From patchwork Sat Dec 17 01:04:13 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 9478805 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 82AB660827 for ; Sat, 17 Dec 2016 01:04:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 747972866B for ; Sat, 17 Dec 2016 01:04:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 692FB2870F; Sat, 17 Dec 2016 01:04:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B02C92866D for ; Sat, 17 Dec 2016 01:04:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935271AbcLQBET (ORCPT ); Fri, 16 Dec 2016 20:04:19 -0500 Received: from mail-pf0-f175.google.com ([209.85.192.175]:36418 "EHLO mail-pf0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934384AbcLQBEP (ORCPT ); Fri, 16 Dec 2016 20:04:15 -0500 Received: by mail-pf0-f175.google.com with SMTP id 189so16378967pfz.3 for ; Fri, 16 Dec 2016 17:04:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=KubtTFfyz1Jn+UxLOIj+GfPgH8TW739Cxf3wQ6T12Ks=; b=d7GRMjF17MdRKwwENpXAAbNqMB+aIQoYZgpuYYw1tTyZhD0UDaMFpyAkKL87BDsmZg kW+su1qxOqSdO2x6IaJm0hUqkOBFLTEI76LZseDrBdPLxkI+GOOvBdsqmAJ3Q61gzM3r TUjDg4LctJzl5XHQZfvePQKmzDZ5PSh8al1fE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=KubtTFfyz1Jn+UxLOIj+GfPgH8TW739Cxf3wQ6T12Ks=; b=h4UX91k70k8f/pec9mPI23FH3ETWV/lph3+8P7uvsFUazJhIrNbyMED5sFnIyjrLOS bzlc1uYw3wR9iXOh1wPw1/GSvwpwHaecLKDVC86BfGtaFPBDUS8/toq5cEo6HKeN31zj /c8hYfArBgMfDF35jDg4+gGGxSocHOdLks65ey/f1mMSkiWAS6TvA+NYbqcbFyHkSMEh 7ekDG7Yl5WwtpG1Mf0xh1/BqyIkW/ut/yv2wHCPo4j7c6oH/JGlVLECY0qvbkkyojI6i c7yXD7Jt2ha2dQWbQRne45baimk/HdV5bqUp41beyWenO34goysDSz37on9ti8yhHmkm pYnw== X-Gm-Message-State: AKaTC01UXZTV5CcKxkI7DjjVsXDIriQfFe2YgTb1QoWypJtclmb/r7G7INiP15B/8GimrwAy X-Received: by 10.98.158.90 with SMTP id s87mr5852621pfd.62.1481936654425; Fri, 16 Dec 2016 17:04:14 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id c8sm14419191pfe.15.2016.12.16.17.04.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Dec 2016 17:04:13 -0800 (PST) Date: Fri, 16 Dec 2016 17:04:13 -0800 From: Kees Cook To: linux-kernel@vger.kernel.org Cc: John Johansen , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org Subject: [PATCH] apparmor: use designated initializers Message-ID: <20161217010413.GA140564@beast> MIME-Version: 1.0 Content-Disposition: inline Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Acked-by: John Johansen --- security/apparmor/file.c | 4 ++-- security/apparmor/lsm.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 4d2af4b01033..608971ac6781 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -349,8 +349,8 @@ static inline bool xindex_is_subset(u32 link, u32 target) int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { - struct path link = { new_dir->mnt, new_dentry }; - struct path target = { new_dir->mnt, old_dentry }; + struct path link = { .mnt = new_dir->mnt, .dentry = new_dentry }; + struct path target = { .mnt = new_dir->mnt, .dentry = old_dentry }; struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, d_backing_inode(old_dentry)->i_mode diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 41b8cb115801..83b2ab5c9d08 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -176,7 +176,7 @@ static int common_perm_dir_dentry(int op, const struct path *dir, struct dentry *dentry, u32 mask, struct path_cond *cond) { - struct path path = { dir->mnt, dentry }; + struct path path = { .mnt = dir->mnt, .dentry = dentry }; return common_perm(op, &path, mask, cond); } @@ -306,8 +306,8 @@ static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_d profile = aa_current_profile(); if (!unconfined(profile)) { - struct path old_path = { old_dir->mnt, old_dentry }; - struct path new_path = { new_dir->mnt, new_dentry }; + struct path old_path = { .mnt = old_dir->mnt, .dentry = old_dentry }; + struct path new_path = { .mnt = new_dir->mnt, .dentry = new_dentry }; struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, d_backing_inode(old_dentry)->i_mode };