From: Sargun Dhillon <sargun@sargun.me>
To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: penguin-kernel@i-love.sakura.ne.jp, keescook@chromium.org,
igor.stoppa@huawei.com, casey@schaufler-ca.com,
jmorris@namei.org
Subject: [PATCH 4/4] security: generated security hook initialization based on lsm_hook_types.h
Date: Sun, 1 Apr 2018 10:18:14 +0000 [thread overview]
Message-ID: <113007a6b9333ec02a08301405db6a59b294f1d6.1522577650.git.sargun@sargun.me> (raw)
In-Reply-To: <cover.1522577650.git.sargun@sargun.me>
This replaces the old logic of casting the security hook heads struct to
an array, and then traversing it in order to initialize it. Instead,
it generates the code to set the security hook heads to null at start
time.
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
---
scripts/gcc-plugins/randomize_layout_plugin.c | 2 --
security/security.c | 17 ++++++++++++-----
2 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c
index 6d5bbd31db7f..d94138999427 100644
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -52,8 +52,6 @@ static const struct whitelist_entry whitelist[] = {
{ "net/unix/af_unix.c", "unix_skb_parms", "char" },
/* big_key payload.data struct splashing */
{ "security/keys/big_key.c", "path", "void *" },
- /* walk struct security_hook_heads as an array of struct hlist_head */
- { "security/security.c", "hlist_head", "security_hook_heads" },
{ }
};
diff --git a/security/security.c b/security/security.c
index dd246a38b3f0..c849cfa03b92 100644
--- a/security/security.c
+++ b/security/security.c
@@ -32,6 +32,9 @@
#define MAX_LSM_EVM_XATTR 2
+#define INIT_SEC_HEAD(_hook_name) \
+ INIT_HLIST_HEAD(&security_hook_heads._hook_name)
+
/* Maximum number of letters for an LSM name string */
#define SECURITY_NAME_MAX 10
@@ -60,12 +63,16 @@ static void __init do_security_initcalls(void)
*/
int __init security_init(void)
{
- int i;
- struct hlist_head *list = (struct hlist_head *) &security_hook_heads;
+ /*
+ * This generates an unrolled version of the security head
+ * initialization.
+ */
+#define INT_HOOK(_hook_name, ...) INIT_SEC_HEAD(_hook_name)
+#define VOID_HOOK(_hook_name, ...) INIT_SEC_HEAD(_hook_name)
+#include <linux/lsm_hook_types.h>
+#undef INT_HOOK
+#undef VOID_HOOK
- for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head);
- i++)
- INIT_HLIST_HEAD(&list[i]);
pr_info("Security Framework initialized\n");
/*
--
2.14.1
next prev parent reply other threads:[~2018-04-01 10:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-01 10:17 [PATCH 0/4] security: Split out hook definitions into lsm_hook_types.h Sargun Dhillon
2018-04-01 10:17 ` [PATCH 1/4] security: Move hook definitions from lsm_hooks.h to lsm_hook_types.h Sargun Dhillon
2018-04-01 10:17 ` [PATCH 2/4] security: Refactor security hooks into structured hooks Sargun Dhillon
2018-04-01 10:18 ` [PATCH 3/4] security: Make security_hook_heads use definitions in lsm_hook_types.h Sargun Dhillon
2018-04-01 10:18 ` Sargun Dhillon [this message]
2018-04-01 17:32 ` [PATCH 0/4] security: Split out hook definitions into lsm_hook_types.h Casey Schaufler
2018-04-01 20:43 ` Sargun Dhillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=113007a6b9333ec02a08301405db6a59b294f1d6.1522577650.git.sargun@sargun.me \
--to=sargun@sargun.me \
--cc=casey@schaufler-ca.com \
--cc=igor.stoppa@huawei.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).