1*efde4462SMickaël Salaün /* SPDX-License-Identifier: GPL-2.0-only */ 2*efde4462SMickaël Salaün /* 3*efde4462SMickaël Salaün * Landlock - Errata information 4*efde4462SMickaël Salaün * 5*efde4462SMickaël Salaün * Copyright © 2025 Microsoft Corporation 6*efde4462SMickaël Salaün */ 7*efde4462SMickaël Salaün 8*efde4462SMickaël Salaün #ifndef _SECURITY_LANDLOCK_ERRATA_H 9*efde4462SMickaël Salaün #define _SECURITY_LANDLOCK_ERRATA_H 10*efde4462SMickaël Salaün 11*efde4462SMickaël Salaün #include <linux/init.h> 12*efde4462SMickaël Salaün 13*efde4462SMickaël Salaün struct landlock_erratum { 14*efde4462SMickaël Salaün const int abi; 15*efde4462SMickaël Salaün const u8 number; 16*efde4462SMickaël Salaün }; 17*efde4462SMickaël Salaün 18*efde4462SMickaël Salaün /* clang-format off */ 19*efde4462SMickaël Salaün #define LANDLOCK_ERRATUM(NUMBER) \ 20*efde4462SMickaël Salaün { \ 21*efde4462SMickaël Salaün .abi = LANDLOCK_ERRATA_ABI, \ 22*efde4462SMickaël Salaün .number = NUMBER, \ 23*efde4462SMickaël Salaün }, 24*efde4462SMickaël Salaün /* clang-format on */ 25*efde4462SMickaël Salaün 26*efde4462SMickaël Salaün /* 27*efde4462SMickaël Salaün * Some fixes may require user space to check if they are applied on the running 28*efde4462SMickaël Salaün * kernel before using a specific feature. For instance, this applies when a 29*efde4462SMickaël Salaün * restriction was previously too restrictive and is now getting relaxed (for 30*efde4462SMickaël Salaün * compatibility or semantic reasons). However, non-visible changes for 31*efde4462SMickaël Salaün * legitimate use (e.g. security fixes) do not require an erratum. 32*efde4462SMickaël Salaün */ 33*efde4462SMickaël Salaün static const struct landlock_erratum landlock_errata_init[] __initconst = { 34*efde4462SMickaël Salaün 35*efde4462SMickaël Salaün /* 36*efde4462SMickaël Salaün * Only Sparse may not implement __has_include. If a compiler does not 37*efde4462SMickaël Salaün * implement __has_include, a warning will be printed at boot time (see 38*efde4462SMickaël Salaün * setup.c). 39*efde4462SMickaël Salaün */ 40*efde4462SMickaël Salaün #ifdef __has_include 41*efde4462SMickaël Salaün 42*efde4462SMickaël Salaün #define LANDLOCK_ERRATA_ABI 1 43*efde4462SMickaël Salaün #if __has_include("errata/abi-1.h") 44*efde4462SMickaël Salaün #include "errata/abi-1.h" 45*efde4462SMickaël Salaün #endif 46*efde4462SMickaël Salaün #undef LANDLOCK_ERRATA_ABI 47*efde4462SMickaël Salaün 48*efde4462SMickaël Salaün #define LANDLOCK_ERRATA_ABI 2 49*efde4462SMickaël Salaün #if __has_include("errata/abi-2.h") 50*efde4462SMickaël Salaün #include "errata/abi-2.h" 51*efde4462SMickaël Salaün #endif 52*efde4462SMickaël Salaün #undef LANDLOCK_ERRATA_ABI 53*efde4462SMickaël Salaün 54*efde4462SMickaël Salaün #define LANDLOCK_ERRATA_ABI 3 55*efde4462SMickaël Salaün #if __has_include("errata/abi-3.h") 56*efde4462SMickaël Salaün #include "errata/abi-3.h" 57*efde4462SMickaël Salaün #endif 58*efde4462SMickaël Salaün #undef LANDLOCK_ERRATA_ABI 59*efde4462SMickaël Salaün 60*efde4462SMickaël Salaün #define LANDLOCK_ERRATA_ABI 4 61*efde4462SMickaël Salaün #if __has_include("errata/abi-4.h") 62*efde4462SMickaël Salaün #include "errata/abi-4.h" 63*efde4462SMickaël Salaün #endif 64*efde4462SMickaël Salaün #undef LANDLOCK_ERRATA_ABI 65*efde4462SMickaël Salaün 66*efde4462SMickaël Salaün /* 67*efde4462SMickaël Salaün * For each new erratum, we need to include all the ABI files up to the impacted 68*efde4462SMickaël Salaün * ABI to make all potential future intermediate errata easy to backport. 69*efde4462SMickaël Salaün * 70*efde4462SMickaël Salaün * If such change involves more than one ABI addition, then it must be in a 71*efde4462SMickaël Salaün * dedicated commit with the same Fixes tag as used for the actual fix. 72*efde4462SMickaël Salaün * 73*efde4462SMickaël Salaün * Each commit creating a new security/landlock/errata/abi-*.h file must have a 74*efde4462SMickaël Salaün * Depends-on tag to reference the commit that previously added the line to 75*efde4462SMickaël Salaün * include this new file, except if the original Fixes tag is enough. 76*efde4462SMickaël Salaün * 77*efde4462SMickaël Salaün * Each erratum must be documented in its related ABI file, and a dedicated 78*efde4462SMickaël Salaün * commit must update Documentation/userspace-api/landlock.rst to include this 79*efde4462SMickaël Salaün * erratum. This commit will not be backported. 80*efde4462SMickaël Salaün */ 81*efde4462SMickaël Salaün 82*efde4462SMickaël Salaün #endif 83*efde4462SMickaël Salaün 84*efde4462SMickaël Salaün {} 85*efde4462SMickaël Salaün }; 86*efde4462SMickaël Salaün 87*efde4462SMickaël Salaün #endif /* _SECURITY_LANDLOCK_ERRATA_H */ 88