From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754812AbdE0Ilw (ORCPT ); Sat, 27 May 2017 04:41:52 -0400 Received: from bombadil.infradead.org ([65.50.211.133]:36427 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751688AbdE0Ilu (ORCPT ); Sat, 27 May 2017 04:41:50 -0400 Date: Sat, 27 May 2017 01:41:35 -0700 From: Christoph Hellwig To: Kees Cook Cc: kernel-hardening@lists.openwall.com, Tetsuo Handa , James Morris , Laura Abbott , x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 05/20] randstruct: Whitelist struct security_hook_heads cast Message-ID: <20170527084135.GA26844@infradead.org> References: <1495829844-69341-1-git-send-email-keescook@chromium.org> <1495829844-69341-6-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1495829844-69341-6-git-send-email-keescook@chromium.org> User-Agent: Mutt/1.8.0 (2017-02-23) X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 26, 2017 at 01:17:09PM -0700, Kees Cook wrote: > The LSM initialization routines walk security_hook_heads as an array > of struct list_head instead of via names to avoid a ton of needless > source. Whitelist this to avoid the false positive warning from the > plugin: I think this crap just needs to be fixed properly. If not it almost defeats the protections as the "security" ops are just about everywhere.