kernel hardening fixes for v6.2-rc4
- Fix CFI hash randomization with KASAN (Sami Tolvanen) - Check size of coreboot table entry and use flex-array -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmPB6IwWHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJgqhEACZc2ehC6DNc3JSQEbZ9H47FL6Z pnyNvi+ZkC+vxENjH6WMMjtwehWHiQJVcHNaK9eF9/7A3pq58axw3RyeeVbPmC3B E0bDjJqaknAKa9FtFdyCTXD0V1TmY/s+oHTZHUXohq9ctI+hJT3reTJ55Uo5jlyV 8aB2lvbg8Bch4BAmg7z8gd3208VL30Q3Go0mspmovYUXVCvnwe08SyROIoJZnE9+ m5IIRfVCNFrAda1DPfiNeqQcE2EnKhTT0ESwtZbQ0HS5z1zJRYjs8gaeY63iQTNn tR1mpP97RngzQ1jCfZP3dZIuYA1TLgz/px0WraYflrpnYpzJOl0XLiigXefU5lyL 7YtGb9xuu8TXMI2D+n52DlYXGRjc9I7zUMPg03y7sC4BnKX5eA6Qda4plP5kvxxp K9PSO91RkS+01nwvXCNs7ISkQ1YpayDyNxsiDIqmHx3po9QB5QniceAa5mIYR/ld v9QKzRhLELiq8cYdu+fgfSOEaY8q9+/k+kEHakfsrXoLaiK2RVw4Y++S6Fh1QIy4 R8DHdhd8j33Yws96xRhI2P+g5mVzDpdEN1TtskdO5WjefCT83R84qqJsEaklVTrI AQDSweQfF+hc+B1PkDRbCgiLeSUnPfxzwdSoy35fc9/qg/JnoQMHFrkJB2Xn2+hv KaFfgM93f1CbCW/KDg== =KwzM -----END PGP SIGNATURE----- Merge tag 'hardening-v6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull kernel hardening fixes from Kees Cook: - Fix CFI hash randomization with KASAN (Sami Tolvanen) - Check size of coreboot table entry and use flex-array * tag 'hardening-v6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: kbuild: Fix CFI hash randomization with KASAN firmware: coreboot: Check size of table entry and use flex-array
This commit is contained in:
commit
880ca43e5c
|
@ -93,14 +93,19 @@ static int coreboot_table_populate(struct device *dev, void *ptr)
|
|||
for (i = 0; i < header->table_entries; i++) {
|
||||
entry = ptr_entry;
|
||||
|
||||
device = kzalloc(sizeof(struct device) + entry->size, GFP_KERNEL);
|
||||
if (entry->size < sizeof(*entry)) {
|
||||
dev_warn(dev, "coreboot table entry too small!\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
device = kzalloc(sizeof(device->dev) + entry->size, GFP_KERNEL);
|
||||
if (!device)
|
||||
return -ENOMEM;
|
||||
|
||||
device->dev.parent = dev;
|
||||
device->dev.bus = &coreboot_bus_type;
|
||||
device->dev.release = coreboot_device_release;
|
||||
memcpy(&device->entry, ptr_entry, entry->size);
|
||||
memcpy(device->raw, ptr_entry, entry->size);
|
||||
|
||||
switch (device->entry.tag) {
|
||||
case LB_TAG_CBMEM_ENTRY:
|
||||
|
|
|
@ -79,6 +79,7 @@ struct coreboot_device {
|
|||
struct lb_cbmem_ref cbmem_ref;
|
||||
struct lb_cbmem_entry cbmem_entry;
|
||||
struct lb_framebuffer framebuffer;
|
||||
DECLARE_FLEX_ARRAY(u8, raw);
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -59,3 +59,4 @@ include/generated/utsversion.h: FORCE
|
|||
|
||||
$(obj)/version-timestamp.o: include/generated/utsversion.h
|
||||
CFLAGS_version-timestamp.o := -include include/generated/utsversion.h
|
||||
KASAN_SANITIZE_version-timestamp.o := n
|
||||
|
|
|
@ -18,6 +18,7 @@ quiet_cmd_cc_o_c = CC $@
|
|||
$(call if_changed_dep,cc_o_c)
|
||||
|
||||
ifdef CONFIG_MODULES
|
||||
KASAN_SANITIZE_.vmlinux.export.o := n
|
||||
targets += .vmlinux.export.o
|
||||
vmlinux: .vmlinux.export.o
|
||||
endif
|
||||
|
|
Loading…
Reference in New Issue