[GIT PULL] hardening updates for v5.16-rc1

Kees Cook keescook at chromium.org
Mon Nov 1 16:20:52 UTC 2021


Hi Linus,

Please pull these hardening updates for v5.16-rc1. These are various
compiler-related hardening feature updates. Notable is the addition of an
explicit limited rationale for, and deprecation schedule of, gcc-plugins.
More details in the tag below.

Thanks!

-Kees

The following changes since commit e4e737bb5c170df6135a127739a9e6148ee3da82:

  Linux 5.15-rc2 (2021-09-19 17:28:22 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v5.16-rc1

for you to fetch changes up to 6425392acf24b6d469932dd1b217dc7b20d6447f:

  gcc-plugins: remove duplicate include in gcc-common.h (2021-10-21 08:41:51 -0700)

----------------------------------------------------------------
compiler hardening updates for v5.16-rc1

This collects various compiler hardening feature related updates:

- gcc-plugins:
  - remove support for GCC 4.9 and older (Ard Biesheuvel)
  - remove duplicate include in gcc-common.h (Ye Guojin)
  - Explicitly document purpose and deprecation schedule (Kees Cook)
  - Remove cyc_complexity (Kees Cook)

- instrumentation:
  - Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO (Kees Cook)

- Clang LTO:
  - kallsyms: strip LTO suffixes from static functions (Nick Desaulniers)

----------------------------------------------------------------
Ard Biesheuvel (1):
      gcc-plugins: remove support for GCC 4.9 and older

Kees Cook (3):
      hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
      gcc-plugins: Explicitly document purpose and deprecation schedule
      gcc-plugins: Remove cyc_complexity

Nick Desaulniers (1):
      kallsyms: strip LTO suffixes from static functions

Ye Guojin (1):
      gcc-plugins: remove duplicate include in gcc-common.h

 Documentation/kbuild/gcc-plugins.rst               |  28 ++++-
 Makefile                                           |   6 +-
 kernel/kallsyms.c                                  |  46 +++++--
 scripts/Makefile.gcc-plugins                       |   2 -
 scripts/gcc-plugins/Kconfig                        |  20 +---
 scripts/gcc-plugins/cyc_complexity_plugin.c        |  69 -----------
 scripts/gcc-plugins/gcc-common.h                   | 132 +--------------------
 scripts/gcc-plugins/gcc-generate-gimple-pass.h     |  19 ---
 scripts/gcc-plugins/gcc-generate-ipa-pass.h        |  19 ---
 scripts/gcc-plugins/gcc-generate-rtl-pass.h        |  19 ---
 scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h |  19 ---
 scripts/gcc-plugins/structleak_plugin.c            |   2 -
 security/Kconfig.hardening                         |  14 ++-
 13 files changed, 75 insertions(+), 320 deletions(-)
 delete mode 100644 scripts/gcc-plugins/cyc_complexity_plugin.c

-- 
Kees Cook



More information about the Linux-security-module-archive mailing list