Merge tag 'hardening-v6.9-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

+1 -1

arch/Kconfig

··· 799 799 depends on ARCH_SUPPORTS_CFI_CLANG 800 800 depends on $(cc-option,-fsanitize=kcfi) 801 801 help 802 - This option enables Clang’s forward-edge Control Flow Integrity 802 + This option enables Clang's forward-edge Control Flow Integrity 803 803 (CFI) checking, where the compiler injects a runtime check to each 804 804 indirect function call to ensure the target is a valid function with 805 805 the correct static type. This restricts possible call targets and

+1 -1

drivers/misc/lkdtm/bugs.c

··· 417 417 pr_err("FAIL: survived access of invalid flexible array member index!\n"); 418 418 419 419 if (!__has_attribute(__counted_by__)) 420 - pr_warn("This is expected since this %s was built a compiler supporting __counted_by\n", 420 + pr_warn("This is expected since this %s was built with a compiler that does not support __counted_by\n", 421 421 lkdtm_kernel_info); 422 422 else if (IS_ENABLED(CONFIG_UBSAN_BOUNDS)) 423 423 pr_expected_config(CONFIG_UBSAN_TRAP);

+2 -2

drivers/net/ethernet/intel/ice/ice_base.c

··· 956 956 int ice_vsi_cfg_single_txq(struct ice_vsi *vsi, struct ice_tx_ring **tx_rings, 957 957 u16 q_idx) 958 958 { 959 - DEFINE_FLEX(struct ice_aqc_add_tx_qgrp, qg_buf, txqs, 1); 959 + DEFINE_RAW_FLEX(struct ice_aqc_add_tx_qgrp, qg_buf, txqs, 1); 960 960 961 961 if (q_idx >= vsi->alloc_txq || !tx_rings || !tx_rings[q_idx]) 962 962 return -EINVAL; ··· 978 978 static int 979 979 ice_vsi_cfg_txqs(struct ice_vsi *vsi, struct ice_tx_ring **rings, u16 count) 980 980 { 981 - DEFINE_FLEX(struct ice_aqc_add_tx_qgrp, qg_buf, txqs, 1); 981 + DEFINE_RAW_FLEX(struct ice_aqc_add_tx_qgrp, qg_buf, txqs, 1); 982 982 int err = 0; 983 983 u16 q_idx; 984 984

+2 -2

drivers/net/ethernet/intel/ice/ice_common.c

··· 4695 4695 enum ice_disq_rst_src rst_src, u16 vmvf_num, 4696 4696 struct ice_sq_cd *cd) 4697 4697 { 4698 - DEFINE_FLEX(struct ice_aqc_dis_txq_item, qg_list, q_id, 1); 4698 + DEFINE_RAW_FLEX(struct ice_aqc_dis_txq_item, qg_list, q_id, 1); 4699 4699 u16 i, buf_size = __struct_size(qg_list); 4700 4700 struct ice_q_ctx *q_ctx; 4701 4701 int status = -ENOENT; ··· 4917 4917 ice_dis_vsi_rdma_qset(struct ice_port_info *pi, u16 count, u32 *qset_teid, 4918 4918 u16 *q_id) 4919 4919 { 4920 - DEFINE_FLEX(struct ice_aqc_dis_txq_item, qg_list, q_id, 1); 4920 + DEFINE_RAW_FLEX(struct ice_aqc_dis_txq_item, qg_list, q_id, 1); 4921 4921 u16 qg_size = __struct_size(qg_list); 4922 4922 struct ice_hw *hw; 4923 4923 int status = 0;

+4 -4

drivers/net/ethernet/intel/ice/ice_ddp.c

··· 1938 1938 */ 1939 1939 static enum ice_ddp_state ice_get_pkg_info(struct ice_hw *hw) 1940 1940 { 1941 - DEFINE_FLEX(struct ice_aqc_get_pkg_info_resp, pkg_info, pkg_info, 1942 - ICE_PKG_CNT); 1941 + DEFINE_RAW_FLEX(struct ice_aqc_get_pkg_info_resp, pkg_info, pkg_info, 1942 + ICE_PKG_CNT); 1943 1943 u16 size = __struct_size(pkg_info); 1944 1944 u32 i; 1945 1945 ··· 1990 1990 struct ice_pkg_hdr *ospkg, 1991 1991 struct ice_seg **seg) 1992 1992 { 1993 - DEFINE_FLEX(struct ice_aqc_get_pkg_info_resp, pkg, pkg_info, 1994 - ICE_PKG_CNT); 1993 + DEFINE_RAW_FLEX(struct ice_aqc_get_pkg_info_resp, pkg, pkg_info, 1994 + ICE_PKG_CNT); 1995 1995 u16 size = __struct_size(pkg); 1996 1996 enum ice_ddp_state state; 1997 1997 u32 i;

+3 -3

drivers/net/ethernet/intel/ice/ice_lag.c

··· 491 491 ice_lag_move_vf_node_tc(struct ice_lag *lag, u8 oldport, u8 newport, 492 492 u16 vsi_num, u8 tc) 493 493 { 494 - DEFINE_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 494 + DEFINE_RAW_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 495 495 struct device *dev = ice_pf_to_dev(lag->pf); 496 496 u16 numq, valq, num_moved, qbuf_size; 497 497 u16 buf_size = __struct_size(buf); ··· 849 849 ice_lag_reclaim_vf_tc(struct ice_lag *lag, struct ice_hw *src_hw, u16 vsi_num, 850 850 u8 tc) 851 851 { 852 - DEFINE_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 852 + DEFINE_RAW_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 853 853 struct device *dev = ice_pf_to_dev(lag->pf); 854 854 u16 numq, valq, num_moved, qbuf_size; 855 855 u16 buf_size = __struct_size(buf); ··· 1873 1873 ice_lag_move_vf_nodes_tc_sync(struct ice_lag *lag, struct ice_hw *dest_hw, 1874 1874 u16 vsi_num, u8 tc) 1875 1875 { 1876 - DEFINE_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 1876 + DEFINE_RAW_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 1877 1877 struct device *dev = ice_pf_to_dev(lag->pf); 1878 1878 u16 numq, valq, num_moved, qbuf_size; 1879 1879 u16 buf_size = __struct_size(buf);

+2 -2

drivers/net/ethernet/intel/ice/ice_sched.c

··· 237 237 ice_sched_remove_elems(struct ice_hw *hw, struct ice_sched_node *parent, 238 238 u32 node_teid) 239 239 { 240 - DEFINE_FLEX(struct ice_aqc_delete_elem, buf, teid, 1); 240 + DEFINE_RAW_FLEX(struct ice_aqc_delete_elem, buf, teid, 1); 241 241 u16 buf_size = __struct_size(buf); 242 242 u16 num_groups_removed = 0; 243 243 int status; ··· 2219 2219 ice_sched_move_nodes(struct ice_port_info *pi, struct ice_sched_node *parent, 2220 2220 u16 num_items, u32 *list) 2221 2221 { 2222 - DEFINE_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 2222 + DEFINE_RAW_FLEX(struct ice_aqc_move_elem, buf, teid, 1); 2223 2223 u16 buf_len = __struct_size(buf); 2224 2224 struct ice_sched_node *node; 2225 2225 u16 i, grps_movd = 0;

+5 -5

drivers/net/ethernet/intel/ice/ice_switch.c

··· 1812 1812 enum ice_sw_lkup_type lkup_type, 1813 1813 enum ice_adminq_opc opc) 1814 1814 { 1815 - DEFINE_FLEX(struct ice_aqc_alloc_free_res_elem, sw_buf, elem, 1); 1815 + DEFINE_RAW_FLEX(struct ice_aqc_alloc_free_res_elem, sw_buf, elem, 1); 1816 1816 u16 buf_len = __struct_size(sw_buf); 1817 1817 struct ice_aqc_res_elem *vsi_ele; 1818 1818 int status; ··· 2081 2081 */ 2082 2082 int ice_alloc_recipe(struct ice_hw *hw, u16 *rid) 2083 2083 { 2084 - DEFINE_FLEX(struct ice_aqc_alloc_free_res_elem, sw_buf, elem, 1); 2084 + DEFINE_RAW_FLEX(struct ice_aqc_alloc_free_res_elem, sw_buf, elem, 1); 2085 2085 u16 buf_len = __struct_size(sw_buf); 2086 2086 int status; 2087 2087 ··· 4418 4418 ice_alloc_res_cntr(struct ice_hw *hw, u8 type, u8 alloc_shared, u16 num_items, 4419 4419 u16 *counter_id) 4420 4420 { 4421 - DEFINE_FLEX(struct ice_aqc_alloc_free_res_elem, buf, elem, 1); 4421 + DEFINE_RAW_FLEX(struct ice_aqc_alloc_free_res_elem, buf, elem, 1); 4422 4422 u16 buf_len = __struct_size(buf); 4423 4423 int status; 4424 4424 ··· 4446 4446 ice_free_res_cntr(struct ice_hw *hw, u8 type, u8 alloc_shared, u16 num_items, 4447 4447 u16 counter_id) 4448 4448 { 4449 - DEFINE_FLEX(struct ice_aqc_alloc_free_res_elem, buf, elem, 1); 4449 + DEFINE_RAW_FLEX(struct ice_aqc_alloc_free_res_elem, buf, elem, 1); 4450 4450 u16 buf_len = __struct_size(buf); 4451 4451 int status; 4452 4452 ··· 4476 4476 */ 4477 4477 int ice_share_res(struct ice_hw *hw, u16 type, u8 shared, u16 res_id) 4478 4478 { 4479 - DEFINE_FLEX(struct ice_aqc_alloc_free_res_elem, buf, elem, 1); 4479 + DEFINE_RAW_FLEX(struct ice_aqc_alloc_free_res_elem, buf, elem, 1); 4480 4480 u16 buf_len = __struct_size(buf); 4481 4481 u16 res_type; 4482 4482 int status;

+21 -4

include/linux/overflow.h

··· 398 398 * @count: Number of elements in the array; must be compile-time const. 399 399 * @initializer: initializer expression (could be empty for no init). 400 400 */ 401 - #define _DEFINE_FLEX(type, name, member, count, initializer) \ 401 + #define _DEFINE_FLEX(type, name, member, count, initializer...) \ 402 402 _Static_assert(__builtin_constant_p(count), \ 403 403 "onstack flex array members require compile-time const count"); \ 404 404 union { \ ··· 408 408 type *name = (type *)&name##_u 409 409 410 410 /** 411 - * DEFINE_FLEX() - Define an on-stack instance of structure with a trailing 412 - * flexible array member. 411 + * DEFINE_RAW_FLEX() - Define an on-stack instance of structure with a trailing 412 + * flexible array member, when it does not have a __counted_by annotation. 413 413 * 414 414 * @type: structure type name, including "struct" keyword. 415 415 * @name: Name for a variable to define. ··· 420 420 * flexible array member. 421 421 * Use __struct_size(@name) to get compile-time size of it afterwards. 422 422 */ 423 - #define DEFINE_FLEX(type, name, member, count) \ 423 + #define DEFINE_RAW_FLEX(type, name, member, count) \ 424 424 _DEFINE_FLEX(type, name, member, count, = {}) 425 + 426 + /** 427 + * DEFINE_FLEX() - Define an on-stack instance of structure with a trailing 428 + * flexible array member. 429 + * 430 + * @TYPE: structure type name, including "struct" keyword. 431 + * @NAME: Name for a variable to define. 432 + * @MEMBER: Name of the array member. 433 + * @COUNTER: Name of the __counted_by member. 434 + * @COUNT: Number of elements in the array; must be compile-time const. 435 + * 436 + * Define a zeroed, on-stack, instance of @TYPE structure with a trailing 437 + * flexible array member. 438 + * Use __struct_size(@NAME) to get compile-time size of it afterwards. 439 + */ 440 + #define DEFINE_FLEX(TYPE, NAME, MEMBER, COUNTER, COUNT) \ 441 + _DEFINE_FLEX(TYPE, NAME, MEMBER, COUNT, = { .obj.COUNTER = COUNT, }) 425 442 426 443 #endif /* __LINUX_OVERFLOW_H */

-12

lib/Kconfig.debug

··· 2703 2703 2704 2704 If unsure, say N. 2705 2705 2706 - config MEMCPY_SLOW_KUNIT_TEST 2707 - bool "Include exhaustive memcpy tests" 2708 - depends on MEMCPY_KUNIT_TEST 2709 - default y 2710 - help 2711 - Some memcpy tests are quite exhaustive in checking for overlaps 2712 - and bit ranges. These can be very slow, so they are split out 2713 - as a separate config, in case they need to be disabled. 2714 - 2715 - Note this config option will be replaced by the use of KUnit test 2716 - attributes. 2717 - 2718 2706 config IS_SIGNED_TYPE_KUNIT_TEST 2719 2707 tristate "Test is_signed_type() macro" if !KUNIT_ALL_TESTS 2720 2708 depends on KUNIT

+2

lib/Kconfig.ubsan

··· 119 119 bool "Perform checking for signed arithmetic wrap-around" 120 120 default UBSAN 121 121 depends on !COMPILE_TEST 122 + # The no_sanitize attribute was introduced in GCC with version 8. 123 + depends on !CC_IS_GCC || GCC_VERSION >= 80000 122 124 depends on $(cc-option,-fsanitize=signed-integer-overflow) 123 125 help 124 126 This option enables -fsanitize=signed-integer-overflow which checks

-3

lib/memcpy_kunit.c

··· 309 309 310 310 static void init_large(struct kunit *test) 311 311 { 312 - if (!IS_ENABLED(CONFIG_MEMCPY_SLOW_KUNIT_TEST)) 313 - kunit_skip(test, "Slow test skipped. Enable with CONFIG_MEMCPY_SLOW_KUNIT_TEST=y"); 314 - 315 312 /* Get many bit patterns. */ 316 313 get_random_bytes(large_src, ARRAY_SIZE(large_src)); 317 314

+19

lib/overflow_kunit.c

··· 1172 1172 #undef TEST_CASTABLE_TO_TYPE 1173 1173 } 1174 1174 1175 + struct foo { 1176 + int a; 1177 + u32 counter; 1178 + s16 array[] __counted_by(counter); 1179 + }; 1180 + 1181 + static void DEFINE_FLEX_test(struct kunit *test) 1182 + { 1183 + DEFINE_RAW_FLEX(struct foo, two, array, 2); 1184 + DEFINE_FLEX(struct foo, eight, array, counter, 8); 1185 + DEFINE_FLEX(struct foo, empty, array, counter, 0); 1186 + 1187 + KUNIT_EXPECT_EQ(test, __struct_size(two), 1188 + sizeof(struct foo) + sizeof(s16) + sizeof(s16)); 1189 + KUNIT_EXPECT_EQ(test, __struct_size(eight), 24); 1190 + KUNIT_EXPECT_EQ(test, __struct_size(empty), sizeof(struct foo)); 1191 + } 1192 + 1175 1193 static struct kunit_case overflow_test_cases[] = { 1176 1194 KUNIT_CASE(u8_u8__u8_overflow_test), 1177 1195 KUNIT_CASE(s8_s8__s8_overflow_test), ··· 1212 1194 KUNIT_CASE(overflows_type_test), 1213 1195 KUNIT_CASE(same_type_test), 1214 1196 KUNIT_CASE(castable_to_type_test), 1197 + KUNIT_CASE(DEFINE_FLEX_test), 1215 1198 {} 1216 1199 }; 1217 1200

Configure Feed

Configure Feed