1 /* SPDX-License-Identifier: GPL-2.0-only */ 2 /* 3 * Landlock - Errata information 4 * 5 * Copyright © 2025 Microsoft Corporation 6 */ 7 8 #ifndef _SECURITY_LANDLOCK_ERRATA_H 9 #define _SECURITY_LANDLOCK_ERRATA_H 10 11 #include <linux/init.h> 12 13 struct landlock_erratum { 14 const int abi; 15 const u8 number; 16 }; 17 18 /* clang-format off */ 19 #define LANDLOCK_ERRATUM(NUMBER) \ 20 { \ 21 .abi = LANDLOCK_ERRATA_ABI, \ 22 .number = NUMBER, \ 23 }, 24 /* clang-format on */ 25 26 /* 27 * Some fixes may require user space to check if they are applied on the running 28 * kernel before using a specific feature. For instance, this applies when a 29 * restriction was previously too restrictive and is now getting relaxed (for 30 * compatibility or semantic reasons). However, non-visible changes for 31 * legitimate use (e.g. security fixes) do not require an erratum. 32 */ 33 static const struct landlock_erratum landlock_errata_init[] __initconst = { 34 35 /* 36 * Only Sparse may not implement __has_include. If a compiler does not 37 * implement __has_include, a warning will be printed at boot time (see 38 * setup.c). 39 */ 40 #ifdef __has_include 41 42 #define LANDLOCK_ERRATA_ABI 1 43 #if __has_include("errata/abi-1.h") 44 #include "errata/abi-1.h" 45 #endif 46 #undef LANDLOCK_ERRATA_ABI 47 48 #define LANDLOCK_ERRATA_ABI 2 49 #if __has_include("errata/abi-2.h") 50 #include "errata/abi-2.h" 51 #endif 52 #undef LANDLOCK_ERRATA_ABI 53 54 #define LANDLOCK_ERRATA_ABI 3 55 #if __has_include("errata/abi-3.h") 56 #include "errata/abi-3.h" 57 #endif 58 #undef LANDLOCK_ERRATA_ABI 59 60 #define LANDLOCK_ERRATA_ABI 4 61 #if __has_include("errata/abi-4.h") 62 #include "errata/abi-4.h" 63 #endif 64 #undef LANDLOCK_ERRATA_ABI 65 66 #define LANDLOCK_ERRATA_ABI 5 67 #if __has_include("errata/abi-5.h") 68 #include "errata/abi-5.h" 69 #endif 70 #undef LANDLOCK_ERRATA_ABI 71 72 #define LANDLOCK_ERRATA_ABI 6 73 #if __has_include("errata/abi-6.h") 74 #include "errata/abi-6.h" 75 #endif 76 #undef LANDLOCK_ERRATA_ABI 77 78 /* 79 * For each new erratum, we need to include all the ABI files up to the impacted 80 * ABI to make all potential future intermediate errata easy to backport. 81 * 82 * If such change involves more than one ABI addition, then it must be in a 83 * dedicated commit with the same Fixes tag as used for the actual fix. 84 * 85 * Each commit creating a new security/landlock/errata/abi-*.h file must have a 86 * Depends-on tag to reference the commit that previously added the line to 87 * include this new file, except if the original Fixes tag is enough. 88 * 89 * Each erratum must be documented in its related ABI file, and a dedicated 90 * commit must update Documentation/userspace-api/landlock.rst to include this 91 * erratum. This commit will not be backported. 92 */ 93 94 #endif 95 96 {} 97 }; 98 99 #endif /* _SECURITY_LANDLOCK_ERRATA_H */ 100