Merge tag 'hardening-v6.17-rc1-fix1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening fixes from Kees Cook:
 "Notably, this contains the fix for for the GCC __init mess I created
  with the kstack_erase annotations.

   - staging: media: atomisp: Fix stack buffer overflow in
     gmin_get_var_int().

     I was asked to carry this fix, so here it is. :)

   - fortify: Fix incorrect reporting of read buffer size

   - kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS

   - compiler_types: Provide __no_kstack_erase to disable coverage only
     on Clang"

* tag 'hardening-v6.17-rc1-fix1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  compiler_types: Provide __no_kstack_erase to disable coverage only on Clang
  fortify: Fix incorrect reporting of read buffer size
  kstack_erase: Fix missed export of renamed KSTACK_ERASE_CFLAGS
  staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()

Author: torvalds

arch/x86/include/asm/init.h

@@ -5,7 +5,7 @@
 #if defined(CONFIG_CC_IS_CLANG) && CONFIG_CLANG_VERSION < 170000
 #define __head	__section(".head.text") __no_sanitize_undefined __no_stack_protector
 #else
-#define __head	__section(".head.text") __no_sanitize_undefined __no_sanitize_coverage
+#define __head	__section(".head.text") __no_sanitize_undefined __no_kstack_erase
 #endif
 
 struct x86_mapping_info {

drivers/staging/media/atomisp/pci/atomisp_gmin_platform.c

@@ -1272,14 +1272,15 @@ static int gmin_get_config_var(struct device *maindev,
 	if (efi_rt_services_supported(EFI_RT_SUPPORTED_GET_VARIABLE))
 		status = efi.get_variable(var16, &GMIN_CFG_VAR_EFI_GUID, NULL,
 					  (unsigned long *)out_len, out);
-	if (status == EFI_SUCCESS)
+	if (status == EFI_SUCCESS) {
 		dev_info(maindev, "found EFI entry for '%s'\n", var8);
-	else if (is_gmin)
+		return 0;
+	}
+	if (is_gmin)
 		dev_info(maindev, "Failed to find EFI gmin variable %s\n", var8);
 	else
 		dev_info(maindev, "Failed to find EFI variable %s\n", var8);
-
-	return ret;
+	return -ENOENT;
 }
 
 int gmin_get_var_int(struct device *dev, bool is_gmin, const char *var, int def)

include/linux/compiler-clang.h

@@ -89,6 +89,9 @@
 #define __no_sanitize_coverage
 #endif
 
+/* Only Clang needs to disable the coverage sanitizer for kstack_erase. */
+#define __no_kstack_erase	__no_sanitize_coverage
+
 #if __has_feature(shadow_call_stack)
 # define __noscs	__attribute__((__no_sanitize__("shadow-call-stack")))
 #endif

include/linux/compiler_types.h

@@ -424,6 +424,10 @@ struct ftrace_likely_data {
 # define randomized_struct_fields_end
 #endif
 
+#ifndef __no_kstack_erase
+# define __no_kstack_erase
+#endif
+
 #ifndef __noscs
 # define __noscs
 #endif

include/linux/fortify-string.h

@@ -596,7 +596,7 @@ __FORTIFY_INLINE bool fortify_memcpy_chk(__kernel_size_t size,
 	if (p_size != SIZE_MAX && p_size < size)
 		fortify_panic(func, FORTIFY_WRITE, p_size, size, true);
 	else if (q_size != SIZE_MAX && q_size < size)
-		fortify_panic(func, FORTIFY_READ, p_size, size, true);
+		fortify_panic(func, FORTIFY_READ, q_size, size, true);
 
 	/*
 	 * Warn when writing beyond destination field size.

include/linux/init.h

@@ -51,7 +51,7 @@
    discard it in modules) */
 #define __init		__section(".init.text") __cold __latent_entropy	\
 						__noinitretpoline	\
-						__no_sanitize_coverage
+						__no_kstack_erase
 #define __initdata	__section(".init.data")
 #define __initconst	__section(".init.rodata")
 #define __exitdata	__section(".exit.data")

scripts/Makefile.kstack_erase

@@ -16,6 +16,6 @@ endif
 
 KSTACK_ERASE_CFLAGS   := $(kstack-erase-cflags-y)
 
-export STACKLEAK_CFLAGS DISABLE_KSTACK_ERASE
+export KSTACK_ERASE_CFLAGS DISABLE_KSTACK_ERASE
 
 KBUILD_CFLAGS += $(KSTACK_ERASE_CFLAGS)