diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-12-23 21:00:24 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-12-23 21:00:24 +0100 |
commit | 51094a24b85e29138b7fa82ef1e1b4fe19c90046 (patch) | |
tree | f1ce01b4d655b191a6b96f7caae68976c5e95867 /drivers | |
parent | Merge tag 'pstore-v6.2-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kerne... (diff) | |
parent | cfi: Fix CFI failure with KASAN (diff) | |
download | linux-51094a24b85e29138b7fa82ef1e1b4fe19c90046.tar.xz linux-51094a24b85e29138b7fa82ef1e1b4fe19c90046.zip |
Merge tag 'hardening-v6.2-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull kernel hardening fixes from Kees Cook:
- Fix CFI failure with KASAN (Sami Tolvanen)
- Fix LKDTM + CFI under GCC 7 and 8 (Kristina Martsenko)
- Limit CONFIG_ZERO_CALL_USED_REGS to Clang > 15.0.6 (Nathan
Chancellor)
- Ignore "contents" argument in LoadPin's LSM hook handling
- Fix paste-o in /sys/kernel/warn_count API docs
- Use READ_ONCE() consistently for oops/warn limit reading
* tag 'hardening-v6.2-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
cfi: Fix CFI failure with KASAN
exit: Use READ_ONCE() for all oops/warn limit reads
security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
lkdtm: cfi: Make PAC test work with GCC 7 and 8
docs: Fix path paste-o for /sys/kernel/warn_count
LoadPin: Ignore the "contents" argument of the LSM hooks
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/misc/lkdtm/cfi.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/misc/lkdtm/cfi.c b/drivers/misc/lkdtm/cfi.c index 5245cf6013c9..fc28714ae3a6 100644 --- a/drivers/misc/lkdtm/cfi.c +++ b/drivers/misc/lkdtm/cfi.c @@ -54,7 +54,11 @@ static void lkdtm_CFI_FORWARD_PROTO(void) # ifdef CONFIG_ARM64_BTI_KERNEL # define __no_pac "branch-protection=bti" # else -# define __no_pac "branch-protection=none" +# ifdef CONFIG_CC_HAS_BRANCH_PROT_PAC_RET +# define __no_pac "branch-protection=none" +# else +# define __no_pac "sign-return-address=none" +# endif # endif # define __no_ret_protection __noscs __attribute__((__target__(__no_pac))) #else |