xref: /linux/security/landlock/errata.h (revision 2330437da0994321020777c605a2a8cb0ecb7001)
1 /* SPDX-License-Identifier: GPL-2.0-only */
2 /*
3  * Landlock - Errata information
4  *
5  * Copyright © 2025 Microsoft Corporation
6  */
7 
8 #ifndef _SECURITY_LANDLOCK_ERRATA_H
9 #define _SECURITY_LANDLOCK_ERRATA_H
10 
11 #include <linux/init.h>
12 
13 struct landlock_erratum {
14 	const int abi;
15 	const u8 number;
16 };
17 
18 /* clang-format off */
19 #define LANDLOCK_ERRATUM(NUMBER) \
20 	{ \
21 		.abi = LANDLOCK_ERRATA_ABI, \
22 		.number = NUMBER, \
23 	},
24 /* clang-format on */
25 
26 /*
27  * Some fixes may require user space to check if they are applied on the running
28  * kernel before using a specific feature.  For instance, this applies when a
29  * restriction was previously too restrictive and is now getting relaxed (for
30  * compatibility or semantic reasons).  However, non-visible changes for
31  * legitimate use (e.g. security fixes) do not require an erratum.
32  */
33 static const struct landlock_erratum landlock_errata_init[] __initconst = {
34 
35 /*
36  * Only Sparse may not implement __has_include.  If a compiler does not
37  * implement __has_include, a warning will be printed at boot time (see
38  * setup.c).
39  */
40 #ifdef __has_include
41 
42 #define LANDLOCK_ERRATA_ABI 1
43 #if __has_include("errata/abi-1.h")
44 #include "errata/abi-1.h"
45 #endif
46 #undef LANDLOCK_ERRATA_ABI
47 
48 #define LANDLOCK_ERRATA_ABI 2
49 #if __has_include("errata/abi-2.h")
50 #include "errata/abi-2.h"
51 #endif
52 #undef LANDLOCK_ERRATA_ABI
53 
54 #define LANDLOCK_ERRATA_ABI 3
55 #if __has_include("errata/abi-3.h")
56 #include "errata/abi-3.h"
57 #endif
58 #undef LANDLOCK_ERRATA_ABI
59 
60 #define LANDLOCK_ERRATA_ABI 4
61 #if __has_include("errata/abi-4.h")
62 #include "errata/abi-4.h"
63 #endif
64 #undef LANDLOCK_ERRATA_ABI
65 
66 #define LANDLOCK_ERRATA_ABI 5
67 #if __has_include("errata/abi-5.h")
68 #include "errata/abi-5.h"
69 #endif
70 #undef LANDLOCK_ERRATA_ABI
71 
72 #define LANDLOCK_ERRATA_ABI 6
73 #if __has_include("errata/abi-6.h")
74 #include "errata/abi-6.h"
75 #endif
76 #undef LANDLOCK_ERRATA_ABI
77 
78 /*
79  * For each new erratum, we need to include all the ABI files up to the impacted
80  * ABI to make all potential future intermediate errata easy to backport.
81  *
82  * If such change involves more than one ABI addition, then it must be in a
83  * dedicated commit with the same Fixes tag as used for the actual fix.
84  *
85  * Each commit creating a new security/landlock/errata/abi-*.h file must have a
86  * Depends-on tag to reference the commit that previously added the line to
87  * include this new file, except if the original Fixes tag is enough.
88  *
89  * Each erratum must be documented in its related ABI file, and a dedicated
90  * commit must update Documentation/userspace-api/landlock.rst to include this
91  * erratum.  This commit will not be backported.
92  */
93 
94 #endif
95 
96 	{}
97 };
98 
99 #endif /* _SECURITY_LANDLOCK_ERRATA_H */
100