This is a note to let you know that I've just added the patch titled security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: security-restrict-config_zero_call_used_regs-to-gcc-or-clang-15.0.6.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From d6a9fb87e9d18f3394a9845546bbe868efdccfd2 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor <nathan@xxxxxxxxxx> Date: Wed, 14 Dec 2022 16:26:03 -0700 Subject: security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 From: Nathan Chancellor <nathan@xxxxxxxxxx> commit d6a9fb87e9d18f3394a9845546bbe868efdccfd2 upstream. A bad bug in clang's implementation of -fzero-call-used-regs can result in NULL pointer dereferences (see the links above the check for more information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a supported GCC version or a clang newer than 15.0.6, which will catch both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have the bug fixed. Cc: stable@xxxxxxxxxxxxxxx # v5.15+ Signed-off-by: Nathan Chancellor <nathan@xxxxxxxxxx> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Link: https://lore.kernel.org/r/20221214232602.4118147-1-nathan@xxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- security/Kconfig.hardening | 3 +++ 1 file changed, 3 insertions(+) --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -240,6 +240,9 @@ config INIT_ON_FREE_DEFAULT_ON config CC_HAS_ZERO_CALL_USED_REGS def_bool $(cc-option,-fzero-call-used-regs=used-gpr) + # https://github.com/ClangBuiltLinux/linux/issues/1766 + # https://github.com/llvm/llvm-project/issues/59242 + depends on !CC_IS_CLANG || CLANG_VERSION > 150006 config ZERO_CALL_USED_REGS bool "Enable register zeroing on function exit" Patches currently in stable-queue which might be from nathan@xxxxxxxxxx are queue-5.15/security-restrict-config_zero_call_used_regs-to-gcc-or-clang-15.0.6.patch queue-5.15/include-uapi-linux-swab-fix-potentially-missing-__al.patch queue-5.15/drm-fsl-dcu-fix-return-type-of-fsl_dcu_drm_connector.patch queue-5.15/drm-sti-fix-return-type-of-sti_-dvo-hda-hdmi-_connec.patch queue-5.15/drm-mediatek-fix-return-type-of-mtk_hdmi_bridge_mode.patch queue-5.15/hamradio-baycom_epp-fix-return-type-of-baycom_send_p.patch queue-5.15/s390-lcs-fix-return-type-of-lcs_start_xmit.patch queue-5.15/drm-amdgpu-fix-type-of-second-parameter-in-trans_msg.patch queue-5.15/s390-netiucv-fix-return-type-of-netiucv_tx.patch queue-5.15/scsi-elx-libefc-fix-second-parameter-type-in-state-c.patch queue-5.15/s390-ctcm-fix-return-type-of-ctc-mp-m_tx.patch queue-5.15/drm-amdgpu-fix-type-of-second-parameter-in-odn_edit_.patch queue-5.15/overflow-implement-size_t-saturating-arithmetic-help.patch queue-5.15/net-ethernet-ti-fix-return-type-of-netcp_ndo_start_x.patch