linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>,
	Fangrui Song <maskray@google.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	James Morris <jmorris@namei.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Kees Cook <keescook@chromium.org>, "KE.LI" <like1@oppo.com>,
	linux-doc@vger.kernel.org, linux-hardening@vger.kernel.org,
	linux-kbuild@vger.kernel.org,
	linux-security-module@vger.kernel.org, llvm@lists.linux.dev,
	Masahiro Yamada <masahiroy@kernel.org>,
	Michal Marek <michal.lkml@markovi.net>,
	Miguel Ojeda <ojeda@kernel.org>,
	Nathan Chancellor <nathan@kernel.org>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Padmanabha Srinivasaiah <treasure4paddy@gmail.com>,
	Sami Tolvanen <samitolvanen@google.com>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Will Deacon <will@kernel.org>, Ye Guojin <ye.guojin@zte.com.cn>,
	Zeal Robot <zealci@zte.com.cn>
Subject: [GIT PULL] hardening updates for v5.16-rc1
Date: Mon, 1 Nov 2021 09:20:52 -0700	[thread overview]
Message-ID: <202111010917.75B96F4E@keescook> (raw)

Hi Linus,

Please pull these hardening updates for v5.16-rc1. These are various
compiler-related hardening feature updates. Notable is the addition of an
explicit limited rationale for, and deprecation schedule of, gcc-plugins.
More details in the tag below.

Thanks!

-Kees

The following changes since commit e4e737bb5c170df6135a127739a9e6148ee3da82:

  Linux 5.15-rc2 (2021-09-19 17:28:22 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/hardening-v5.16-rc1

for you to fetch changes up to 6425392acf24b6d469932dd1b217dc7b20d6447f:

  gcc-plugins: remove duplicate include in gcc-common.h (2021-10-21 08:41:51 -0700)

----------------------------------------------------------------
compiler hardening updates for v5.16-rc1

This collects various compiler hardening feature related updates:

- gcc-plugins:
  - remove support for GCC 4.9 and older (Ard Biesheuvel)
  - remove duplicate include in gcc-common.h (Ye Guojin)
  - Explicitly document purpose and deprecation schedule (Kees Cook)
  - Remove cyc_complexity (Kees Cook)

- instrumentation:
  - Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO (Kees Cook)

- Clang LTO:
  - kallsyms: strip LTO suffixes from static functions (Nick Desaulniers)

----------------------------------------------------------------
Ard Biesheuvel (1):
      gcc-plugins: remove support for GCC 4.9 and older

Kees Cook (3):
      hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
      gcc-plugins: Explicitly document purpose and deprecation schedule
      gcc-plugins: Remove cyc_complexity

Nick Desaulniers (1):
      kallsyms: strip LTO suffixes from static functions

Ye Guojin (1):
      gcc-plugins: remove duplicate include in gcc-common.h

 Documentation/kbuild/gcc-plugins.rst               |  28 ++++-
 Makefile                                           |   6 +-
 kernel/kallsyms.c                                  |  46 +++++--
 scripts/Makefile.gcc-plugins                       |   2 -
 scripts/gcc-plugins/Kconfig                        |  20 +---
 scripts/gcc-plugins/cyc_complexity_plugin.c        |  69 -----------
 scripts/gcc-plugins/gcc-common.h                   | 132 +--------------------
 scripts/gcc-plugins/gcc-generate-gimple-pass.h     |  19 ---
 scripts/gcc-plugins/gcc-generate-ipa-pass.h        |  19 ---
 scripts/gcc-plugins/gcc-generate-rtl-pass.h        |  19 ---
 scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h |  19 ---
 scripts/gcc-plugins/structleak_plugin.c            |   2 -
 security/Kconfig.hardening                         |  14 ++-
 13 files changed, 75 insertions(+), 320 deletions(-)
 delete mode 100644 scripts/gcc-plugins/cyc_complexity_plugin.c

-- 
Kees Cook

             reply	other threads:[~2021-11-01 16:21 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-01 16:20 Kees Cook [this message]
2021-11-02  0:50 ` [GIT PULL] hardening updates for v5.16-rc1 pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202111010917.75B96F4E@keescook \
    --to=keescook@chromium.org \
    --cc=ardb@kernel.org \
    --cc=corbet@lwn.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=jmorris@namei.org \
    --cc=like1@oppo.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=llvm@lists.linux.dev \
    --cc=masahiroy@kernel.org \
    --cc=maskray@google.com \
    --cc=michal.lkml@markovi.net \
    --cc=nathan@kernel.org \
    --cc=ndesaulniers@google.com \
    --cc=ojeda@kernel.org \
    --cc=samitolvanen@google.com \
    --cc=serge@hallyn.com \
    --cc=torvalds@linux-foundation.org \
    --cc=treasure4paddy@gmail.com \
    --cc=will@kernel.org \
    --cc=ye.guojin@zte.com.cn \
    --cc=zealci@zte.com.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).