| Message ID | 20220407175930.471870-1-morbo@google.com (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 75c1182e18f4a66bbd2c91511b6b629dac6a27dc |
| Headers | show |
| Series | security: don't treat structure as an array of struct hlist_head | expand |
On Thu, Apr 07, 2022 at 10:59:30AM -0700, Bill Wendling wrote: > The initialization of "security_hook_heads" is done by casting it to > another structure pointer type, and treating it as an array of "struct > hlist_head" objects. This requires an exception be made in "randstruct", > because otherwise it will emit an error, reducing the effectiveness of > the hardening technique. > > Instead of using a cast, initialize the individual struct hlist_head > elements in security_hook_heads explicitly. This removes the need for > the cast and randstruct exception. > > Signed-off-by: Bill Wendling <morbo@google.com> > Cc: Kees Cook <keescook@chromium.org> Ah! Yes, thanks. This is a good solution for this. I'd rather not have any exceptions in the randstruct plugin. :) I'll take this via the hardening tree unless anyone objects. -Kees
diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 334741a31d0a..c2ec81b68505 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -52,8 +52,6 @@ static const struct whitelist_entry whitelist[] = { { "net/unix/af_unix.c", "unix_skb_parms", "char" }, /* big_key payload.data struct splashing */ { "security/keys/big_key.c", "path", "void *" }, - /* walk struct security_hook_heads as an array of struct hlist_head */ - { "security/security.c", "hlist_head", "security_hook_heads" }, { } }; diff --git a/security/security.c b/security/security.c index b7cf5cbfdc67..37a9eeb901e0 100644 --- a/security/security.c +++ b/security/security.c @@ -365,13 +365,12 @@ static void __init ordered_lsm_init(void) int __init early_security_init(void) { - int i; - struct hlist_head *list = (struct hlist_head *) &security_hook_heads; struct lsm_info *lsm; - for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); - i++) - INIT_HLIST_HEAD(&list[i]); +#define LSM_HOOK(RET, DEFAULT, NAME, ...) \ + INIT_HLIST_HEAD(&security_hook_heads.NAME); +#include "linux/lsm_hook_defs.h" +#undef LSM_HOOK for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { if (!lsm->enabled)
The initialization of "security_hook_heads" is done by casting it to another structure pointer type, and treating it as an array of "struct hlist_head" objects. This requires an exception be made in "randstruct", because otherwise it will emit an error, reducing the effectiveness of the hardening technique. Instead of using a cast, initialize the individual struct hlist_head elements in security_hook_heads explicitly. This removes the need for the cast and randstruct exception. Signed-off-by: Bill Wendling <morbo@google.com> Cc: Kees Cook <keescook@chromium.org> --- scripts/gcc-plugins/randomize_layout_plugin.c | 2 -- security/security.c | 9 ++++----- 2 files changed, 4 insertions(+), 7 deletions(-)