diff options
| author | Sargun Dhillon <sargun@sargun.me> | 2018-03-28 21:28:23 -0400 |
|---|---|---|
| committer | James Morris <james.morris@microsoft.com> | 2018-03-30 22:18:27 -0400 |
| commit | df0ce17331e2501dbffc060041dfc6c5f85227b5 (patch) | |
| tree | 0336a2aa616f738572946bd41bdfbbe1efbf3a83 | |
| parent | 5893ed18a26d1f56b97c0290b0cbbc2d49d6de28 (diff) | |
security: convert security hooks to use hlist
This changes security_hook_heads to use hlist_heads instead of
the circular doubly-linked list heads. This should cut down
the size of the struct by about half.
In addition, it allows mutation of the hooks at the tail of the
callback list without having to modify the head. The longer-term
purpose of this is to enable making the heads read only.
Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Reviewed-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
| -rw-r--r-- | include/linux/lsm_hooks.h | 428 | ||||
| -rw-r--r-- | scripts/gcc-plugins/randomize_layout_plugin.c | 4 | ||||
| -rw-r--r-- | security/security.c | 22 |
3 files changed, 227 insertions, 227 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e0ac011d07a5..ac491137b10a 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h | |||
| @@ -1731,230 +1731,230 @@ union security_list_options { | |||
| 1731 | }; | 1731 | }; |
| 1732 | 1732 | ||
| 1733 | struct security_hook_heads { | 1733 | struct security_hook_heads { |
| 1734 | struct list_head binder_set_context_mgr; | 1734 | struct hlist_head binder_set_context_mgr; |
| 1735 | struct list_head binder_transaction; | 1735 | struct hlist_head binder_transaction; |
| 1736 | struct list_head binder_transfer_binder; | 1736 | struct hlist_head binder_transfer_binder; |
| 1737 | struct list_head binder_transfer_file; | 1737 | struct hlist_head binder_transfer_file; |
| 1738 | struct list_head ptrace_access_check; | 1738 | struct hlist_head ptrace_access_check; |
| 1739 | struct list_head ptrace_traceme; | 1739 | struct hlist_head ptrace_traceme; |
| 1740 | struct list_head capget; | 1740 | struct hlist_head capget; |
| 1741 | struct list_head capset; | 1741 | struct hlist_head capset; |
| 1742 | struct list_head capable; | 1742 | struct hlist_head capable; |
| 1743 | struct list_head quotactl; | 1743 | struct hlist_head quotactl; |
| 1744 | struct list_head quota_on; | 1744 | struct hlist_head quota_on; |
| 1745 | struct list_head syslog; | 1745 | struct hlist_head syslog; |
| 1746 | struct list_head settime; | 1746 | struct hlist_head settime; |
| 1747 | struct list_head vm_enough_memory; | 1747 | struct hlist_head vm_enough_memory; |
| 1748 | struct list_head bprm_set_creds; | 1748 | struct hlist_head bprm_set_creds; |
| 1749 | struct list_head bprm_check_security; | 1749 | struct hlist_head bprm_check_security; |
| 1750 | struct list_head bprm_committing_creds; | 1750 | struct hlist_head bprm_committing_creds; |
| 1751 | struct list_head bprm_committed_creds; | 1751 | struct hlist_head bprm_committed_creds; |
| 1752 | struct list_head sb_alloc_security; | 1752 | struct hlist_head sb_alloc_security; |
| 1753 | struct list_head sb_free_security; | 1753 | struct hlist_head sb_free_security; |
| 1754 | struct list_head sb_copy_data; | 1754 | struct hlist_head sb_copy_data; |
| 1755 | struct list_head sb_remount; | 1755 | struct hlist_head sb_remount; |
| 1756 | struct list_head sb_kern_mount; | 1756 | struct hlist_head sb_kern_mount; |
| 1757 | struct list_head sb_show_options; | 1757 | struct hlist_head sb_show_options; |
| 1758 | struct list_head sb_statfs; | 1758 | struct hlist_head sb_statfs; |
| 1759 | struct list_head sb_mount; | 1759 | struct hlist_head sb_mount; |
| 1760 | struct list_head sb_umount; | 1760 | struct hlist_head sb_umount; |
| 1761 | struct list_head sb_pivotroot; | 1761 | struct hlist_head sb_pivotroot; |
| 1762 | struct list_head sb_set_mnt_opts; | 1762 | struct hlist_head sb_set_mnt_opts; |
| 1763 | struct list_head sb_clone_mnt_opts; | 1763 | struct hlist_head sb_clone_mnt_opts; |
| 1764 | struct list_head sb_parse_opts_str; | 1764 | struct hlist_head sb_parse_opts_str; |
| 1765 | struct list_head dentry_init_security; | 1765 | struct hlist_head dentry_init_security; |
| 1766 | struct list_head dentry_create_files_as; | 1766 | struct hlist_head dentry_create_files_as; |
| 1767 | #ifdef CONFIG_SECURITY_PATH | 1767 | #ifdef CONFIG_SECURITY_PATH |
| 1768 | struct list_head path_unlink; | 1768 | struct hlist_head path_unlink; |
| 1769 | struct list_head path_mkdir; | 1769 | struct hlist_head path_mkdir; |
| 1770 | struct list_head path_rmdir; | 1770 | struct hlist_head path_rmdir; |
| 1771 | struct list_head path_mknod; | 1771 | struct hlist_head path_mknod; |
| 1772 | struct list_head path_truncate; | 1772 | struct hlist_head path_truncate; |
| 1773 | struct list_head path_symlink; | 1773 | struct hlist_head path_symlink; |
| 1774 | struct list_head path_link; | 1774 | struct hlist_head path_link; |
| 1775 | struct list_head path_rename; | 1775 | struct hlist_head path_rename; |
| 1776 | struct list_head path_chmod; | 1776 | struct hlist_head path_chmod; |
| 1777 | struct list_head path_chown; | 1777 | struct hlist_head path_chown; |
| 1778 | struct list_head path_chroot; | 1778 | struct hlist_head path_chroot; |
| 1779 | #endif | 1779 | #endif |
| 1780 | struct list_head inode_alloc_security; | 1780 | struct hlist_head inode_alloc_security; |
| 1781 | struct list_head inode_free_security; | 1781 | struct hlist_head inode_free_security; |
| 1782 | struct list_head inode_init_security; | 1782 | struct hlist_head inode_init_security; |
| 1783 | struct list_head inode_create; | 1783 | struct hlist_head inode_create; |
| 1784 | struct list_head inode_link; | 1784 | struct hlist_head inode_link; |
| 1785 | struct list_head inode_unlink; | 1785 | struct hlist_head inode_unlink; |
| 1786 | struct list_head inode_symlink; | 1786 | struct hlist_head inode_symlink; |
| 1787 | struct list_head inode_mkdir; | 1787 | struct hlist_head inode_mkdir; |
| 1788 | struct list_head inode_rmdir; | 1788 | struct hlist_head inode_rmdir; |
| 1789 | struct list_head inode_mknod; | 1789 | struct hlist_head inode_mknod; |
| 1790 | struct list_head inode_rename; | 1790 | struct hlist_head inode_rename; |
| 1791 | struct list_head inode_readlink; | 1791 | struct hlist_head inode_readlink; |
| 1792 | struct list_head inode_follow_link; | 1792 | struct hlist_head inode_follow_link; |
| 1793 | struct list_head inode_permission; | 1793 | struct hlist_head inode_permission; |
| 1794 | struct list_head inode_setattr; | 1794 | struct hlist_head inode_setattr; |
| 1795 | struct list_head inode_getattr; | 1795 | struct hlist_head inode_getattr; |
| 1796 | struct list_head inode_setxattr; | 1796 | struct hlist_head inode_setxattr; |
| 1797 | struct list_head inode_post_setxattr; | 1797 | struct hlist_head inode_post_setxattr; |
| 1798 | struct list_head inode_getxattr; | 1798 | struct hlist_head inode_getxattr; |
| 1799 | struct list_head inode_listxattr; | 1799 | struct hlist_head inode_listxattr; |
| 1800 | struct list_head inode_removexattr; | 1800 | struct hlist_head inode_removexattr; |
| 1801 | struct list_head inode_need_killpriv; | 1801 | struct hlist_head inode_need_killpriv; |
| 1802 | struct list_head inode_killpriv; | 1802 | struct hlist_head inode_killpriv; |
| 1803 | struct list_head inode_getsecurity; | 1803 | struct hlist_head inode_getsecurity; |
| 1804 | struct list_head inode_setsecurity; | 1804 | struct hlist_head inode_setsecurity; |
| 1805 | struct list_head inode_listsecurity; | 1805 | struct hlist_head inode_listsecurity; |
| 1806 | struct list_head inode_getsecid; | 1806 | struct hlist_head inode_getsecid; |
| 1807 | struct list_head inode_copy_up; | 1807 | struct hlist_head inode_copy_up; |
| 1808 | struct list_head inode_copy_up_xattr; | 1808 | struct hlist_head inode_copy_up_xattr; |
| 1809 | struct list_head file_permission; | 1809 | struct hlist_head file_permission; |
| 1810 | struct list_head file_alloc_security; | 1810 | struct hlist_head file_alloc_security; |
| 1811 | struct list_head file_free_security; | 1811 | struct hlist_head file_free_security; |
| 1812 | struct list_head file_ioctl; | 1812 | struct hlist_head file_ioctl; |
| 1813 | struct list_head mmap_addr; | 1813 | struct hlist_head mmap_addr; |
| 1814 | struct list_head mmap_file; | 1814 | struct hlist_head mmap_file; |
| 1815 | struct list_head file_mprotect; | 1815 | struct hlist_head file_mprotect; |
| 1816 | struct list_head file_lock; | 1816 | struct hlist_head file_lock; |
| 1817 | struct list_head file_fcntl; | 1817 | struct hlist_head file_fcntl; |
| 1818 | struct list_head file_set_fowner; | 1818 | struct hlist_head file_set_fowner; |
| 1819 | struct list_head file_send_sigiotask; | 1819 | struct hlist_head file_send_sigiotask; |
| 1820 | struct list_head file_receive; | 1820 | struct hlist_head file_receive; |
| 1821 | struct list_head file_open; | 1821 | struct hlist_head file_open; |
| 1822 | struct list_head task_alloc; | 1822 | struct hlist_head task_alloc; |
| 1823 | struct list_head task_free; | 1823 | struct hlist_head task_free; |
| 1824 | struct list_head cred_alloc_blank; | 1824 | struct hlist_head cred_alloc_blank; |
| 1825 | struct list_head cred_free; | 1825 | struct hlist_head cred_free; |
| 1826 | struct list_head cred_prepare; | 1826 | struct hlist_head cred_prepare; |
| 1827 | struct list_head cred_transfer; | 1827 | struct hlist_head cred_transfer; |
| 1828 | struct list_head kernel_act_as; | 1828 | struct hlist_head kernel_act_as; |
| 1829 | struct list_head kernel_create_files_as; | 1829 | struct hlist_head kernel_create_files_as; |
| 1830 | struct list_head kernel_read_file; | 1830 | struct hlist_head kernel_read_file; |
| 1831 | struct list_head kernel_post_read_file; | 1831 | struct hlist_head kernel_post_read_file; |
| 1832 | struct list_head kernel_module_request; | 1832 | struct hlist_head kernel_module_request; |
| 1833 | struct list_head task_fix_setuid; | 1833 | struct hlist_head task_fix_setuid; |
| 1834 | struct list_head task_setpgid; | 1834 | struct hlist_head task_setpgid; |
| 1835 | struct list_head task_getpgid; | 1835 | struct hlist_head task_getpgid; |
| 1836 | struct list_head task_getsid; | 1836 | struct hlist_head task_getsid; |
| 1837 | struct list_head task_getsecid; | 1837 | struct hlist_head task_getsecid; |
| 1838 | struct list_head task_setnice; | 1838 | struct hlist_head task_setnice; |
| 1839 | struct list_head task_setioprio; | 1839 | struct hlist_head task_setioprio; |
| 1840 | struct list_head task_getioprio; | 1840 | struct hlist_head task_getioprio; |
| 1841 | struct list_head task_prlimit; | 1841 | struct hlist_head task_prlimit; |
| 1842 | struct list_head task_setrlimit; | 1842 | struct hlist_head task_setrlimit; |
| 1843 | struct list_head task_setscheduler; | 1843 | struct hlist_head task_setscheduler; |
| 1844 | struct list_head task_getscheduler; | 1844 | struct hlist_head task_getscheduler; |
| 1845 | struct list_head task_movememory; | 1845 | struct hlist_head task_movememory; |
| 1846 | struct list_head task_kill; | 1846 | struct hlist_head task_kill; |
| 1847 | struct list_head task_prctl; | 1847 | struct hlist_head task_prctl; |
| 1848 | struct list_head task_to_inode; | 1848 | struct hlist_head task_to_inode; |
| 1849 | struct list_head ipc_permission; | 1849 | struct hlist_head ipc_permission; |
| 1850 | struct list_head ipc_getsecid; | 1850 | struct hlist_head ipc_getsecid; |
| 1851 | struct list_head msg_msg_alloc_security; | 1851 | struct hlist_head msg_msg_alloc_security; |
| 1852 | struct list_head msg_msg_free_security; | 1852 | struct hlist_head msg_msg_free_security; |
| 1853 | struct list_head msg_queue_alloc_security; | 1853 | struct hlist_head msg_queue_alloc_security; |
| 1854 | struct list_head msg_queue_free_security; | 1854 | struct hlist_head msg_queue_free_security; |
| 1855 | struct list_head msg_queue_associate; | 1855 | struct hlist_head msg_queue_associate; |
| 1856 | struct list_head msg_queue_msgctl; | 1856 | struct hlist_head msg_queue_msgctl; |
| 1857 | struct list_head msg_queue_msgsnd; | 1857 | struct hlist_head msg_queue_msgsnd; |
| 1858 | struct list_head msg_queue_msgrcv; | 1858 | struct hlist_head msg_queue_msgrcv; |
| 1859 | struct list_head shm_alloc_security; | 1859 | struct hlist_head shm_alloc_security; |
| 1860 | struct list_head shm_free_security; | 1860 | struct hlist_head shm_free_security; |
| 1861 | struct list_head shm_associate; | 1861 | struct hlist_head shm_associate; |
| 1862 | struct list_head shm_shmctl; | 1862 | struct hlist_head shm_shmctl; |
| 1863 | struct list_head shm_shmat; | 1863 | struct hlist_head shm_shmat; |
| 1864 | struct list_head sem_alloc_security; | 1864 | struct hlist_head sem_alloc_security; |
| 1865 | struct list_head sem_free_security; | 1865 | struct hlist_head sem_free_security; |
| 1866 | struct list_head sem_associate; | 1866 | struct hlist_head sem_associate; |
| 1867 | struct list_head sem_semctl; | 1867 | struct hlist_head sem_semctl; |
| 1868 | struct list_head sem_semop; | 1868 | struct hlist_head sem_semop; |
| 1869 | struct list_head netlink_send; | 1869 | struct hlist_head netlink_send; |
| 1870 | struct list_head d_instantiate; | 1870 | struct hlist_head d_instantiate; |
| 1871 | struct list_head getprocattr; | 1871 | struct hlist_head getprocattr; |
| 1872 | struct list_head setprocattr; | 1872 | struct hlist_head setprocattr; |
| 1873 | struct list_head ismaclabel; | 1873 | struct hlist_head ismaclabel; |
| 1874 | struct list_head secid_to_secctx; | 1874 | struct hlist_head secid_to_secctx; |
| 1875 | struct list_head secctx_to_secid; | 1875 | struct hlist_head secctx_to_secid; |
| 1876 | struct list_head release_secctx; | 1876 | struct hlist_head release_secctx; |
| 1877 | struct list_head inode_invalidate_secctx; | 1877 | struct hlist_head inode_invalidate_secctx; |
| 1878 | struct list_head inode_notifysecctx; | 1878 | struct hlist_head inode_notifysecctx; |
| 1879 | struct list_head inode_setsecctx; | 1879 | struct hlist_head inode_setsecctx; |
| 1880 | struct list_head inode_getsecctx; | 1880 | struct hlist_head inode_getsecctx; |
| 1881 | #ifdef CONFIG_SECURITY_NETWORK | 1881 | #ifdef CONFIG_SECURITY_NETWORK |
| 1882 | struct list_head unix_stream_connect; | 1882 | struct hlist_head unix_stream_connect; |
| 1883 | struct list_head unix_may_send; | 1883 | struct hlist_head unix_may_send; |
| 1884 | struct list_head socket_create; | 1884 | struct hlist_head socket_create; |
| 1885 | struct list_head socket_post_create; | 1885 | struct hlist_head socket_post_create; |
| 1886 | struct list_head socket_bind; | 1886 | struct hlist_head socket_bind; |
| 1887 | struct list_head socket_connect; | 1887 | struct hlist_head socket_connect; |
| 1888 | struct list_head socket_listen; | 1888 | struct hlist_head socket_listen; |
| 1889 | struct list_head socket_accept; | 1889 | struct hlist_head socket_accept; |
| 1890 | struct list_head socket_sendmsg; | 1890 | struct hlist_head socket_sendmsg; |
| 1891 | struct list_head socket_recvmsg; | 1891 | struct hlist_head socket_recvmsg; |
| 1892 | struct list_head socket_getsockname; | 1892 | struct hlist_head socket_getsockname; |
| 1893 | struct list_head socket_getpeername; | 1893 | struct hlist_head socket_getpeername; |
| 1894 | struct list_head socket_getsockopt; | 1894 | struct hlist_head socket_getsockopt; |
| 1895 | struct list_head socket_setsockopt; | 1895 | struct hlist_head socket_setsockopt; |
| 1896 | struct list_head socket_shutdown; | 1896 | struct hlist_head socket_shutdown; |
| 1897 | struct list_head socket_sock_rcv_skb; | 1897 | struct hlist_head socket_sock_rcv_skb; |
| 1898 | struct list_head socket_getpeersec_stream; | 1898 | struct hlist_head socket_getpeersec_stream; |
| 1899 | struct list_head socket_getpeersec_dgram; | 1899 | struct hlist_head socket_getpeersec_dgram; |
| 1900 | struct list_head sk_alloc_security; | 1900 | struct hlist_head sk_alloc_security; |
| 1901 | struct list_head sk_free_security; | 1901 | struct hlist_head sk_free_security; |
| 1902 | struct list_head sk_clone_security; | 1902 | struct hlist_head sk_clone_security; |
| 1903 | struct list_head sk_getsecid; | 1903 | struct hlist_head sk_getsecid; |
| 1904 | struct list_head sock_graft; | 1904 | struct hlist_head sock_graft; |
| 1905 | struct list_head inet_conn_request; | 1905 | struct hlist_head inet_conn_request; |
| 1906 | struct list_head inet_csk_clone; | 1906 | struct hlist_head inet_csk_clone; |
| 1907 | struct list_head inet_conn_established; | 1907 | struct hlist_head inet_conn_established; |
| 1908 | struct list_head secmark_relabel_packet; | 1908 | struct hlist_head secmark_relabel_packet; |
| 1909 | struct list_head secmark_refcount_inc; | 1909 | struct hlist_head secmark_refcount_inc; |
| 1910 | struct list_head secmark_refcount_dec; | 1910 | struct hlist_head secmark_refcount_dec; |
| 1911 | struct list_head req_classify_flow; | 1911 | struct hlist_head req_classify_flow; |
| 1912 | struct list_head tun_dev_alloc_security; | 1912 | struct hlist_head tun_dev_alloc_security; |
| 1913 | struct list_head tun_dev_free_security; | 1913 | struct hlist_head tun_dev_free_security; |
| 1914 | struct list_head tun_dev_create; | 1914 | struct hlist_head tun_dev_create; |
| 1915 | struct list_head tun_dev_attach_queue; | 1915 | struct hlist_head tun_dev_attach_queue; |
| 1916 | struct list_head tun_dev_attach; | 1916 | struct hlist_head tun_dev_attach; |
| 1917 | struct list_head tun_dev_open; | 1917 | struct hlist_head tun_dev_open; |
| 1918 | #endif /* CONFIG_SECURITY_NETWORK */ | 1918 | #endif /* CONFIG_SECURITY_NETWORK */ |
| 1919 | #ifdef CONFIG_SECURITY_INFINIBAND | 1919 | #ifdef CONFIG_SECURITY_INFINIBAND |
| 1920 | struct list_head ib_pkey_access; | 1920 | struct hlist_head ib_pkey_access; |
| 1921 | struct list_head ib_endport_manage_subnet; | 1921 | struct hlist_head ib_endport_manage_subnet; |
| 1922 | struct list_head ib_alloc_security; | 1922 | struct hlist_head ib_alloc_security; |
| 1923 | struct list_head ib_free_security; | 1923 | struct hlist_head ib_free_security; |
| 1924 | #endif /* CONFIG_SECURITY_INFINIBAND */ | 1924 | #endif /* CONFIG_SECURITY_INFINIBAND */ |
| 1925 | #ifdef CONFIG_SECURITY_NETWORK_XFRM | 1925 | #ifdef CONFIG_SECURITY_NETWORK_XFRM |
| 1926 | struct list_head xfrm_policy_alloc_security; | 1926 | struct hlist_head xfrm_policy_alloc_security; |
| 1927 | struct list_head xfrm_policy_clone_security; | 1927 | struct hlist_head xfrm_policy_clone_security; |
| 1928 | struct list_head xfrm_policy_free_security; | 1928 | struct hlist_head xfrm_policy_free_security; |
| 1929 | struct list_head xfrm_policy_delete_security; | 1929 | struct hlist_head xfrm_policy_delete_security; |
| 1930 | struct list_head xfrm_state_alloc; | 1930 | struct hlist_head xfrm_state_alloc; |
| 1931 | struct list_head xfrm_state_alloc_acquire; | 1931 | struct hlist_head xfrm_state_alloc_acquire; |
| 1932 | struct list_head xfrm_state_free_security; | 1932 | struct hlist_head xfrm_state_free_security; |
| 1933 | struct list_head xfrm_state_delete_security; | 1933 | struct hlist_head xfrm_state_delete_security; |
| 1934 | struct list_head xfrm_policy_lookup; | 1934 | struct hlist_head xfrm_policy_lookup; |
| 1935 | struct list_head xfrm_state_pol_flow_match; | 1935 | struct hlist_head xfrm_state_pol_flow_match; |
| 1936 | struct list_head xfrm_decode_session; | 1936 | struct hlist_head xfrm_decode_session; |
| 1937 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ | 1937 | #endif /* CONFIG_SECURITY_NETWORK_XFRM */ |
| 1938 | #ifdef CONFIG_KEYS | 1938 | #ifdef CONFIG_KEYS |
| 1939 | struct list_head key_alloc; | 1939 | struct hlist_head key_alloc; |
| 1940 | struct list_head key_free; | 1940 | struct hlist_head key_free; |
| 1941 | struct list_head key_permission; | 1941 | struct hlist_head key_permission; |
| 1942 | struct list_head key_getsecurity; | 1942 | struct hlist_head key_getsecurity; |
| 1943 | #endif /* CONFIG_KEYS */ | 1943 | #endif /* CONFIG_KEYS */ |
| 1944 | #ifdef CONFIG_AUDIT | 1944 | #ifdef CONFIG_AUDIT |
| 1945 | struct list_head audit_rule_init; | 1945 | struct hlist_head audit_rule_init; |
| 1946 | struct list_head audit_rule_known; | 1946 | struct hlist_head audit_rule_known; |
| 1947 | struct list_head audit_rule_match; | 1947 | struct hlist_head audit_rule_match; |
| 1948 | struct list_head audit_rule_free; | 1948 | struct hlist_head audit_rule_free; |
| 1949 | #endif /* CONFIG_AUDIT */ | 1949 | #endif /* CONFIG_AUDIT */ |
| 1950 | #ifdef CONFIG_BPF_SYSCALL | 1950 | #ifdef CONFIG_BPF_SYSCALL |
| 1951 | struct list_head bpf; | 1951 | struct hlist_head bpf; |
| 1952 | struct list_head bpf_map; | 1952 | struct hlist_head bpf_map; |
| 1953 | struct list_head bpf_prog; | 1953 | struct hlist_head bpf_prog; |
| 1954 | struct list_head bpf_map_alloc_security; | 1954 | struct hlist_head bpf_map_alloc_security; |
| 1955 | struct list_head bpf_map_free_security; | 1955 | struct hlist_head bpf_map_free_security; |
| 1956 | struct list_head bpf_prog_alloc_security; | 1956 | struct hlist_head bpf_prog_alloc_security; |
| 1957 | struct list_head bpf_prog_free_security; | 1957 | struct hlist_head bpf_prog_free_security; |
| 1958 | #endif /* CONFIG_BPF_SYSCALL */ | 1958 | #endif /* CONFIG_BPF_SYSCALL */ |
| 1959 | } __randomize_layout; | 1959 | } __randomize_layout; |
| 1960 | 1960 | ||
| @@ -1963,8 +1963,8 @@ struct security_hook_heads { | |||
| 1963 | * For use with generic list macros for common operations. | 1963 | * For use with generic list macros for common operations. |
| 1964 | */ | 1964 | */ |
| 1965 | struct security_hook_list { | 1965 | struct security_hook_list { |
| 1966 | struct list_head list; | 1966 | struct hlist_node list; |
| 1967 | struct list_head *head; | 1967 | struct hlist_head *head; |
| 1968 | union security_list_options hook; | 1968 | union security_list_options hook; |
| 1969 | char *lsm; | 1969 | char *lsm; |
| 1970 | } __randomize_layout; | 1970 | } __randomize_layout; |
| @@ -2003,7 +2003,7 @@ static inline void security_delete_hooks(struct security_hook_list *hooks, | |||
| 2003 | int i; | 2003 | int i; |
| 2004 | 2004 | ||
| 2005 | for (i = 0; i < count; i++) | 2005 | for (i = 0; i < count; i++) |
| 2006 | list_del_rcu(&hooks[i].list); | 2006 | hlist_del_rcu(&hooks[i].list); |
| 2007 | } | 2007 | } |
| 2008 | #endif /* CONFIG_SECURITY_SELINUX_DISABLE */ | 2008 | #endif /* CONFIG_SECURITY_SELINUX_DISABLE */ |
| 2009 | 2009 | ||
diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index c4a345c3715b..6d5bbd31db7f 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c | |||
| @@ -52,8 +52,8 @@ static const struct whitelist_entry whitelist[] = { | |||
| 52 | { "net/unix/af_unix.c", "unix_skb_parms", "char" }, | 52 | { "net/unix/af_unix.c", "unix_skb_parms", "char" }, |
| 53 | /* big_key payload.data struct splashing */ | 53 | /* big_key payload.data struct splashing */ |
| 54 | { "security/keys/big_key.c", "path", "void *" }, | 54 | { "security/keys/big_key.c", "path", "void *" }, |
| 55 | /* walk struct security_hook_heads as an array of struct list_head */ | 55 | /* walk struct security_hook_heads as an array of struct hlist_head */ |
| 56 | { "security/security.c", "list_head", "security_hook_heads" }, | 56 | { "security/security.c", "hlist_head", "security_hook_heads" }, |
| 57 | { } | 57 | { } |
| 58 | }; | 58 | }; |
| 59 | 59 | ||
diff --git a/security/security.c b/security/security.c index 14c291910d25..dd246a38b3f0 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -61,11 +61,11 @@ static void __init do_security_initcalls(void) | |||
| 61 | int __init security_init(void) | 61 | int __init security_init(void) |
| 62 | { | 62 | { |
| 63 | int i; | 63 | int i; |
| 64 | struct list_head *list = (struct list_head *) &security_hook_heads; | 64 | struct hlist_head *list = (struct hlist_head *) &security_hook_heads; |
| 65 | 65 | ||
| 66 | for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct list_head); | 66 | for (i = 0; i < sizeof(security_hook_heads) / sizeof(struct hlist_head); |
| 67 | i++) | 67 | i++) |
| 68 | INIT_LIST_HEAD(&list[i]); | 68 | INIT_HLIST_HEAD(&list[i]); |
| 69 | pr_info("Security Framework initialized\n"); | 69 | pr_info("Security Framework initialized\n"); |
| 70 | 70 | ||
| 71 | /* | 71 | /* |
| @@ -163,7 +163,7 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count, | |||
| 163 | 163 | ||
| 164 | for (i = 0; i < count; i++) { | 164 | for (i = 0; i < count; i++) { |
| 165 | hooks[i].lsm = lsm; | 165 | hooks[i].lsm = lsm; |
| 166 | list_add_tail_rcu(&hooks[i].list, hooks[i].head); | 166 | hlist_add_tail_rcu(&hooks[i].list, hooks[i].head); |
| 167 | } | 167 | } |
| 168 | if (lsm_append(lsm, &lsm_names) < 0) | 168 | if (lsm_append(lsm, &lsm_names) < 0) |
| 169 | panic("%s - Cannot get early memory.\n", __func__); | 169 | panic("%s - Cannot get early memory.\n", __func__); |
| @@ -201,7 +201,7 @@ EXPORT_SYMBOL(unregister_lsm_notifier); | |||
| 201 | do { \ | 201 | do { \ |
| 202 | struct security_hook_list *P; \ | 202 | struct security_hook_list *P; \ |
| 203 | \ | 203 | \ |
| 204 | list_for_each_entry(P, &security_hook_heads.FUNC, list) \ | 204 | hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \ |
| 205 | P->hook.FUNC(__VA_ARGS__); \ | 205 | P->hook.FUNC(__VA_ARGS__); \ |
| 206 | } while (0) | 206 | } while (0) |
| 207 | 207 | ||
| @@ -210,7 +210,7 @@ EXPORT_SYMBOL(unregister_lsm_notifier); | |||
| 210 | do { \ | 210 | do { \ |
| 211 | struct security_hook_list *P; \ | 211 | struct security_hook_list *P; \ |
| 212 | \ | 212 | \ |
| 213 | list_for_each_entry(P, &security_hook_heads.FUNC, list) { \ | 213 | hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \ |
| 214 | RC = P->hook.FUNC(__VA_ARGS__); \ | 214 | RC = P->hook.FUNC(__VA_ARGS__); \ |
| 215 | if (RC != 0) \ | 215 | if (RC != 0) \ |
| 216 | break; \ | 216 | break; \ |
| @@ -317,7 +317,7 @@ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) | |||
| 317 | * agree that it should be set it will. If any module | 317 | * agree that it should be set it will. If any module |
| 318 | * thinks it should not be set it won't. | 318 | * thinks it should not be set it won't. |
| 319 | */ | 319 | */ |
| 320 | list_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) { | 320 | hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) { |
| 321 | rc = hp->hook.vm_enough_memory(mm, pages); | 321 | rc = hp->hook.vm_enough_memory(mm, pages); |
| 322 | if (rc <= 0) { | 322 | if (rc <= 0) { |
| 323 | cap_sys_admin = 0; | 323 | cap_sys_admin = 0; |
| @@ -805,7 +805,7 @@ int security_inode_getsecurity(struct inode *inode, const char *name, void **buf | |||
| 805 | /* | 805 | /* |
| 806 | * Only one module will provide an attribute with a given name. | 806 | * Only one module will provide an attribute with a given name. |
| 807 | */ | 807 | */ |
| 808 | list_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) { | 808 | hlist_for_each_entry(hp, &security_hook_heads.inode_getsecurity, list) { |
| 809 | rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc); | 809 | rc = hp->hook.inode_getsecurity(inode, name, buffer, alloc); |
| 810 | if (rc != -EOPNOTSUPP) | 810 | if (rc != -EOPNOTSUPP) |
| 811 | return rc; | 811 | return rc; |
| @@ -823,7 +823,7 @@ int security_inode_setsecurity(struct inode *inode, const char *name, const void | |||
| 823 | /* | 823 | /* |
| 824 | * Only one module will provide an attribute with a given name. | 824 | * Only one module will provide an attribute with a given name. |
| 825 | */ | 825 | */ |
| 826 | list_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) { | 826 | hlist_for_each_entry(hp, &security_hook_heads.inode_setsecurity, list) { |
| 827 | rc = hp->hook.inode_setsecurity(inode, name, value, size, | 827 | rc = hp->hook.inode_setsecurity(inode, name, value, size, |
| 828 | flags); | 828 | flags); |
| 829 | if (rc != -EOPNOTSUPP) | 829 | if (rc != -EOPNOTSUPP) |
| @@ -1126,7 +1126,7 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3, | |||
| 1126 | int rc = -ENOSYS; | 1126 | int rc = -ENOSYS; |
| 1127 | struct security_hook_list *hp; | 1127 | struct security_hook_list *hp; |
| 1128 | 1128 | ||
| 1129 | list_for_each_entry(hp, &security_hook_heads.task_prctl, list) { | 1129 | hlist_for_each_entry(hp, &security_hook_heads.task_prctl, list) { |
| 1130 | thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5); | 1130 | thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5); |
| 1131 | if (thisrc != -ENOSYS) { | 1131 | if (thisrc != -ENOSYS) { |
| 1132 | rc = thisrc; | 1132 | rc = thisrc; |
| @@ -1629,7 +1629,7 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x, | |||
| 1629 | * For speed optimization, we explicitly break the loop rather than | 1629 | * For speed optimization, we explicitly break the loop rather than |
| 1630 | * using the macro | 1630 | * using the macro |
| 1631 | */ | 1631 | */ |
| 1632 | list_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match, | 1632 | hlist_for_each_entry(hp, &security_hook_heads.xfrm_state_pol_flow_match, |
| 1633 | list) { | 1633 | list) { |
| 1634 | rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl); | 1634 | rc = hp->hook.xfrm_state_pol_flow_match(x, xp, fl); |
| 1635 | break; | 1635 | break; |