From patchwork Thu Mar 31 18:35:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12797553 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3B284C4321E for ; Thu, 31 Mar 2022 18:36:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Subject:Cc:To: From:Date:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=ezmMsBqvAcfCpYasyvFK0uIPeeXO6U1gftZprjtSjNI=; b=WJt/DwCifkvB5M U5X/Eg1Itk2pyknX5scTL6vh7yEf/6n7qbUQe4BJE8W8N0njJCmCNQNhsQcupBU3BRaxHDVL+vif+ mF3Xy5rl2eUTMmEsAwgJGkaNac7xNpSMAGG+fmZmbp8JLBE8xgvfyzmuEuElXrC4xhNm5kzrHm0ik GSBD7ZdbYJhiYbDpT67V2WXytaL1k/LK+gZCkaCjjAquI92fv/URKhxB6ZPpAWmKpUAz16wW8kVuQ 5Tfl8MkPXVgSAbXSzyC93DCIEKUreK8k96IPjxUZ1X3NNO6phOgFiDpiPGhNM26IHgOQ4l0EPALTA kCohWY5Q8nY/PtUGkecg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1nZze9-003ETz-5s; Thu, 31 Mar 2022 18:35:49 +0000 Received: from mail-pg1-x536.google.com ([2607:f8b0:4864:20::536]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1nZze4-003EQL-Ep for linux-arm-kernel@lists.infradead.org; Thu, 31 Mar 2022 18:35:46 +0000 Received: by mail-pg1-x536.google.com with SMTP id s72so467530pgc.5 for ; Thu, 31 Mar 2022 11:35:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=tNeFkTR9DpNZ/sYrUJuAKvoLFFRWaFO5MwAeYZZpegY=; b=Z2ogAaxkds1pGXjfSPCItUJCgR8MxcFpQqVxWukZkqOb0TYB/fQwPXV8XnUZlMxHD7 e2h2ZsDBlyvyiL+PE3CQY7hKYDehow4COfLsRboHHa2eJfSmaPKFt/48/V1NGCiIEt2T cZg4frkbR+l2bal3IhjLmtrWfHaC5Ib95lw+Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=tNeFkTR9DpNZ/sYrUJuAKvoLFFRWaFO5MwAeYZZpegY=; b=Y6WEyLN9rQ4pWoHiIpB6A/c/n1ew6om8fZ8S2U1TpvuLs1cP0bH8LBmL1TZxi+qUmQ Qc7K0NDYp5llOAYX7zMD/+3O2KXM3Cf7g5o6aNPcPpVQyh+H1eLAb9ElCp28L3fDsGeR 5sbCPcfxTVuu6xgv71TLqKBT3lMeJluKUZQ6z+SiKJ5y4D/jsN/31pJ0qFecuPmsgJM3 IqodSoXW9dKKDpJmOWJvcDSnJkuusrcBbplPu8zN438U3oVksALNg3gMCtDi/m9b7cNL e3H+76anbuxM/TgSAhNi5SAVCf6Z5sPXKGK5bAy0+CvjrvvCQQymVtTGhGmgagz5mITI VC5w== X-Gm-Message-State: AOAM532yWKlqqnETvA4bOh4q4cGKDhWbseHB3JGpJgFjcdLT3th/Qstc RMYVokmUOcGFvczVOZoSovWnbw== X-Google-Smtp-Source: ABdhPJwQNYW5GcaTS+SUl9vxr9XpNUKSOH893YtYvCPVctKCmmEWe8MgBLrtCuqTnouYMuJlg4IXBg== X-Received: by 2002:a63:fb44:0:b0:372:9ec8:745a with SMTP id w4-20020a63fb44000000b003729ec8745amr11635174pgj.551.1648751741288; Thu, 31 Mar 2022 11:35:41 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id bt15-20020a056a00438f00b004fb6a6af05dsm155152pfb.187.2022.03.31.11.35.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Mar 2022 11:35:40 -0700 (PDT) Date: Thu, 31 Mar 2022 11:35:40 -0700 From: Kees Cook To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, Andrew Morton , Christoph Hellwig , David Hildenbrand , Hari Bathini , Kees Cook , linux-arm-kernel@lists.infradead.org, Logan Gunthorpe , Martin Oliveira , "Matthew Wilcox (Oracle)" , Mike Kravetz , Minchan Kim , Russell King , Stephen Rothwell , Zi Yan Subject: [GIT PULL] hardening fixes for v5.18-rc1 Message-ID: <202203311127.503A3110@keescook> MIME-Version: 1.0 Content-Disposition: inline X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220331_113544_570995_A69E1250 X-CRM114-Status: GOOD ( 12.48 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Linus, Please pull these hardening fixes for v5.18-rc1. This addresses an -Warray-bounds warning found under a few ARM defconfigs, and disables long-broken CONFIG_HARDENED_USERCOPY_PAGESPAN. Thanks! -Kees The following changes since commit afcf5441b9ff22ac57244cd45ff102ebc2e32d1a: arm64: Add gcc Shadow Call Stack support (2022-03-10 09:22:09 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v5.18-rc1-fix1 for you to fetch changes up to 229a08a4f4e4f9949801cc39b6480ddc9c487183: ARM/dma-mapping: Remove CMA code when not built with CMA (2022-03-31 11:19:25 -0700) ---------------------------------------------------------------- hardening updates for v5.18-rc1-fix1 - Disable CONFIG_HARDENED_USERCOPY_PAGESPAN - DMA: remove CMA code when not buiding CMA ---------------------------------------------------------------- Kees Cook (2): usercopy: Disable CONFIG_HARDENED_USERCOPY_PAGESPAN ARM/dma-mapping: Remove CMA code when not built with CMA arch/arm/mm/dma-mapping.c | 2 ++ arch/arm/mm/mm.h | 4 ++++ include/linux/cma.h | 4 ---- security/Kconfig | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-)