github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-17 11:08:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
6ca014cd2d
linux/security
History
Linus Torvalds 2142b7f0c6 hardening updates for v5.18-rc1 
- Add arm64 Shadow Call Stack support for GCC 12 (Dan Li)
 - Avoid memset with stack offset randomization under Clang (Marco Elver)
 - Clean up stackleak plugin to play nice with .noinstr (Kees Cook)
 - Check stack depth for greater usercopy hardening coverage (Kees Cook)
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmI4kXMWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJhBoD/wJFr0s13Cvsbibuk7PLAPJlQe9
 QBMolrrS9+JNoqdIMiILrmthCPnDBkBNrU/YvfkIyGQOO2RGxrtZVzLhyHKCDg6u
 iIkNG9S5D12ucEdqqLWdZxyBZcQuR6Rf//lGvtx8ps+jYy8fDwRekurJIb3kWl5u
 qB0O0PFd+RjGgvtm+Fh8h0FiBMxbKfPXI+s7W2rCfcwe+w5Z24YD1eoCHmnQJYcu
 Mnuk7cHsx2TFms4UqUK1Z/0EBpCKNEEX4s0z/nrfu8dRTPvLqLgbGpcmXTkik9PN
 BucIxgdRqqYbTyGvhsDhpEUVfmFcQzdPmuMnnnUc8BiXy9EqGqSfjMEzutuf+RS7
 0i4LWoDW2LYMUixqDLAMdLpwdC2Ca7hP62kE4vNVqW3jBty+jhPBVO6ddhHO14nd
 q6m+CQz0SVTIyrLI4N+TNg/EIj2DpBpAhs49QWDOL/ZqP0ewYk8Ef8pXKgJo2jJC
 aAs+18pdpoVCEs1fztzjuWZT77iTmziYhb2BOMnT4yBcAdifi7eW6l0pYsgfxoJ/
 WC/MmTWt08/IHBk09d8GbFdoP8byDUgzmzUUoskJJH2JA7475xM6qhI2J627Lpth
 baEv3UT8JWBBX+koU2wxhxKgscIvbNjJjpEGNt2YuBBeQ4lrlijsFzQjmu62gZDL
 LG0XOVV97/1V9uJ2CA==
 =yaWZ
 -----END PGP SIGNATURE-----

Merge tag 'hardening-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull kernel hardening updates from Kees Cook:

 - Add arm64 Shadow Call Stack support for GCC 12 (Dan Li)

 - Avoid memset with stack offset randomization under Clang (Marco
   Elver)

 - Clean up stackleak plugin to play nice with .noinstr (Kees Cook)

 - Check stack depth for greater usercopy hardening coverage (Kees Cook)

* tag 'hardening-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  arm64: Add gcc Shadow Call Stack support
  m68k: Implement "current_stack_pointer"
  xtensa: Implement "current_stack_pointer"
  usercopy: Check valid lifetime via stack depth
  stack: Constrain and fix stack offset randomization with Clang builds
  stack: Introduce CONFIG_RANDOMIZE_KSTACK_OFFSET
  gcc-plugins/stackleak: Ignore .noinstr.text and .entry.text
  gcc-plugins/stackleak: Exactly match strings instead of prefixes
  gcc-plugins/stackleak: Provide verbose mode
2022-03-21 19:32:04 -07:00
..
apparmor lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
bpf
integrity for-5.18/block-2022-03-18 2022-03-21 16:48:55 -07:00
keys Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2022-03-21 16:02:36 -07:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
loadpin
lockdown
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: fix misuse of mutex_is_locked() 2022-02-22 18:02:58 -05:00
smack lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
tomoyo tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2021-12-15 20:13:55 +09:00
yama
commoncap.c fs: support mapped mounts of mapped filesystems 2021-12-05 10:28:57 +01:00
device_cgroup.c add missing bpf-cgroup.h includes 2021-12-16 14:57:09 -08:00
inode.c
Kconfig Merge branch 'akpm' (patches from Andrew) 2021-11-06 14:08:17 -07:00
Kconfig.hardening gcc-plugins/stackleak: Provide verbose mode 2022-02-06 10:49:57 -08:00
lsm_audit.c lsm_audit: avoid overloading the "key" audit field 2021-09-19 22:47:04 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c
security.c Fix NULL pointer crash in LSM via Ceph, from Vivek Goyal <vgoyal@redhat.com>. 2022-01-29 08:52:27 +02:00