• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Landlock - Errata information
4  *
5  * Copyright © 2025 Microsoft Corporation
6  */
7 
8 #ifndef _SECURITY_LANDLOCK_ERRATA_H
9 #define _SECURITY_LANDLOCK_ERRATA_H
10 
11 #include <linux/init.h>
12 
13 struct landlock_erratum {
14 	const int abi;
15 	const u8 number;
16 };
17 
18 /* clang-format off */
19 #define LANDLOCK_ERRATUM(NUMBER) \
20 	{ \
21 		.abi = LANDLOCK_ERRATA_ABI, \
22 		.number = NUMBER, \
23 	},
24 /* clang-format on */
25 
26 /*
27  * Some fixes may require user space to check if they are applied on the running
28  * kernel before using a specific feature.  For instance, this applies when a
29  * restriction was previously too restrictive and is now getting relaxed (for
30  * compatibility or semantic reasons).  However, non-visible changes for
31  * legitimate use (e.g. security fixes) do not require an erratum.
32  */
33 static const struct landlock_erratum landlock_errata_init[] __initconst = {
34 
35 /*
36  * Only Sparse may not implement __has_include.  If a compiler does not
37  * implement __has_include, a warning will be printed at boot time (see
38  * setup.c).
39  */
40 #ifdef __has_include
41 
42 #define LANDLOCK_ERRATA_ABI 1
43 #if __has_include("errata/abi-1.h")
44 #include "errata/abi-1.h"
45 #endif
46 #undef LANDLOCK_ERRATA_ABI
47 
48 #define LANDLOCK_ERRATA_ABI 2
49 #if __has_include("errata/abi-2.h")
50 #include "errata/abi-2.h"
51 #endif
52 #undef LANDLOCK_ERRATA_ABI
53 
54 #define LANDLOCK_ERRATA_ABI 3
55 #if __has_include("errata/abi-3.h")
56 #include "errata/abi-3.h"
57 #endif
58 #undef LANDLOCK_ERRATA_ABI
59 
60 #define LANDLOCK_ERRATA_ABI 4
61 #if __has_include("errata/abi-4.h")
62 #include "errata/abi-4.h"
63 #endif
64 #undef LANDLOCK_ERRATA_ABI
65 
66 /*
67  * For each new erratum, we need to include all the ABI files up to the impacted
68  * ABI to make all potential future intermediate errata easy to backport.
69  *
70  * If such change involves more than one ABI addition, then it must be in a
71  * dedicated commit with the same Fixes tag as used for the actual fix.
72  *
73  * Each commit creating a new security/landlock/errata/abi-*.h file must have a
74  * Depends-on tag to reference the commit that previously added the line to
75  * include this new file, except if the original Fixes tag is enough.
76  *
77  * Each erratum must be documented in its related ABI file, and a dedicated
78  * commit must update Documentation/userspace-api/landlock.rst to include this
79  * erratum.  This commit will not be backported.
80  */
81 
82 #endif
83 
84 	{}
85 };
86 
87 #endif /* _SECURITY_LANDLOCK_ERRATA_H */
88