diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-04-10 13:31:34 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-04-10 13:31:34 -0700 |
commit | fe5b5ef836c85fc687db4fa3548775fd363e25d4 (patch) | |
tree | 76a9f2a037b908cfc76bcbc54e3f86596daa8cd3 | |
parent | a6189a7407795b3f5167ea532ac85931cd26083a (diff) | |
parent | 9c573cd313433f6c1f7236fe64b9b743500c1628 (diff) | |
download | linux-fe5b5ef836c85fc687db4fa3548775fd363e25d4.tar.gz |
Merge tag 'hardening-v6.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening fixes from Kees Cook:
- gcc-plugins/stackleak: Avoid .head.text section (Ard Biesheuvel)
- ubsan: fix unused variable warning in test module (Arnd Bergmann)
- Improve entropy diffusion in randomize_kstack
* tag 'hardening-v6.9-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
randomize_kstack: Improve entropy diffusion
ubsan: fix unused variable warning in test module
gcc-plugins/stackleak: Avoid .head.text section
-rw-r--r-- | include/linux/randomize_kstack.h | 2 | ||||
-rw-r--r-- | lib/test_ubsan.c | 2 | ||||
-rw-r--r-- | scripts/gcc-plugins/stackleak_plugin.c | 2 |
3 files changed, 4 insertions, 2 deletions
diff --git a/include/linux/randomize_kstack.h b/include/linux/randomize_kstack.h index 5d868505a94e43..6d92b68efbf6c3 100644 --- a/include/linux/randomize_kstack.h +++ b/include/linux/randomize_kstack.h @@ -80,7 +80,7 @@ DECLARE_PER_CPU(u32, kstack_offset); if (static_branch_maybe(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT, \ &randomize_kstack_offset)) { \ u32 offset = raw_cpu_read(kstack_offset); \ - offset ^= (rand); \ + offset = ror32(offset, 5) ^ (rand); \ raw_cpu_write(kstack_offset, offset); \ } \ } while (0) diff --git a/lib/test_ubsan.c b/lib/test_ubsan.c index 276c12140ee26d..c288df9372ede1 100644 --- a/lib/test_ubsan.c +++ b/lib/test_ubsan.c @@ -134,7 +134,7 @@ static const test_ubsan_fp test_ubsan_array[] = { }; /* Excluded because they Oops the module. */ -static const test_ubsan_fp skip_ubsan_array[] = { +static __used const test_ubsan_fp skip_ubsan_array[] = { test_ubsan_divrem_overflow, }; diff --git a/scripts/gcc-plugins/stackleak_plugin.c b/scripts/gcc-plugins/stackleak_plugin.c index c5c2ce113c9232..d20c47d21ad835 100644 --- a/scripts/gcc-plugins/stackleak_plugin.c +++ b/scripts/gcc-plugins/stackleak_plugin.c @@ -467,6 +467,8 @@ static bool stackleak_gate(void) return false; if (STRING_EQUAL(section, ".entry.text")) return false; + if (STRING_EQUAL(section, ".head.text")) + return false; } return track_frame_size >= 0; |