UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

hardening fixes for v6.0-rc2 

- Also undef LATENT_ENTROPY_PLUGIN for per-file disabling (Andrew Donnellan)
 
 - Return EFAULT on copy_from_user() failures in LoadPin (Kees Cook)
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmL/3ZkWHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJvxaD/wJ97P0RoPm4RR51I7Eel6SoGt9
 bKI93m5xRH754sRJvkoeP9lEj3piHDP0TB3cs4uJUkbGe8NqOHPwXdhJqqo4T4UR
 4lOsXI40gCiC9MaEXh3mOThppN4RJKH+x186AZGszo4XtkYfvw8xWVXPAOy1hxUD
 /A5GO9zWATwGe08NpZv+Ldulyy+wYl+FBgG9agvRoGvKrxV4pJsI8jujYBSzIyui
 1dvhGohgVBty+YRcc6dv968c0iii3ZyHlnDeUxSeqZJTUM+7mE523fowOHik2WRX
 K1V02tPeKUJhfkJoWvav1mlkiPsFQBvpqinEylSBrBkU0zz17PaIF9vWmE3QASs/
 z1gSz0q6W/+jGzPpCR0hQdwRbmEhA7/ojJ8gxnY5Yex7FwxKlmKF+H0taMzUbP8o
 9k2j40yCT/gt1MnN1RFgpgsN+h6jsnMJvK5nPg1I4D7cvjUrGgua+G+oKzc225Nx
 Uf4gbVhhXjx0lkh7yR4m6EM7+OFmnItG3nQu7bYP5Fg9m6PHGrcSvlHca55clM6S
 7j4SXQ07o3Eu8prmlirCBgbkOhlosh51tA/yq5fH0sqp+7U08p8Jp0M+qb00F6Y8
 +uHTKiIpsddDt5t0sKyByKuCKEhMpwY6eDABXLfwuWIHscMEdsjKihTFbbGp9JSS
 6SkoEjgo1T/fEgUmhw==
 =lHoM
 -----END PGP SIGNATURE-----

Merge tag 'hardening-v6.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening fixes from Kees Cook:

 - Also undef LATENT_ENTROPY_PLUGIN for per-file disabling (Andrew
   Donnellan)

 - Return EFAULT on copy_from_user() failures in LoadPin (Kees Cook)

* tag 'hardening-v6.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
  LoadPin: Return EFAULT on copy_from_user() failures
This commit is contained in:
Linus Torvalds 2022-08-19 13:56:14 -07:00
parent 8fd00059cc 012e8d2034
commit e45c890140
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/Makefile.gcc-plugins
View File

@ -4,7 +4,7 @@ gcc-plugin-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) += latent_entropy_plugin.so
gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_LATENT_ENTROPY) \
+= -DLATENT_ENTROPY_PLUGIN
ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable -ULATENT_ENTROPY_PLUGIN
endif
export DISABLE_LATENT_ENTROPY_PLUGIN

6
security/loadpin/loadpin.c
View File

@ -356,13 +356,11 @@ static long dm_verity_ioctl(struct file *filp, unsigned int cmd, unsigned long a
{
void __user *uarg = (void __user *)arg;
unsigned int fd;
int rc;
switch (cmd) {
case LOADPIN_IOC_SET_TRUSTED_VERITY_DIGESTS:
rc = copy_from_user(&fd, uarg, sizeof(fd));
if (rc)
return rc;
if (copy_from_user(&fd, uarg, sizeof(fd)))
return -EFAULT;
return read_trusted_verity_root_digests(fd);