summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorBill Wendling <morbo@google.com>2022-04-07 10:59:30 -0700
committerKees Cook <keescook@chromium.org>2022-04-13 12:15:53 -0700
commit75c1182e18f4a66bbd2c91511b6b629dac6a27dc (patch)
treee227b081222e07d16770746491389c6bad3fc1e1 /security
parent1109a5d907015005cdbe9eaa4fec40213e2f9010 (diff)
downloadlinux-75c1182e18f4a66bbd2c91511b6b629dac6a27dc.tar.bz2
security: don't treat structure as an array of struct hlist_head
The initialization of "security_hook_heads" is done by casting it to another structure pointer type, and treating it as an array of "struct hlist_head" objects. This requires an exception be made in "randstruct", because otherwise it will emit an error, reducing the effectiveness of the hardening technique. Instead of using a cast, initialize the individual struct hlist_head elements in security_hook_heads explicitly. This removes the need for the cast and randstruct exception. Signed-off-by: Bill Wendling <morbo@google.com> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220407175930.471870-1-morbo@google.com
Diffstat (limited to 'security')
-rw-r--r--security/security.c9
1 files changed, 4 insertions, 5 deletions
diff --git a/security/security.c b/security/security.c
index b7cf5cbfdc67..37a9eeb901e0 100644
--- a/security/security.c
+++ b/security/security.c
@@ -365,13 +365,12 @@ static void __init ordered_lsm_init(void)
int __init early_security_init(void)
{
- int i;
- struct hlist_head *list = (struct hlist_head *) &security_hook_heads;
struct lsm_info *lsm;
- for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head);
- i++)
- INIT_HLIST_HEAD(&list[i]);
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
+ INIT_HLIST_HEAD(&security_hook_heads.NAME);
+#include "linux/lsm_hook_defs.h"
+#undef LSM_HOOK
for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
if (!lsm->enabled)