tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'hardening-v6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening updates from Kees Cook:

- Disable __counted_by in Clang < 19.1.3 (Jan Hendrik Farr)

- string_helpers: Silence output truncation warning (Bartosz
Golaszewski)

- compiler.h: Avoid needing BUILD_BUG_ON_ZERO() (Philipp Reisner)

- MAINTAINERS: Add kernel hardening keywords __counted_by{_le|_be}
(Thorsten Blum)

* tag 'hardening-v6.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
Compiler Attributes: disable __counted_by for clang < 19.1.3
compiler.h: Fix undefined BUILD_BUG_ON_ZERO()
lib: string_helpers: silence snprintf() output truncation warning
MAINTAINERS: Add kernel hardening keywords __counted_by{_le|_be}

Linus Torvalds 36843bfb 573f45a9

+41 -19
+1 -1
MAINTAINERS
··· 12403 12403 F: security/Kconfig.hardening 12404 12404 K: \b(add|choose)_random_kstack_offset\b 12405 12405 K: \b__check_(object_size|heap_object)\b 12406 - K: \b__counted_by\b 12406 + K: \b__counted_by(_le|_be)?\b 12407 12407 12408 12408 KERNEL JANITORS 12409 12409 L: kernel-janitors@vger.kernel.org
+1 -1
drivers/misc/lkdtm/bugs.c
··· 445 445 446 446 pr_err("FAIL: survived access of invalid flexible array member index!\n"); 447 447 448 - if (!__has_attribute(__counted_by__)) 448 + if (!IS_ENABLED(CONFIG_CC_HAS_COUNTED_BY)) 449 449 pr_warn("This is expected since this %s was built with a compiler that does not support __counted_by\n", 450 450 lkdtm_kernel_info); 451 451 else if (IS_ENABLED(CONFIG_UBSAN_BOUNDS))
+9 -2
include/linux/compiler.h
··· 239 239 240 240 #endif /* __ASSEMBLY__ */ 241 241 242 + #ifdef __CHECKER__ 243 + #define __BUILD_BUG_ON_ZERO_MSG(e, msg) (0) 244 + #else /* __CHECKER__ */ 245 + #define __BUILD_BUG_ON_ZERO_MSG(e, msg) ((int)sizeof(struct {_Static_assert(!(e), msg);})) 246 + #endif /* __CHECKER__ */ 247 + 242 248 /* &a[0] degrades to a pointer: a different type from an array */ 243 - #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) 249 + #define __must_be_array(a) __BUILD_BUG_ON_ZERO_MSG(__same_type((a), &(a)[0]), "must be array") 244 250 245 251 /* Require C Strings (i.e. NUL-terminated) lack the "nonstring" attribute. */ 246 - #define __must_be_cstr(p) BUILD_BUG_ON_ZERO(__annotated(p, nonstring)) 252 + #define __must_be_cstr(p) \ 253 + __BUILD_BUG_ON_ZERO_MSG(__annotated(p, nonstring), "must be cstr (NUL-terminated)") 247 254 248 255 /* 249 256 * This returns a constant expression while determining if an argument is
-13
include/linux/compiler_attributes.h
··· 95 95 #endif 96 96 97 97 /* 98 - * Optional: only supported since gcc >= 15 99 - * Optional: only supported since clang >= 18 100 - * 101 - * gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 102 - * clang: https://github.com/llvm/llvm-project/pull/76348 103 - */ 104 - #if __has_attribute(__counted_by__) 105 - # define __counted_by(member) __attribute__((__counted_by__(member))) 106 - #else 107 - # define __counted_by(member) 108 - #endif 109 - 110 - /* 111 98 * Optional: not supported by gcc 112 99 * Optional: only supported since clang >= 14.0 113 100 *
+19
include/linux/compiler_types.h
··· 330 330 #endif 331 331 332 332 /* 333 + * Optional: only supported since gcc >= 15 334 + * Optional: only supported since clang >= 18 335 + * 336 + * gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108896 337 + * clang: https://github.com/llvm/llvm-project/pull/76348 338 + * 339 + * __bdos on clang < 19.1.2 can erroneously return 0: 340 + * https://github.com/llvm/llvm-project/pull/110497 341 + * 342 + * __bdos on clang < 19.1.3 can be off by 4: 343 + * https://github.com/llvm/llvm-project/pull/112636 344 + */ 345 + #ifdef CONFIG_CC_HAS_COUNTED_BY 346 + # define __counted_by(member) __attribute__((__counted_by__(member))) 347 + #else 348 + # define __counted_by(member) 349 + #endif 350 + 351 + /* 333 352 * Apply __counted_by() when the Endianness matches to increase test coverage. 334 353 */ 335 354 #ifdef __LITTLE_ENDIAN
+9
init/Kconfig
··· 120 120 config CC_HAS_NO_PROFILE_FN_ATTR 121 121 def_bool $(success,echo '__attribute__((no_profile_instrument_function)) int x();' | $(CC) -x c - -c -o /dev/null -Werror) 122 122 123 + config CC_HAS_COUNTED_BY 124 + # TODO: when gcc 15 is released remove the build test and add 125 + # a gcc version check 126 + def_bool $(success,echo 'struct flex { int count; int array[] __attribute__((__counted_by__(count))); };' | $(CC) $(CLANG_FLAGS) -x c - -c -o /dev/null -Werror) 127 + # clang needs to be at least 19.1.3 to avoid __bdos miscalculations 128 + # https://github.com/llvm/llvm-project/pull/110497 129 + # https://github.com/llvm/llvm-project/pull/112636 130 + depends on !(CC_IS_CLANG && CLANG_VERSION < 190103) 131 + 123 132 config PAHOLE_VERSION 124 133 int 125 134 default $(shell,$(srctree)/scripts/pahole-version.sh $(PAHOLE))
+1 -1
lib/overflow_kunit.c
··· 1187 1187 { 1188 1188 /* Using _RAW_ on a __counted_by struct will initialize "counter" to zero */ 1189 1189 DEFINE_RAW_FLEX(struct foo, two_but_zero, array, 2); 1190 - #if __has_attribute(__counted_by__) 1190 + #ifdef CONFIG_CC_HAS_COUNTED_BY 1191 1191 int expected_raw_size = sizeof(struct foo); 1192 1192 #else 1193 1193 int expected_raw_size = sizeof(struct foo) + 2 * sizeof(s16);
+1 -1
lib/string_helpers.c
··· 57 57 static const unsigned int rounding[] = { 500, 50, 5 }; 58 58 int i = 0, j; 59 59 u32 remainder = 0, sf_cap; 60 - char tmp[8]; 60 + char tmp[12]; 61 61 const char *unit; 62 62 63 63 tmp[0] = '\0';