mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
synced 2025-04-19 20:58:31 +09:00
6d9ac5e4d7
Potentially include errata for Landlock ABI v5 (Linux 6.10) and v6
(Linux 6.12). That will be useful for the following signal scoping
erratum.
As explained in errata.h, this commit should be backportable without
conflict down to ABI v5. It must then not include the errata/abi-6.h
file.
Fixes: 54a6e6bbf3be ("landlock: Add signal scoping")
Cc: Günther Noack <gnoack@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20250318161443.279194-5-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
100 lines
2.6 KiB
C
100 lines
2.6 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Landlock - Errata information
|
|
*
|
|
* Copyright © 2025 Microsoft Corporation
|
|
*/
|
|
|
|
#ifndef _SECURITY_LANDLOCK_ERRATA_H
|
|
#define _SECURITY_LANDLOCK_ERRATA_H
|
|
|
|
#include <linux/init.h>
|
|
|
|
struct landlock_erratum {
|
|
const int abi;
|
|
const u8 number;
|
|
};
|
|
|
|
/* clang-format off */
|
|
#define LANDLOCK_ERRATUM(NUMBER) \
|
|
{ \
|
|
.abi = LANDLOCK_ERRATA_ABI, \
|
|
.number = NUMBER, \
|
|
},
|
|
/* clang-format on */
|
|
|
|
/*
|
|
* Some fixes may require user space to check if they are applied on the running
|
|
* kernel before using a specific feature. For instance, this applies when a
|
|
* restriction was previously too restrictive and is now getting relaxed (for
|
|
* compatibility or semantic reasons). However, non-visible changes for
|
|
* legitimate use (e.g. security fixes) do not require an erratum.
|
|
*/
|
|
static const struct landlock_erratum landlock_errata_init[] __initconst = {
|
|
|
|
/*
|
|
* Only Sparse may not implement __has_include. If a compiler does not
|
|
* implement __has_include, a warning will be printed at boot time (see
|
|
* setup.c).
|
|
*/
|
|
#ifdef __has_include
|
|
|
|
#define LANDLOCK_ERRATA_ABI 1
|
|
#if __has_include("errata/abi-1.h")
|
|
#include "errata/abi-1.h"
|
|
#endif
|
|
#undef LANDLOCK_ERRATA_ABI
|
|
|
|
#define LANDLOCK_ERRATA_ABI 2
|
|
#if __has_include("errata/abi-2.h")
|
|
#include "errata/abi-2.h"
|
|
#endif
|
|
#undef LANDLOCK_ERRATA_ABI
|
|
|
|
#define LANDLOCK_ERRATA_ABI 3
|
|
#if __has_include("errata/abi-3.h")
|
|
#include "errata/abi-3.h"
|
|
#endif
|
|
#undef LANDLOCK_ERRATA_ABI
|
|
|
|
#define LANDLOCK_ERRATA_ABI 4
|
|
#if __has_include("errata/abi-4.h")
|
|
#include "errata/abi-4.h"
|
|
#endif
|
|
#undef LANDLOCK_ERRATA_ABI
|
|
|
|
#define LANDLOCK_ERRATA_ABI 5
|
|
#if __has_include("errata/abi-5.h")
|
|
#include "errata/abi-5.h"
|
|
#endif
|
|
#undef LANDLOCK_ERRATA_ABI
|
|
|
|
#define LANDLOCK_ERRATA_ABI 6
|
|
#if __has_include("errata/abi-6.h")
|
|
#include "errata/abi-6.h"
|
|
#endif
|
|
#undef LANDLOCK_ERRATA_ABI
|
|
|
|
/*
|
|
* For each new erratum, we need to include all the ABI files up to the impacted
|
|
* ABI to make all potential future intermediate errata easy to backport.
|
|
*
|
|
* If such change involves more than one ABI addition, then it must be in a
|
|
* dedicated commit with the same Fixes tag as used for the actual fix.
|
|
*
|
|
* Each commit creating a new security/landlock/errata/abi-*.h file must have a
|
|
* Depends-on tag to reference the commit that previously added the line to
|
|
* include this new file, except if the original Fixes tag is enough.
|
|
*
|
|
* Each erratum must be documented in its related ABI file, and a dedicated
|
|
* commit must update Documentation/userspace-api/landlock.rst to include this
|
|
* erratum. This commit will not be backported.
|
|
*/
|
|
|
|
#endif
|
|
|
|
{}
|
|
};
|
|
|
|
#endif /* _SECURITY_LANDLOCK_ERRATA_H */
|