hardening fixes for v7.0-rc6

- fix required Clang version for CC_HAS_COUNTED_BY_PTR (Nathan Chancellor) - update Coccinelle script used for kmalloc_obj -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRSPkdeREjth1dHnSE2KwveOeQkuwUCacRQmQAKCRA2KwveOeQk u0QhAQCX0xv8Tt2OoP2vPRp6VpXcJNyPkm/h/ncvWuX+XyJCAAD/SgUUeDN4WMEl PN6bH0uwH6Q+6Xi8xEfbNs7cOfHqDQw= =ltch -----END PGP SIGNATURE----- Merge tag 'hardening-v7.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull hardening fixes from Kees Cook: - fix required Clang version for CC_HAS_COUNTED_BY_PTR (Nathan Chancellor) - update Coccinelle script used for kmalloc_obj * tag 'hardening-v7.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: init/Kconfig: Require a release version of clang-22 for CC_HAS_COUNTED_BY_PTR coccinelle: kmalloc_obj: Remove default GFP_KERNEL arg
2026-03-25 14:47:18 -07:00 · 2026-03-25 14:47:18 -07:00 · d2a43e7f89
parent 51088b9d5f 7a618ca9b9
commit d2a43e7f89
2 changed files with 12 additions and 1 deletions
--- a/init/Kconfig
+++ b/init/Kconfig
@ -146,7 +146,7 @@ config CC_HAS_COUNTED_BY
 config CC_HAS_COUNTED_BY_PTR
 	bool
 	# supported since clang 22
-	default y if CC_IS_CLANG && CLANG_VERSION >= 220000
+	default y if CC_IS_CLANG && CLANG_VERSION >= 220100
 	# supported since gcc 16.0.0
 	default y if CC_IS_GCC && GCC_VERSION >= 160000

--- a/scripts/coccinelle/api/kmalloc_objs.cocci
+++ b/scripts/coccinelle/api/kmalloc_objs.cocci
@ -122,3 +122,14 @@ fresh identifier ALLOC_OBJS = script:python(ALLOC_ARRAY) { alloc_array(ALLOC_ARR
 -	ALLOC(struct_size_t(TYPE, FLEX, COUNT), GFP)
 +	ALLOC_FLEX(TYPE, FLEX, COUNT, GFP)
 )
+
+@drop_gfp_kernel depends on patch && !(file in "tools") && !(file in "samples")@
+identifier ALLOC = {kmalloc_obj,kmalloc_objs,kmalloc_flex,
+		    kzalloc_obj,kzalloc_objs,kzalloc_flex,
+		    kvmalloc_obj,kvmalloc_objs,kvmalloc_flex,
+		    kvzalloc_obj,kvzalloc_objs,kvzalloc_flex};
+@@
+
+	ALLOC(...
+-		 , GFP_KERNEL
+	     )