| Message ID | 20161217010413.GA140564@beast (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 12/16/2016 05:04 PM, Kees Cook wrote: > Prepare to mark sensitive kernel structures for randomization by making > sure they're using designated initializers. These were identified during > allyesconfig builds of x86, arm, and arm64, with most initializer fixes > extracted from grsecurity. > > Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: John Johansen <john.johansen@canonical.com> I'll pull this in to my tree for the pull request I will be sending in a couple weeks. > --- > security/apparmor/file.c | 4 ++-- > security/apparmor/lsm.c | 6 +++--- > 2 files changed, 5 insertions(+), 5 deletions(-) > > diff --git a/security/apparmor/file.c b/security/apparmor/file.c > index 4d2af4b01033..608971ac6781 100644 > --- a/security/apparmor/file.c > +++ b/security/apparmor/file.c > @@ -349,8 +349,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) > int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, > const struct path *new_dir, struct dentry *new_dentry) > { > - struct path link = { new_dir->mnt, new_dentry }; > - struct path target = { new_dir->mnt, old_dentry }; > + struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; > + struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; > struct path_cond cond = { > d_backing_inode(old_dentry)->i_uid, > d_backing_inode(old_dentry)->i_mode > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index 41b8cb115801..83b2ab5c9d08 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, const struct path *dir, > struct dentry *dentry, u32 mask, > struct path_cond *cond) > { > - struct path path = { dir->mnt, dentry }; > + struct path path = { .mnt = dir->mnt, .dentry = dentry }; > > return common_perm(op, &path, mask, cond); > } > @@ -306,8 +306,8 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d > > profile = aa_current_profile(); > if (!unconfined(profile)) { > - struct path old_path = { old_dir->mnt, old_dentry }; > - struct path new_path = { new_dir->mnt, new_dentry }; > + struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; > + struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; > struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, > d_backing_inode(old_dentry)->i_mode > }; > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 4d2af4b01033..608971ac6781 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -349,8 +349,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { - struct path link = { new_dir->mnt, new_dentry }; - struct path target = { new_dir->mnt, old_dentry }; + struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; + struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, d_backing_inode(old_dentry)->i_mode diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 41b8cb115801..83b2ab5c9d08 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, const struct path *dir, struct dentry *dentry, u32 mask, struct path_cond *cond) { - struct path path = { dir->mnt, dentry }; + struct path path = { .mnt = dir->mnt, .dentry = dentry }; return common_perm(op, &path, mask, cond); } @@ -306,8 +306,8 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d profile = aa_current_profile(); if (!unconfined(profile)) { - struct path old_path = { old_dir->mnt, old_dentry }; - struct path new_path = { new_dir->mnt, new_dentry }; + struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; + struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, d_backing_inode(old_dentry)->i_mode };
Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> --- security/apparmor/file.c | 4 ++-- security/apparmor/lsm.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)