From: Linus Torvalds Date: Wed, 28 May 2025 14:47:10 +0000 (-0700) Subject: Merge tag 'hardening-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git... X-Git-Tag: v6.16-rc1~151 X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=48cfc5791d83b630fd90a1b64a15a6d09c186f99;p=linux-2.6-block.git Merge tag 'hardening-v6.16-rc1' of git://git./linux/kernel/git/kees/linux Pull hardening updates from Kees Cook: - Update overflow helpers to ease refactoring of on-stack flex array instances (Gustavo A. R. Silva, Kees Cook) - lkdtm: Use SLAB_NO_MERGE instead of constructors (Harry Yoo) - Simplify CONFIG_CC_HAS_COUNTED_BY (Jan Hendrik Farr) - Disable u64 usercopy KUnit test on 32-bit SPARC (Thomas Weißschuh) - Add missed designated initializers now exposed by fixed randstruct (Nathan Chancellor, Kees Cook) - Document compilers versions for __builtin_dynamic_object_size - Remove ARM_SSP_PER_TASK GCC plugin - Fix GCC plugin randstruct, add selftests, and restore COMPILE_TEST builds - Kbuild: induce full rebuilds when dependencies change with GCC plugins, the Clang sanitizer .scl file, or the randstruct seed. - Kbuild: Switch from -Wvla to -Wvla-larger-than=1 - Correct several __nonstring uses for -Wunterminated-string-initialization * tag 'hardening-v6.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (23 commits) Revert "hardening: Disable GCC randstruct for COMPILE_TEST" lib/tests: randstruct: Add deep function pointer layout test lib/tests: Add randstruct KUnit test randstruct: gcc-plugin: Remove bogus void member net: qede: Initialize qede_ll_ops with designated initializer scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops md/bcache: Mark __nonstring look-up table integer-wrap: Force full rebuild when .scl file changes randstruct: Force full rebuild when seed changes gcc-plugins: Force full rebuild when plugins change kbuild: Switch from -Wvla to -Wvla-larger-than=1 hardening: simplify CONFIG_CC_HAS_COUNTED_BY overflow: Fix direct struct member initialization in _DEFINE_FLEX() kunit/overflow: Add tests for STACK_FLEX_ARRAY_SIZE() helper overflow: Add STACK_FLEX_ARRAY_SIZE() helper input/joystick: magellan: Mark __nonstring look-up table const watchdog: exar: Shorten identity name to fit correctly mod_devicetable: Enlarge the maximum platform_device_id name length overflow: Clarify expectations for getting DEFINE_FLEX variable sizes compiler_types: Identify compiler versions for __builtin_dynamic_object_size ... --- 48cfc5791d83b630fd90a1b64a15a6d09c186f99 diff --cc scripts/Makefile.extrawarn index 540f3db5cd86,59d3d196fe4f..dca175fffcab --- a/scripts/Makefile.extrawarn +++ b/scripts/Makefile.extrawarn @@@ -56,10 -43,15 +56,15 @@@ KBUILD_CFLAGS += -Wno-mai endif # These result in bogus false positives -KBUILD_CFLAGS += $(call cc-disable-warning, dangling-pointer) +KBUILD_CFLAGS += $(call cc-option, -Wno-dangling-pointer) - # Variable Length Arrays (VLAs) should not be used anywhere in the kernel - KBUILD_CFLAGS += -Wvla + # Stack Variable Length Arrays (VLAs) must not be used in the kernel. + # Function array parameters should, however, be usable, but -Wvla will + # warn for those. Clang has no way yet to distinguish between the VLA + # types, so depend on GCC for now to keep stack VLAs out of the tree. + # https://github.com/llvm/llvm-project/issues/57098 + # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98217 + KBUILD_CFLAGS += $(call cc-option,-Wvla-larger-than=1) # disable pointer signed / unsigned warnings in gcc 4.0 KBUILD_CFLAGS += -Wno-pointer-sign