1*15383a0dSMickaël Salaün /* SPDX-License-Identifier: GPL-2.0-only */ 2*15383a0dSMickaël Salaün /* 3*15383a0dSMickaël Salaün * Landlock - Errata information 4*15383a0dSMickaël Salaün * 5*15383a0dSMickaël Salaün * Copyright © 2025 Microsoft Corporation 6*15383a0dSMickaël Salaün */ 7*15383a0dSMickaël Salaün 8*15383a0dSMickaël Salaün #ifndef _SECURITY_LANDLOCK_ERRATA_H 9*15383a0dSMickaël Salaün #define _SECURITY_LANDLOCK_ERRATA_H 10*15383a0dSMickaël Salaün 11*15383a0dSMickaël Salaün #include <linux/init.h> 12*15383a0dSMickaël Salaün 13*15383a0dSMickaël Salaün struct landlock_erratum { 14*15383a0dSMickaël Salaün const int abi; 15*15383a0dSMickaël Salaün const u8 number; 16*15383a0dSMickaël Salaün }; 17*15383a0dSMickaël Salaün 18*15383a0dSMickaël Salaün /* clang-format off */ 19*15383a0dSMickaël Salaün #define LANDLOCK_ERRATUM(NUMBER) \ 20*15383a0dSMickaël Salaün { \ 21*15383a0dSMickaël Salaün .abi = LANDLOCK_ERRATA_ABI, \ 22*15383a0dSMickaël Salaün .number = NUMBER, \ 23*15383a0dSMickaël Salaün }, 24*15383a0dSMickaël Salaün /* clang-format on */ 25*15383a0dSMickaël Salaün 26*15383a0dSMickaël Salaün /* 27*15383a0dSMickaël Salaün * Some fixes may require user space to check if they are applied on the running 28*15383a0dSMickaël Salaün * kernel before using a specific feature. For instance, this applies when a 29*15383a0dSMickaël Salaün * restriction was previously too restrictive and is now getting relaxed (for 30*15383a0dSMickaël Salaün * compatibility or semantic reasons). However, non-visible changes for 31*15383a0dSMickaël Salaün * legitimate use (e.g. security fixes) do not require an erratum. 32*15383a0dSMickaël Salaün */ 33*15383a0dSMickaël Salaün static const struct landlock_erratum landlock_errata_init[] __initconst = { 34*15383a0dSMickaël Salaün 35*15383a0dSMickaël Salaün /* 36*15383a0dSMickaël Salaün * Only Sparse may not implement __has_include. If a compiler does not 37*15383a0dSMickaël Salaün * implement __has_include, a warning will be printed at boot time (see 38*15383a0dSMickaël Salaün * setup.c). 39*15383a0dSMickaël Salaün */ 40*15383a0dSMickaël Salaün #ifdef __has_include 41*15383a0dSMickaël Salaün 42*15383a0dSMickaël Salaün #define LANDLOCK_ERRATA_ABI 1 43*15383a0dSMickaël Salaün #if __has_include("errata/abi-1.h") 44*15383a0dSMickaël Salaün #include "errata/abi-1.h" 45*15383a0dSMickaël Salaün #endif 46*15383a0dSMickaël Salaün #undef LANDLOCK_ERRATA_ABI 47*15383a0dSMickaël Salaün 48*15383a0dSMickaël Salaün #define LANDLOCK_ERRATA_ABI 2 49*15383a0dSMickaël Salaün #if __has_include("errata/abi-2.h") 50*15383a0dSMickaël Salaün #include "errata/abi-2.h" 51*15383a0dSMickaël Salaün #endif 52*15383a0dSMickaël Salaün #undef LANDLOCK_ERRATA_ABI 53*15383a0dSMickaël Salaün 54*15383a0dSMickaël Salaün #define LANDLOCK_ERRATA_ABI 3 55*15383a0dSMickaël Salaün #if __has_include("errata/abi-3.h") 56*15383a0dSMickaël Salaün #include "errata/abi-3.h" 57*15383a0dSMickaël Salaün #endif 58*15383a0dSMickaël Salaün #undef LANDLOCK_ERRATA_ABI 59*15383a0dSMickaël Salaün 60*15383a0dSMickaël Salaün #define LANDLOCK_ERRATA_ABI 4 61*15383a0dSMickaël Salaün #if __has_include("errata/abi-4.h") 62*15383a0dSMickaël Salaün #include "errata/abi-4.h" 63*15383a0dSMickaël Salaün #endif 64*15383a0dSMickaël Salaün #undef LANDLOCK_ERRATA_ABI 65*15383a0dSMickaël Salaün 66*15383a0dSMickaël Salaün /* 67*15383a0dSMickaël Salaün * For each new erratum, we need to include all the ABI files up to the impacted 68*15383a0dSMickaël Salaün * ABI to make all potential future intermediate errata easy to backport. 69*15383a0dSMickaël Salaün * 70*15383a0dSMickaël Salaün * If such change involves more than one ABI addition, then it must be in a 71*15383a0dSMickaël Salaün * dedicated commit with the same Fixes tag as used for the actual fix. 72*15383a0dSMickaël Salaün * 73*15383a0dSMickaël Salaün * Each commit creating a new security/landlock/errata/abi-*.h file must have a 74*15383a0dSMickaël Salaün * Depends-on tag to reference the commit that previously added the line to 75*15383a0dSMickaël Salaün * include this new file, except if the original Fixes tag is enough. 76*15383a0dSMickaël Salaün * 77*15383a0dSMickaël Salaün * Each erratum must be documented in its related ABI file, and a dedicated 78*15383a0dSMickaël Salaün * commit must update Documentation/userspace-api/landlock.rst to include this 79*15383a0dSMickaël Salaün * erratum. This commit will not be backported. 80*15383a0dSMickaël Salaün */ 81*15383a0dSMickaël Salaün 82*15383a0dSMickaël Salaün #endif 83*15383a0dSMickaël Salaün 84*15383a0dSMickaël Salaün {} 85*15383a0dSMickaël Salaün }; 86*15383a0dSMickaël Salaün 87*15383a0dSMickaël Salaün #endif /* _SECURITY_LANDLOCK_ERRATA_H */ 88