hardening fixes for v6.17-rc1

- staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() I was asked to carry this fix, so here it is. :) - fortify: Fix incorrect reporting of read buffer size - kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS - compiler_types: Provide __no_kstack_erase to disable coverage only on Clang -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRSPkdeREjth1dHnSE2KwveOeQkuwUCaIlnHwAKCRA2KwveOeQk u7tdAQCWoq7YUp1ee2RxYt2UdRhwlMfPE4cYrC1E9GHBA3fRnQD/QMvQ/EJ5eb0Y u4vO3woSKkMxu4VmZPCzmT0mRNo/kAA= =RhhL -----END PGP SIGNATURE----- Merge tag 'hardening-v6.17-rc1-fix1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull hardening fixes from Kees Cook: "Notably, this contains the fix for for the GCC __init mess I created with the kstack_erase annotations. - staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int(). I was asked to carry this fix, so here it is. :) - fortify: Fix incorrect reporting of read buffer size - kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS - compiler_types: Provide __no_kstack_erase to disable coverage only on Clang" * tag 'hardening-v6.17-rc1-fix1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: compiler_types: Provide __no_kstack_erase to disable coverage only on Clang fortify: Fix incorrect reporting of read buffer size kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
2025-09-04 20:19:47 +08:00 · 2025-07-29 20:49:58 -07:00 · 2025-07-29 20:49:58 -07:00 · a26321ee4c
commit a26321ee4c
parent beb6c8326e f627b51aaa
7 changed files with 16 additions and 8 deletions
--- a/arch/x86/include/asm/init.h
+++ b/arch/x86/include/asm/init.h
@ -5,7 +5,7 @@
 #if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000
 #define __head	__section(".head.text") __no_sanitize_undefined __no_stack_protector
 #else
-#define __head	__section(".head.text") __no_sanitize_undefined __no_sanitize_coverage
+#define __head	__section(".head.text") __no_sanitize_undefined __no_kstack_erase
 #endif

 struct x86_mapping_info {
--- a/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
+++ b/drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c
@ -1272,14 +1272,15 @@ static int gmin_get_config_var(struct device *maindev,
 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE))
 		status = efi.get_variable(var16, &GMIN_CFG_VAR_EFI_GUID, NULL,
 					  (unsigned long *)out_len, out);
-	if (status == EFI_SUCCESS)
+	if (status == EFI_SUCCESS) {
 		dev_info(maindev, "found EFI entry for '%s'\n", var8);
-	else if (is_gmin)
+		return 0;
+	}
+	if (is_gmin)
 		dev_info(maindev, "Failed to find EFI gmin variable %s\n", var8);
 	else
 		dev_info(maindev, "Failed to find EFI variable %s\n", var8);
-
-	return ret;
+	return -ENOENT;
 }

 int gmin_get_var_int(struct device *dev, bool is_gmin, const char *var, int def)
--- a/include/linux/compiler-clang.h
+++ b/include/linux/compiler-clang.h
@ -89,6 +89,9 @@
 #define __no_sanitize_coverage
 #endif

+/* Only Clang needs to disable the coverage sanitizer for kstack_erase. */
+#define __no_kstack_erase	__no_sanitize_coverage
+
 #if __has_feature(shadow_call_stack)
 # define __noscs	__attribute__((__no_sanitize__("shadow-call-stack")))
 #endif
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@ -424,6 +424,10 @@ struct ftrace_likely_data {
 # define randomized_struct_fields_end
 #endif

+#ifndef __no_kstack_erase
+# define __no_kstack_erase
+#endif
+
 #ifndef __noscs
 # define __noscs
 #endif
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@ -596,7 +596,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size,
 	if (p_size != SIZE_MAX && p_size < size)
 		fortify_panic(func, FORTIFY_WRITE, p_size, size, true);
 	else if (q_size != SIZE_MAX && q_size < size)
-		fortify_panic(func, FORTIFY_READ, p_size, size, true);
+		fortify_panic(func, FORTIFY_READ, q_size, size, true);

 	/*
 	 * Warn when writing beyond destination field size.
--- a/include/linux/init.h
+++ b/include/linux/init.h
@ -51,7 +51,7 @@
   discard it in modules) */
 #define __init		__section(".init.text") __cold __latent_entropy	\
 						__noinitretpoline	\
-						__no_sanitize_coverage
+						__no_kstack_erase
 #define __initdata	__section(".init.data")
 #define __initconst	__section(".init.rodata")
 #define __exitdata	__section(".exit.data")
--- a/scripts/Makefile.kstack_erase
+++ b/scripts/Makefile.kstack_erase
@ -16,6 +16,6 @@ endif

 KSTACK_ERASE_CFLAGS   := $(kstack-erase-cflags-y)

-export STACKLEAK_CFLAGS DISABLE_KSTACK_ERASE
+export KSTACK_ERASE_CFLAGS DISABLE_KSTACK_ERASE

 KBUILD_CFLAGS += $(KSTACK_ERASE_CFLAGS)