Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.21 2026-03-12T11:09:44+00:00 2026-03-12T11:09:44+00:00 Nathan Chancellor nathan@kernel.org 2026-02-25T22:02:51+00:00 urn:sha1:861aa1be41bc1ba3e13ef6a6f0b58a0626012fc4 commit 8678591b47469fe16357234efef9b260317b8be4 upstream. Commit 3e86e4d74c04 ("kbuild: keep .modinfo section in vmlinux.unstripped") added .modinfo to ELF_DETAILS while removing it from COMMON_DISCARDS, as it was needed in vmlinux.unstripped and ELF_DETAILS was present in all architecture specific vmlinux linker scripts. While this shuffle is fine for vmlinux, ELF_DETAILS and COMMON_DISCARDS may be used by other linker scripts, such as the s390 and x86 compressed boot images, which may not expect to have a .modinfo section. In certain circumstances, this could result in a bootloader failing to load the compressed kernel [1]. Commit ddc6cbef3ef1 ("s390/boot/vmlinux.lds.S: Ensure bzImage ends with SecureBoot trailer") recently addressed this for the s390 bzImage but the same bug remains for arm, parisc, and x86. The presence of .modinfo in the x86 bzImage was the root cause of the issue worked around with commit d50f21091358 ("kbuild: align modinfo section for Secureboot Authenticode EDK2 compat"). misc.c in arch/x86/boot/compressed includes lib/decompress_unzstd.c, which in turn includes lib/xxhash.c and its MODULE_LICENSE / MODULE_DESCRIPTION macros due to the STATIC definition. Split .modinfo out from ELF_DETAILS into its own macro and handle it in all vmlinux linker scripts. Discard .modinfo in the places where it was previously being discarded from being in COMMON_DISCARDS, as it has never been necessary in those uses. Cc: stable@vger.kernel.org Fixes: 3e86e4d74c04 ("kbuild: keep .modinfo section in vmlinux.unstripped") Reported-by: Ed W <lists@wildgooses.com> Closes: https://lore.kernel.org/587f25e0-a80e-46a5-9f01-87cb40cfa377@wildgooses.com/ [1] Tested-by: Ed W <lists@wildgooses.com> # x86_64 Link: https://patch.msgid.link/20260225-separate-modinfo-from-elf-details-v1-1-387ced6baf4b@kernel.org Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-07-26T21:27:33+00:00 Kees Cook kees@kernel.org 2025-07-26T06:44:26+00:00 urn:sha1:431a380f935e2c74cbaeac65367c70fc18903315 When building with CONFIG_KSTACK_ERASE=y and CONFIG_ARM_ATAG_DTB_COMPAT=y, the compressed boot environment encounters an undefined symbol error: ld.lld: error: undefined symbol: __sanitizer_cov_stack_depth >>> referenced by atags_to_fdt.c:135 This occurs because the compiler instruments the atags_to_fdt() function with sanitizer coverage calls, but the minimal compressed boot environment lacks access to sanitizer runtime support. The compressed boot environment already disables stack protector with -fno-stack-protector. Similarly disable sanitizer coverage by adding $(DISABLE_KSTACK_ERASE) to the general compiler flags (and remove it from the one place it was noticed before), which contains the appropriate flags to prevent sanitizer instrumentation. This follows the same pattern used in other early boot contexts where sanitizer runtime support is unavailable. Reported-by: Linux Kernel Functional Testing <lkft@linaro.org> Closes: https://lore.kernel.org/all/CA+G9fYtBk8qnpWvoaFwymCx5s5i-5KXtPGpmf=_+UKJddCOnLA@mail.gmail.com Reported-by: Nathan Chancellor <nathan@kernel.org> Closes: https://lore.kernel.org/all/20250726004313.GA3650901@ax162 Suggested-by: Nathan Chancellor <nathan@kernel.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <kees@kernel.org> 2025-07-22T04:35:01+00:00 Kees Cook kees@kernel.org 2025-07-17T23:25:06+00:00 urn:sha1:57fbad15c2eee77276a541c616589b32976d2b8e In preparation for adding Clang sanitizer coverage stack depth tracking that can support stack depth callbacks: - Add the new top-level CONFIG_KSTACK_ERASE option which will be implemented either with the stackleak GCC plugin, or with the Clang stack depth callback support. - Rename CONFIG_GCC_PLUGIN_STACKLEAK as needed to CONFIG_KSTACK_ERASE, but keep it for anything specific to the GCC plugin itself. - Rename all exposed "STACKLEAK" names and files to "KSTACK_ERASE" (named for what it does rather than what it protects against), but leave as many of the internals alone as possible to avoid even more churn. While here, also split "prev_lowest_stack" into CONFIG_KSTACK_ERASE_METRICS, since that's the only place it is referenced from. Suggested-by: Ingo Molnar <mingo@kernel.org> Link: https://lore.kernel.org/r/20250717232519.2984886-1-kees@kernel.org Signed-off-by: Kees Cook <kees@kernel.org> 2025-05-30T19:42:57+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-05-30T19:42:57+00:00 urn:sha1:724b03ee96b8d45310d89c9c3b0aa5ee0dbb72f7 Pull EFI updates from Ard Biesheuvel: "Not a lot going on in the EFI tree this cycle. The only thing that stands out is the new support for SBAT metadata, which was a bit contentious when it was first proposed, because in the initial incarnation, it would have required us to maintain a revocation index, and bump it each time a vulnerability affecting UEFI secure boot got fixed. This was shot down for obvious reasons. This time, only the changes needed to emit the SBAT section into the PE/COFF image are being carried upstream, and it is up to the distros to decide what to put in there when creating and signing the build. This only has the EFI zboot bits (which the distros will be using for arm64); the x86 bzImage changes should be arriving next cycle, presumably via the -tip tree. Summary: - Add support for emitting a .sbat section into the EFI zboot image, so that downstreams can easily include revocation metadata in the signed EFI images - Align PE symbolic constant names with other projects - Bug fix for the efi_test module - Log the physical address and size of the EFI memory map when failing to map it - A kerneldoc fix for the EFI stub code" * tag 'efi-next-for-v6.16' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi: include: pe.h: Fix PE definitions efi/efi_test: Fix missing pending status update in getwakeuptime efi: zboot specific mechanism for embedding SBAT section efi/libstub: Describe missing 'out' parameter in efi_load_initrd efi: Improve logging around memmap init 2025-05-21T14:46:37+00:00 Pali Rohár pali@kernel.org 2025-05-04T18:22:44+00:00 urn:sha1:46550e2b878d60923c72f0526a7aac02e8eda3d5 * Rename constants to their standard PE names: - MZ_MAGIC -> IMAGE_DOS_SIGNATURE - PE_MAGIC -> IMAGE_NT_SIGNATURE - PE_OPT_MAGIC_PE32_ROM -> IMAGE_ROM_OPTIONAL_HDR_MAGIC - PE_OPT_MAGIC_PE32 -> IMAGE_NT_OPTIONAL_HDR32_MAGIC - PE_OPT_MAGIC_PE32PLUS -> IMAGE_NT_OPTIONAL_HDR64_MAGIC - IMAGE_DLL_CHARACTERISTICS_NX_COMPAT -> IMAGE_DLLCHARACTERISTICS_NX_COMPAT * Import constants and their description from readpe and file projects which contains current up-to-date information: - IMAGE_FILE_MACHINE_* - IMAGE_FILE_* - IMAGE_SUBSYSTEM_* - IMAGE_DLLCHARACTERISTICS_* - IMAGE_DLLCHARACTERISTICS_EX_* - IMAGE_DEBUG_TYPE_* * Add missing IMAGE_SCN_* constants and update their incorrect description * Fix incorrect value of IMAGE_SCN_MEM_PURGEABLE constant * Add description for win32_version and loader_flags PE fields Signed-off-by: Pali Rohár <pali@kernel.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> 2025-04-28T17:32:43+00:00 Kees Cook kees@kernel.org 2025-04-09T16:04:10+00:00 urn:sha1:b8e147973eca7e07fa0845350d77c9970263fcd7 As part of trying to remove GCC plugins from Linux, drop the ARM_SSP_PER_TASK plugin. The feature is available upstream since GCC 12, so anyone needing newer kernels with per-task ssp can update their compiler[1]. Suggested-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/all/08393aa3-05a3-4e3f-8004-f374a3ec4b7e@app.fastmail.com/ [1] Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Ard Biesheuvel <ardb@kernel.org> Link: https://lore.kernel.org/r/20250409160409.work.168-kees@kernel.org Signed-off-by: Kees Cook <kees@kernel.org> 2024-07-02T08:18:43+00:00 Jinjie Ruan ruanjinjie@huawei.com 2024-06-27T07:38:44+00:00 urn:sha1:2335c9cb831faba1a4efcc612886073b6f175fe4 Add the STACKLEAK gcc plugin to arm32 by adding the helper used by stackleak common code: on_thread_stack(). It initialize the stack with the poison value before returning from system calls which improves the kernel security. Additionally, this disables the plugin in EFI stub code and decompress code, which are out of scope for the protection. Before the test on Qemu versatilepb board: # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry STACKLEAK_ERASING lkdtm: XFAIL: stackleak is not supported on this arch (HAVE_ARCH_STACKLEAK=n) After: # echo STACKLEAK_ERASING > /sys/kernel/debug/provoke-crash/DIRECT lkdtm: Performing direct entry STACKLEAK_ERASING lkdtm: stackleak stack usage: high offset: 80 bytes current: 280 bytes lowest: 696 bytes tracked: 696 bytes untracked: 192 bytes poisoned: 7220 bytes low offset: 4 bytes lkdtm: OK: the rest of the thread stack is properly erased Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> 2024-06-10T11:01:33+00:00 Yuntao Liu liuyuntao12@huawei.com 2024-06-03T15:37:50+00:00 urn:sha1:ed0f941022515ff40473ea5335769a5dc2524a3f The current arm32 architecture does not yet support the HAVE_LD_DEAD_CODE_DATA_ELIMINATION feature. arm32 is widely used in embedded scenarios, and enabling this feature would be beneficial for reducing the size of the kernel image. In order to make this work, we keep the necessary tables by annotating them with KEEP, also it requires further changes to linker script to KEEP some tables and wildcard compiler generated sections into the right place. When using ld.lld for linking, KEEP is not recognized within the OVERLAY command, and Ard proposed a concise method to solve this problem. It boots normally with defconfig, vexpress_defconfig and tinyconfig. The size comparison of zImage is as follows: defconfig vexpress_defconfig tinyconfig 5137712 5138024 424192 no dce 5032560 4997824 298384 dce 2.0% 2.7% 29.7% shrink When using smaller config file, there is a significant reduction in the size of the zImage. We also tested this patch on a commercially available single-board computer, and the comparison is as follows: a15eb_config 2161384 no dce 2092240 dce 3.2% shrink The zImage size has been reduced by approximately 3.2%, which is 70KB on 2.1M. Signed-off-by: Yuntao Liu <liuyuntao12@huawei.com> Tested-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> 2024-05-14T14:35:48+00:00 Masahiro Yamada masahiroy@kernel.org 2024-05-06T13:35:43+00:00 urn:sha1:7f7f6f7ad654b326897c9f54438a06f03454bd0d Now Kbuild provides reasonable defaults for objtool, sanitizers, and profilers. Remove redundant variables. Note: This commit changes the coverage for some objects: - include arch/mips/vdso/vdso-image.o into UBSAN, GCOV, KCOV - include arch/sparc/vdso/vdso-image-*.o into UBSAN - include arch/sparc/vdso/vma.o into UBSAN - include arch/x86/entry/vdso/extable.o into KASAN, KCSAN, UBSAN, GCOV, KCOV - include arch/x86/entry/vdso/vdso-image-*.o into KASAN, KCSAN, UBSAN, GCOV, KCOV - include arch/x86/entry/vdso/vdso32-setup.o into KASAN, KCSAN, UBSAN, GCOV, KCOV - include arch/x86/entry/vdso/vma.o into GCOV, KCOV - include arch/x86/um/vdso/vma.o into KASAN, GCOV, KCOV I believe these are positive effects because all of them are kernel space objects. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Roberto Sassu <roberto.sassu@huawei.com> 2024-02-29T21:38:02+00:00 Kees Cook keescook@chromium.org 2023-04-07T19:27:16+00:00 urn:sha1:3d965b33e40d973b450cb0212913f039476c16f4 Improve the reporting of buffer overflows under CONFIG_FORTIFY_SOURCE to help accelerate debugging efforts. The calculations are all just sitting in registers anyway, so pass them along to the function to be reported. For example, before: detected buffer overflow in memcpy and after: memcpy: detected buffer overflow: 4096 byte read of buffer size 1 Link: https://lore.kernel.org/r/20230407192717.636137-10-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org>