Merge tag 'hardening-v6.2-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel...

Pull kernel hardening fixes from Kees Cook:

 - Fix CFI failure with KASAN (Sami Tolvanen)

 - Fix LKDTM + CFI under GCC 7 and 8 (Kristina Martsenko)

 - Limit CONFIG_ZERO_CALL_USED_REGS to Clang > 15.0.6 (Nathan
   Chancellor)

 - Ignore "contents" argument in LoadPin's LSM hook handling

 - Fix paste-o in /sys/kernel/warn_count API docs

 - Use READ_ONCE() consistently for oops/warn limit reading

* tag 'hardening-v6.2-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  cfi: Fix CFI failure with KASAN
  exit: Use READ_ONCE() for all oops/warn limit reads
  security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
  lkdtm: cfi: Make PAC test work with GCC 7 and 8
  docs: Fix path paste-o for /sys/kernel/warn_count
  LoadPin: Ignore the "contents" argument of the LSM hooks

diff --combined kernel/Makefile
index e7fc37a,ebc6922..10ef068
--- 1/kernel/Makefile
--- 2/kernel/Makefile
+++ b/kernel/Makefile
@@@ -41,9 -41,6 +41,6 @@@ UBSAN_SANITIZE_kcov.o := 
  KMSAN_SANITIZE_kcov.o := n
  CFLAGS_kcov.o := $(call cc-option, -fno-conserve-stack) -fno-stack-protector
  
- # Don't instrument error handlers
- CFLAGS_REMOVE_cfi.o := $(CC_FLAGS_CFI)
- 
  obj-y += sched/
  obj-y += locking/
  obj-y += power/
@@@ -69,7 -66,6 +66,7 @@@ endi
  obj-$(CONFIG_UID16) += uid16.o
  obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o
  obj-$(CONFIG_KALLSYMS) += kallsyms.o
 +obj-$(CONFIG_KALLSYMS_SELFTEST) += kallsyms_selftest.o
  obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
  obj-$(CONFIG_CRASH_CORE) += crash_core.o
  obj-$(CONFIG_KEXEC_CORE) += kexec_core.o

diff --combined kernel/panic.c
index 326d915,7834c98..463c929
--- 1/kernel/panic.c
--- 2/kernel/panic.c
+++ b/kernel/panic.c
@@@ -25,7 -25,6 +25,7 @@@
  #include <linux/kexec.h>
  #include <linux/panic_notifier.h>
  #include <linux/sched.h>
 +#include <linux/string_helpers.h>
  #include <linux/sysrq.h>
  #include <linux/init.h>
  #include <linux/nmi.h>
@@@ -232,12 -231,15 +232,15 @@@ static void panic_print_sys_info(bool c
  
  void check_panic_on_warn(const char *origin)
  {
+       unsigned int limit;
+ 
        if (panic_on_warn)
                panic("%s: panic_on_warn set ...\n", origin);
  
-       if (atomic_inc_return(&warn_count) >= READ_ONCE(warn_limit) && warn_limit)
+       limit = READ_ONCE(warn_limit);
+       if (atomic_inc_return(&warn_count) >= limit && limit)
                panic("%s: system warned too often (kernel.warn_limit is %d)",
-                     origin, warn_limit);
+                     origin, limit);
  }
  
  /**
@@@ -784,8 -786,8 +787,8 @@@ static int __init panic_on_taint_setup(
        if (s && !strcmp(s, "nousertaint"))
                panic_on_taint_nousertaint = true;
  
 -      pr_info("panic_on_taint: bitmask=0x%lx nousertaint_mode=%sabled\n",
 -              panic_on_taint, panic_on_taint_nousertaint ? "en" : "dis");
 +      pr_info("panic_on_taint: bitmask=0x%lx nousertaint_mode=%s\n",
 +              panic_on_taint, str_enabled_disabled(panic_on_taint_nousertaint));
  
        return 0;
  }