linux/scripts
Linus Torvalds 2dc26d98cf overflow updates for v5.16-rc1
The end goal of the current buffer overflow detection work[0] is to gain
 full compile-time and run-time coverage of all detectable buffer overflows
 seen via array indexing or memcpy(), memmove(), and memset(). The str*()
 family of functions already have full coverage.
 
 While much of the work for these changes have been on-going for many
 releases (i.e. 0-element and 1-element array replacements, as well as
 avoiding false positives and fixing discovered overflows[1]), this series
 contains the foundational elements of several related buffer overflow
 detection improvements by providing new common helpers and FORTIFY_SOURCE
 changes needed to gain the introspection required for compiler visibility
 into array sizes. Also included are a handful of already Acked instances
 using the helpers (or related clean-ups), with many more waiting at the
 ready to be taken via subsystem-specific trees[2]. The new helpers are:
 
 - struct_group() for gaining struct member range introspection.
 - memset_after() and memset_startat() for clearing to the end of structures.
 - DECLARE_FLEX_ARRAY() for using flex arrays in unions or alone in structs.
 
 Also included is the beginning of the refactoring of FORTIFY_SOURCE to
 support memcpy() introspection, fix missing and regressed coverage under
 GCC, and to prepare to fix the currently broken Clang support. Finishing
 this work is part of the larger series[0], but depends on all the false
 positives and buffer overflow bug fixes to have landed already and those
 that depend on this series to land.
 
 As part of the FORTIFY_SOURCE refactoring, a set of both a compile-time
 and run-time tests are added for FORTIFY_SOURCE and the mem*()-family
 functions respectively. The compile time tests have found a legitimate
 (though corner-case) bug[6] already.
 
 Please note that the appearance of "panic" and "BUG" in the
 FORTIFY_SOURCE refactoring are the result of relocating existing code,
 and no new use of those code-paths are expected nor desired.
 
 Finally, there are two tree-wide conversions for 0-element arrays and
 flexible array unions to gain sane compiler introspection coverage that
 result in no known object code differences.
 
 After this series (and the changes that have now landed via netdev
 and usb), we are very close to finally being able to build with
 -Warray-bounds and -Wzero-length-bounds. However, due corner cases in
 GCC[3] and Clang[4], I have not included the last two patches that turn
 on these options, as I don't want to introduce any known warnings to
 the build. Hopefully these can be solved soon.
 
 [0] https://lore.kernel.org/lkml/20210818060533.3569517-1-keescook@chromium.org/
 [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=FORTIFY_SOURCE
 [2] https://lore.kernel.org/lkml/202108220107.3E26FE6C9C@keescook/
 [3] https://lore.kernel.org/lkml/3ab153ec-2798-da4c-f7b1-81b0ac8b0c5b@roeck-us.net/
 [4] https://bugs.llvm.org/show_bug.cgi?id=51682
 [5] https://lore.kernel.org/lkml/202109051257.29B29745C0@keescook/
 [6] https://lore.kernel.org/lkml/20211020200039.170424-1-keescook@chromium.org/
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmGAFWcWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJmKFD/45MJdnvW5MhIEeW5tc5UjfcIPS
 ae+YvlEX/2ZwgSlTxocFVocE6hz7b6eCiX3dSAChPkPxsSfgeiuhjxsU+4ROnELR
 04RqTA/rwT6JXfJcXbDPXfxDL4huUkgktAW3m1sT771AZspeap2GrSwFyttlTqKA
 +kTiZ3lXJVFcw10uyhfp3Lk6eFJxdf5iOjuEou5kBOQfpNKEOduRL2K15hSowOwB
 lARiAC+HbmN+E+npvDE7YqK4V7ZQ0/dtB0BlfqgTkn1spQz8N21kBAMpegV5vvIk
 A+qGHc7q2oyk4M14TRTidQHGQ4juW1Kkvq3NV6KzwQIVD+mIfz0ESn3d4tnp28Hk
 Y+OXTI1BRFlApQU9qGWv33gkNEozeyqMLDRLKhDYRSFPA9UKkpgXQRzeTzoLKyrQ
 4B6n5NnUGcu7I6WWhpyZQcZLDsHGyy0vHzjQGs/NXtb1PzXJ5XIGuPdmx9pVMykk
 IVKnqRcWyGWahfh3asOnoXvdhi1No4NSHQ/ZHfUM+SrIGYjBMaUisw66qm3Fe8ZU
 lbO2CFkCsfGSoKNPHf0lUEGlkyxAiDolazOfflDNxdzzlZo2X1l/a7O/yoO4Pqul
 cdL0eDjiNoQ2YR2TSYPnXq5KSL1RI0tlfS8pH8k1hVhZsQx0wpAQ+qki0S+fLePV
 PdA9XB82G2tmqKc9cQ==
 =9xbT
 -----END PGP SIGNATURE-----

Merge tag 'overflow-v5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull overflow updates from Kees Cook:
 "The end goal of the current buffer overflow detection work[0] is to
  gain full compile-time and run-time coverage of all detectable buffer
  overflows seen via array indexing or memcpy(), memmove(), and
  memset(). The str*() family of functions already have full coverage.

  While much of the work for these changes have been on-going for many
  releases (i.e. 0-element and 1-element array replacements, as well as
  avoiding false positives and fixing discovered overflows[1]), this
  series contains the foundational elements of several related buffer
  overflow detection improvements by providing new common helpers and
  FORTIFY_SOURCE changes needed to gain the introspection required for
  compiler visibility into array sizes. Also included are a handful of
  already Acked instances using the helpers (or related clean-ups), with
  many more waiting at the ready to be taken via subsystem-specific
  trees[2].

  The new helpers are:

   - struct_group() for gaining struct member range introspection

   - memset_after() and memset_startat() for clearing to the end of
     structures

   - DECLARE_FLEX_ARRAY() for using flex arrays in unions or alone in
     structs

  Also included is the beginning of the refactoring of FORTIFY_SOURCE to
  support memcpy() introspection, fix missing and regressed coverage
  under GCC, and to prepare to fix the currently broken Clang support.
  Finishing this work is part of the larger series[0], but depends on
  all the false positives and buffer overflow bug fixes to have landed
  already and those that depend on this series to land.

  As part of the FORTIFY_SOURCE refactoring, a set of both a
  compile-time and run-time tests are added for FORTIFY_SOURCE and the
  mem*()-family functions respectively. The compile time tests have
  found a legitimate (though corner-case) bug[6] already.

  Please note that the appearance of "panic" and "BUG" in the
  FORTIFY_SOURCE refactoring are the result of relocating existing code,
  and no new use of those code-paths are expected nor desired.

  Finally, there are two tree-wide conversions for 0-element arrays and
  flexible array unions to gain sane compiler introspection coverage
  that result in no known object code differences.

  After this series (and the changes that have now landed via netdev and
  usb), we are very close to finally being able to build with
  -Warray-bounds and -Wzero-length-bounds.

  However, due corner cases in GCC[3] and Clang[4], I have not included
  the last two patches that turn on these options, as I don't want to
  introduce any known warnings to the build. Hopefully these can be
  solved soon"

Link: https://lore.kernel.org/lkml/20210818060533.3569517-1-keescook@chromium.org/ [0]
Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?qt=grep&q=FORTIFY_SOURCE [1]
Link: https://lore.kernel.org/lkml/202108220107.3E26FE6C9C@keescook/ [2]
Link: https://lore.kernel.org/lkml/3ab153ec-2798-da4c-f7b1-81b0ac8b0c5b@roeck-us.net/ [3]
Link: https://bugs.llvm.org/show_bug.cgi?id=51682 [4]
Link: https://lore.kernel.org/lkml/202109051257.29B29745C0@keescook/ [5]
Link: https://lore.kernel.org/lkml/20211020200039.170424-1-keescook@chromium.org/ [6]

* tag 'overflow-v5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (30 commits)
  fortify: strlen: Avoid shadowing previous locals
  compiler-gcc.h: Define __SANITIZE_ADDRESS__ under hwaddress sanitizer
  treewide: Replace 0-element memcpy() destinations with flexible arrays
  treewide: Replace open-coded flex arrays in unions
  stddef: Introduce DECLARE_FLEX_ARRAY() helper
  btrfs: Use memset_startat() to clear end of struct
  string.h: Introduce memset_startat() for wiping trailing members and padding
  xfrm: Use memset_after() to clear padding
  string.h: Introduce memset_after() for wiping trailing members/padding
  lib: Introduce CONFIG_MEMCPY_KUNIT_TEST
  fortify: Add compile-time FORTIFY_SOURCE tests
  fortify: Allow strlen() and strnlen() to pass compile-time known lengths
  fortify: Prepare to improve strnlen() and strlen() warnings
  fortify: Fix dropped strcpy() compile-time write overflow check
  fortify: Explicitly disable Clang support
  fortify: Move remaining fortify helpers into fortify-string.h
  lib/string: Move helper functions out of string.c
  compiler_types.h: Remove __compiletime_object_size()
  cm4000_cs: Use struct_group() to zero struct cm4000_dev region
  can: flexcan: Use struct_group() to zero struct flexcan_regs regions
  ...
2021-11-01 17:12:56 -07:00
..
atomic locking/atomic: add arch_atomic_long*() 2021-07-16 18:46:45 +02:00
basic .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
clang-tools gen_compile_commands: fix missing 'sys' package 2021-09-19 10:13:03 +09:00
coccinelle scripts: coccinelle: allow list_entry_is_head() to use pos 2021-08-08 22:00:49 +02:00
dtc .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
dummy-tools kbuild: dummy-tools: adjust to stricter stackprotector check 2021-05-17 12:10:03 +09:00
gcc-plugins gcc-plugins: remove duplicate include in gcc-common.h 2021-10-21 08:41:51 -07:00
gdb scripts/gdb: add lx_current support for arm64 2021-05-07 00:26:33 -07:00
genksyms .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
kconfig scripts: merge_config: add strict mode to fail upon any redefinition 2021-08-10 08:23:39 +09:00
ksymoops
mod Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
package kbuild: buildtar: add riscv support 2021-03-29 23:13:30 -07:00
selinux scripts/selinux,selinux: update mdp to enable policy capabilities 2020-08-17 20:42:00 -04:00
tracing scripts/tracing: fix the bug that can't parse raw_trace_func 2021-08-04 17:49:26 -04:00
.gitignore .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
adjust_autoksyms.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
as-version.sh kbuild: Switch to 'f' variants of integrated assembler flag 2021-09-03 08:17:20 +09:00
asn1_compiler.c
bin2c.c
bloat-o-meter scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
bootgraph.pl
bpf_doc.py bpf: Introduce bpf timers. 2021-07-15 22:31:10 +02:00
cc-can-link.sh
cc-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
check_extable.sh scripts: check_extable: fix typo in user error message 2021-09-08 11:50:28 -07:00
check-sysctl-docs docs: add a script to check sysctl docs 2020-02-25 03:35:16 -07:00
checkdeclares.pl scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
checkincludes.pl
checkkconfigsymbols.py checkkconfigsymbols.py: Remove skipping of help lines in parse_kconfig_file 2021-09-19 10:13:03 +09:00
checkpatch.pl checkpatch: improve GIT_COMMIT_ID test 2021-09-08 11:50:27 -07:00
checkstack.pl scripts/checkstack.pl: fix arm sp regex 2020-05-26 00:03:16 +09:00
checksyscalls.sh checksyscalls: Unconditionally ignore fstat{,at}64 2021-10-07 17:16:28 -07:00
checkversion.pl scripts: checkversion: modernize linux/version.h search strings 2021-08-05 20:55:39 +09:00
cleanfile
cleanpatch
coccicheck scripts: coccicheck: fix troubles on non-English builds 2021-05-18 11:09:59 +02:00
config kconfig: config script: add a little user help 2021-01-04 10:38:11 +09:00
const_structs.checkpatch const_structs.checkpatch: add pinctrl_ops and pinmux_ops 2020-10-16 11:11:21 -07:00
decode_stacktrace.sh scripts/decode_stacktrace.sh: indicate 'auto' can be used for base path 2021-07-08 11:48:22 -07:00
decodecode scripts/decodecode: add the capability to supply the program counter 2020-10-13 18:38:26 -07:00
depmod.sh depmod: handle the case of /sbin/depmod without /sbin in PATH 2021-01-01 12:26:39 -08:00
dev-needs.sh scripts/dev-needs: Add script to list device dependencies 2020-09-04 18:19:37 +02:00
diffconfig scripts: switch explicitly to Python 3 2021-01-22 06:34:44 +09:00
documentation-file-ref-check documentation-file-ref-check: Make git check work for multiple working directories 2021-06-04 11:20:52 -06:00
export_report.pl modpost: move the namespace field in Module.symvers last 2020-03-17 08:59:03 +09:00
extract_xc3028.pl
extract-cert.c extract-cert: add static to local data 2020-08-18 20:16:46 +09:00
extract-ikconfig
extract-module-sig.pl
extract-sys-certs.pl
extract-vmlinux
faddr2line
file-size.sh
find-unused-docs.sh scripts/find-unused-docs: Fix massive false positives 2020-01-27 14:25:06 -07:00
gcc-goto.sh
gcc-ld
gcc-x86_32-has-stack-protector.sh x86/stackprotector/32: Make the canary into a regular percpu variable 2021-03-08 13:19:05 +01:00
gcc-x86_64-has-stack-protector.sh
gen_autoksyms.sh kbuild: Fix TRIM_UNUSED_KSYMS with LTO_CLANG 2021-09-03 08:12:39 +09:00
gen_ksymdeps.sh kbuild: redo fake deps at include/ksym/*.h 2021-09-03 08:17:21 +09:00
generate_initcall_order.pl init: lto: ensure initcall ordering 2021-01-14 08:21:09 -08:00
get_abi.pl scripts: get_abi: ignore code blocks for cross-references 2021-03-31 13:53:16 -06:00
get_dvb_firmware
get_feat.pl scripts: get_feat.pl: reduce table width for all features output 2020-12-04 14:34:27 -07:00
get_maintainer.pl get_maintainer: exclude MAINTAINERS file(s) from --git-fallback 2020-10-16 11:11:19 -07:00
gfp-translate
headerdep.pl
headers_check.pl
headers_install.sh Merge branch 'work.fdpic' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2020-08-07 13:29:39 -07:00
insert-sys-cert.c
jobserver-exec scripts/jobserver-exec: Fix a typo ("envirnoment") 2021-05-17 12:10:03 +09:00
kallsyms.c kallsyms: fix nonconverging kallsyms table with lld 2021-02-05 17:53:28 +09:00
Kbuild.include kbuild: warn if FORCE is missing for if_changed(_dep,_rule) and filechk 2021-09-03 08:17:19 +09:00
Kconfig.include kbuild: check the minimum assembler version in Kconfig 2021-04-25 05:14:41 +09:00
kernel-doc stddef: Introduce DECLARE_FLEX_ARRAY() helper 2021-10-18 12:28:52 -07:00
ld-version.sh kbuild: collect minimum tool versions into scripts/min-tool-version.sh 2021-04-25 05:14:26 +09:00
leaking_addresses.pl leaking_addresses: Always print a trailing newline 2021-10-15 11:25:13 +02:00
Lindent
link-vmlinux.sh kbuild: merge vmlinux_link() between ARCH=um and other architectures 2021-09-03 08:17:21 +09:00
Makefile Fix CVE-2020-26541 2021-04-26 08:38:10 -07:00
Makefile.asm-generic kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.build kbuild: remove stale *.symversions 2021-09-03 08:17:20 +09:00
Makefile.clang kbuild: Add -Werror=ignored-optimization-argument to CLANG_FLAGS 2021-09-19 10:55:18 +09:00
Makefile.clean kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.compiler kbuild: remove TMPO from try-run 2021-04-25 05:25:56 +09:00
Makefile.dtbinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.extrawarn Makefile.extrawarn: remove -Wnested-externs warning 2020-12-08 23:30:05 +09:00
Makefile.gcc-plugins compiler hardening updates for v5.16-rc1 2021-11-01 17:09:03 -07:00
Makefile.headersinst kbuild: prefix $(srctree)/ to some included Makefiles 2021-03-15 19:20:48 +09:00
Makefile.host kbuild: sort hostprogs before passing it to ifneq 2020-08-10 01:32:59 +09:00
Makefile.kasan kasan: always respect CONFIG_KASAN_STACK 2021-09-24 16:13:35 -07:00
Makefile.kcov kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled 2020-08-10 01:32:59 +09:00
Makefile.kcsan Kbuild updates for v5.10 2020-10-22 13:13:57 -07:00
Makefile.lib Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
Makefile.modfinal kbuild: Fix TRIM_UNUSED_KSYMS with LTO_CLANG 2021-09-03 08:12:39 +09:00
Makefile.modinst kbuild: add support for zstd compressed modules 2021-04-25 05:25:06 +09:00
Makefile.modpost kbuild: Fix comment typo in scripts/Makefile.modpost 2021-09-19 10:14:19 +09:00
Makefile.package kbuild: deb-pkg: change the source package name to linux-upstream 2021-04-25 05:30:45 +09:00
Makefile.ubsan ubsan: remove overflow checks 2021-02-26 09:41:05 -08:00
Makefile.userprogs kbuild: add infrastructure to build userspace programs 2020-05-17 18:52:01 +09:00
makelst
markup_oops.pl
min-tool-version.sh Documentation: raise minimum supported version of GCC to 5.1 2021-09-13 10:18:28 -07:00
mkcompile_h kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set 2021-06-17 10:01:12 +09:00
mksysmap mksysmap: Fix the mismatch of '.L' symbols in System.map 2020-06-06 23:39:20 +09:00
mkuboot.sh
module.lds.S module: combine constructors in module linker script 2021-07-19 14:51:40 +02:00
modules-check.sh kbuild: check module name conflict for external modules as well 2021-04-25 05:22:42 +09:00
nsdeps kbuild: replace LANG=C with LC_ALL=C 2021-05-02 00:43:35 +09:00
objdiff
parse-maintainers.pl parse-maintainers: Do not sort section content by default 2020-03-26 15:08:27 -07:00
patch-kernel
profile2linkerlist.pl
prune-kernel
recordmcount.c ftrace: Have recordmcount use w8 to read relp->r_info in arm64_is_fake_mcount 2021-03-02 17:27:18 -05:00
recordmcount.h recordmcount: Correct st_shndx handling 2021-06-18 09:09:17 -04:00
recordmcount.pl nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^' 2021-10-15 22:44:16 -04:00
remove-stale-files kbuild: add a script to remove stale generated files 2021-05-02 00:43:35 +09:00
setlocalversion scripts/setlocalversion: fix a bug when LOCALVERSION is empty 2021-07-18 23:48:14 +09:00
show_delta tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
sign-file.c
sorttable.c arm64 updates for 5.16 2021-11-01 16:33:53 -07:00
sorttable.h scripts/sorttable: Implement build-time ORC unwind table sorting 2019-12-13 10:47:58 +01:00
spdxcheck-test.sh scripts/spdxcheck-test.sh: Drop python2 2021-07-21 15:59:32 +02:00
spdxcheck.py scripts/spdxcheck.py: Strictly read license files in utf-8 2021-07-12 09:56:50 -06:00
spelling.txt scripts/spelling.txt: add more spellings to spelling.txt 2021-06-29 10:53:45 -07:00
sphinx-pre-install scripts: sphinx-pre-install: fix the need of virtenv packages 2021-06-01 16:29:30 -06:00
split-man.pl tweewide: Fix most Shebang lines 2020-12-08 23:30:04 +09:00
stackdelta
stackusage
subarch.include parisc: Fix compile failure when building 64-bit kernel natively 2021-09-01 21:52:02 +02:00
syscallhdr.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
syscallnr.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
syscalltbl.sh scripts: check duplicated syscall number in syscall table 2021-07-09 04:00:39 +09:00
tags.sh kbuild: replace LANG=C with LC_ALL=C 2021-05-02 00:43:35 +09:00
test_fortify.sh fortify: Add compile-time FORTIFY_SOURCE tests 2021-10-18 12:28:52 -07:00
tools-support-relr.sh Makefile: fix GDB warning with CONFIG_RELR 2021-06-08 13:09:34 +01:00
unifdef.c
ver_linux Removed the oprofiled version option 2021-05-03 17:23:06 -06:00
xen-hypercalls.sh scripts: make some scripts executable 2021-08-10 09:13:25 +09:00
xz_wrap.sh kbuild: add variables for compression tools 2020-06-06 23:42:01 +09:00