Chancellor, Paul Moore, Peter Zijlstra,
Petr Mladek, Ping-Ke Shih, Sami Tolvanen,
Sebastian Andrzej Siewior, Serge E. Hallyn, tangmeng, Tiezhu Yang
Hi Linus,
Please pull these kernel hardening fixes for v6.1-rc1, collected over the
last week.
Thanks!
-Kees
The following changes since commit d272e01fa0a2f15c5c331a37cd99c6875c7b7186:
ksmbd: replace one-element arrays with flexible-array members (2022-12-02 13:14:29 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.1-rc1-fixes
for you to fetch changes up to cf8016408d880afe9c5dc495af40dc2932874e77:
cfi: Fix CFI failure with KASAN (2022-12-23 10:04:31 -0800)
----------------------------------------------------------------
kernel hardening fixes for v6.1-rc1
- Fix CFI failure with KASAN (Sami Tolvanen)
- Fix LKDTM + CFI under GCC 7 and 8 (Kristina Martsenko)
- Limit CONFIG_ZERO_CALL_USED_REGS to Clang > 15.0.6 (Nathan Chancellor)
- Ignore "contents" argument in LoadPin's LSM hook handling
- Fix paste-o in /sys/kernel/warn_count API docs
- Use READ_ONCE() consistently for oops/warn limit reading
----------------------------------------------------------------
Kees Cook (3):
LoadPin: Ignore the "contents" argument of the LSM hooks
docs: Fix path paste-o for /sys/kernel/warn_count
exit: Use READ_ONCE() for all oops/warn limit reads
Kristina Martsenko (1):
lkdtm: cfi: Make PAC test work with GCC 7 and 8
Nathan Chancellor (1):
security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
Sami Tolvanen (1):
cfi: Fix CFI failure with KASAN
Documentation/ABI/testing/sysfs-kernel-warn_count | 2 +-
drivers/misc/lkdtm/cfi.c | 6 ++++-
kernel/Makefile | 3 ---
kernel/exit.c | 6 +++--
kernel/panic.c | 7 ++++--
security/Kconfig.hardening | 3 +++
security/loadpin/loadpin.c | 30 ++++++++++++++---------
7 files changed, 36 insertions(+), 21 deletions(-)
--
Kees Cook
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [GIT PULL] kernel hardening fixes for v6.1-rc1
2022-12-23 18:10 [GIT PULL] kernel hardening fixes for v6.1-rc1 Kees Cook
@ 2022-12-23 18:41 ` Kees Cook
0 siblings, 0 replies; 2+ messages in thread
From: Kees Cook @ 2022-12-23 18:41 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, Andrew Morton, Arnd Bergmann, Daniel Díaz,
Eric W. Biederman, James Morris, Jann Horn, kernel test robot,
Kristina Martsenko, linux-hardening, linux-security-module,
Luis Chamberlain, Marco Elver, Mark Rutland, Nathan Chancellor,
Paul Moore, Peter Zijlstra, Petr Mladek, Ping-Ke Shih,
Sami Tolvanen, Sebastian Andrzej Siewior, Serge E. Hallyn,
tangmeng, Tiezhu Yang
On Fri, Dec 23, 2022 at 10:10:19AM -0800, Kees Cook wrote:
> Please pull these kernel hardening fixes for v6.1-rc1, collected over the
> last week.
Ugh. I mistyped the version obviously. This should be v6.2-rc1. I've
sent another PR with the tag fixed. Sorry about the noise.
--
Kees Cook
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-23 18:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-23 18:10 [GIT PULL] kernel hardening fixes for v6.1-rc1 Kees Cook
2022-12-23 18:41 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).