Merge tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull hardening fixes from Kees Cook:

 - gcc plugins: Avoid Kconfig warnings with randstruct (Nathan
   Chancellor)

 - MAINTAINERS: Add security/Kconfig.hardening to hardening section
   (Nathan Chancellor)

 - MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list

* tag 'hardening-v6.12-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  MAINTAINERS: Add security/Kconfig.hardening to hardening section
  hardening: Adjust dependencies in selection of MODVERSIONS
  MAINTAINERS: Add unsafe_memcpy() to the FORTIFY review list

Author: torvalds

MAINTAINERS

@@ -8914,6 +8914,7 @@ F:	include/linux/fortify-string.h
 F:	lib/fortify_kunit.c
 F:	lib/memcpy_kunit.c
 F:	lib/test_fortify/*
+K:	\bunsafe_memcpy\b
 K:	\b__NO_FORTIFY\b
 
 FPGA DFL DRIVERS
@@ -12345,6 +12346,7 @@ F:	include/linux/randomize_kstack.h
 F:	kernel/configs/hardening.config
 F:	lib/usercopy_kunit.c
 F:	mm/usercopy.c
+F:	security/Kconfig.hardening
 K:	\b(add|choose)_random_kstack_offset\b
 K:	\b__check_(object_size|heap_object)\b
 K:	\b__counted_by\b

security/Kconfig.hardening

@@ -340,7 +340,7 @@ choice
 	config RANDSTRUCT_FULL
 		bool "Fully randomize structure layout"
 		depends on CC_HAS_RANDSTRUCT || GCC_PLUGINS
-		select MODVERSIONS if MODULES
+		select MODVERSIONS if MODULES && !COMPILE_TEST
 		help
 		  Fully randomize the member layout of sensitive
 		  structures as much as possible, which may have both a
@@ -356,7 +356,7 @@ choice
 	config RANDSTRUCT_PERFORMANCE
 		bool "Limit randomization of structure layout to cache-lines"
 		depends on GCC_PLUGINS
-		select MODVERSIONS if MODULES
+		select MODVERSIONS if MODULES && !COMPILE_TEST
 		help
 		  Randomization of sensitive kernel structures will make a
 		  best effort at restricting randomization to cacheline-sized