[GIT PULL] kernel hardening fixes for v6.2-rc1
Kees Cook
keescook at chromium.org
Fri Dec 23 18:40:03 UTC 2022
Hi Linus,
Please pull these kernel hardening fixes for v6.2-rc1. (Yay typos.)
Thanks!
-Kees
The following changes since commit d272e01fa0a2f15c5c331a37cd99c6875c7b7186:
ksmbd: replace one-element arrays with flexible-array members (2022-12-02 13:14:29 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v6.2-rc1-fixes
for you to fetch changes up to cf8016408d880afe9c5dc495af40dc2932874e77:
cfi: Fix CFI failure with KASAN (2022-12-23 10:04:31 -0800)
----------------------------------------------------------------
kernel hardening fixes for v6.2-rc1
- Fix CFI failure with KASAN (Sami Tolvanen)
- Fix LKDTM + CFI under GCC 7 and 8 (Kristina Martsenko)
- Limit CONFIG_ZERO_CALL_USED_REGS to Clang > 15.0.6 (Nathan Chancellor)
- Ignore "contents" argument in LoadPin's LSM hook handling
- Fix paste-o in /sys/kernel/warn_count API docs
- Use READ_ONCE() consistently for oops/warn limit reading
----------------------------------------------------------------
Kees Cook (3):
LoadPin: Ignore the "contents" argument of the LSM hooks
docs: Fix path paste-o for /sys/kernel/warn_count
exit: Use READ_ONCE() for all oops/warn limit reads
Kristina Martsenko (1):
lkdtm: cfi: Make PAC test work with GCC 7 and 8
Nathan Chancellor (1):
security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
Sami Tolvanen (1):
cfi: Fix CFI failure with KASAN
Documentation/ABI/testing/sysfs-kernel-warn_count | 2 +-
drivers/misc/lkdtm/cfi.c | 6 ++++-
kernel/Makefile | 3 ---
kernel/exit.c | 6 +++--
kernel/panic.c | 7 ++++--
security/Kconfig.hardening | 3 +++
security/loadpin/loadpin.c | 30 ++++++++++++++---------
7 files changed, 36 insertions(+), 21 deletions(-)
--
Kees Cook
More information about the Linux-security-module-archive
mailing list