diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-03-23 16:43:21 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-03-23 16:43:21 +0100 |
commit | b71871395cf3a0ca7c0a7d79b4faa584ac872809 (patch) | |
tree | bc7407fdaf4a03605ea785df7136b90a784ddbad /arch/Kconfig | |
parent | Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi (diff) | |
parent | lkdtm/bugs: Improve warning message for compilers without counted_by support (diff) | |
download | linux-b71871395cf3a0ca7c0a7d79b4faa584ac872809.tar.xz linux-b71871395cf3a0ca7c0a7d79b4faa584ac872809.zip |
Merge tag 'hardening-v6.9-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull more hardening updates from Kees Cook:
- CONFIG_MEMCPY_SLOW_KUNIT_TEST is no longer needed (Guenter Roeck)
- Fix needless UTF-8 character in arch/Kconfig (Liu Song)
- Improve __counted_by warning message in LKDTM (Nathan Chancellor)
- Refactor DEFINE_FLEX() for default use of __counted_by
- Disable signed integer overflow sanitizer on GCC < 8
* tag 'hardening-v6.9-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
lkdtm/bugs: Improve warning message for compilers without counted_by support
overflow: Change DEFINE_FLEX to take __counted_by member
Revert "kunit: memcpy: Split slow memcpy tests into MEMCPY_SLOW_KUNIT_TEST"
arch/Kconfig: eliminate needless UTF-8 character in Kconfig help
ubsan: Disable signed integer overflow sanitizer on GCC < 8
Diffstat (limited to 'arch/Kconfig')
-rw-r--r-- | arch/Kconfig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/Kconfig b/arch/Kconfig index 59dee290d94b..9f066785bb71 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -799,7 +799,7 @@ config CFI_CLANG depends on ARCH_SUPPORTS_CFI_CLANG depends on $(cc-option,-fsanitize=kcfi) help - This option enables Clang’s forward-edge Control Flow Integrity + This option enables Clang's forward-edge Control Flow Integrity (CFI) checking, where the compiler injects a runtime check to each indirect function call to ensure the target is a valid function with the correct static type. This restricts possible call targets and |