diff options
author | Bill Wendling <morbo@google.com> | 2022-04-07 10:59:30 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2022-04-13 12:15:53 -0700 |
commit | 75c1182e18f4a66bbd2c91511b6b629dac6a27dc (patch) | |
tree | e227b081222e07d16770746491389c6bad3fc1e1 /security | |
parent | 1109a5d907015005cdbe9eaa4fec40213e2f9010 (diff) | |
download | linux-75c1182e18f4a66bbd2c91511b6b629dac6a27dc.tar.bz2 |
security: don't treat structure as an array of struct hlist_head
The initialization of "security_hook_heads" is done by casting it to
another structure pointer type, and treating it as an array of "struct
hlist_head" objects. This requires an exception be made in "randstruct",
because otherwise it will emit an error, reducing the effectiveness of
the hardening technique.
Instead of using a cast, initialize the individual struct hlist_head
elements in security_hook_heads explicitly. This removes the need for
the cast and randstruct exception.
Signed-off-by: Bill Wendling <morbo@google.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220407175930.471870-1-morbo@google.com
Diffstat (limited to 'security')
-rw-r--r-- | security/security.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/security/security.c b/security/security.c index b7cf5cbfdc67..37a9eeb901e0 100644 --- a/security/security.c +++ b/security/security.c @@ -365,13 +365,12 @@ static void __init ordered_lsm_init(void) int __init early_security_init(void) { - int i; - struct hlist_head *list = (struct hlist_head *) &security_hook_heads; struct lsm_info *lsm; - for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); - i++) - INIT_HLIST_HEAD(&list[i]); +#define LSM_HOOK(RET, DEFAULT, NAME, ...) \ + INIT_HLIST_HEAD(&security_hook_heads.NAME); +#include "linux/lsm_hook_defs.h" +#undef LSM_HOOK for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { if (!lsm->enabled) |