diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig.hardening | 4 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
| -rw-r--r-- | security/keys/keyring.c | 2 | ||||
| -rw-r--r-- | security/security.c | 6 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/audit.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/common.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/file.c | 2 | ||||
| -rw-r--r-- | security/tomoyo/realpath.c | 9 |
10 files changed, 17 insertions, 16 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 995bc42003e6..d766b7d0ffd1 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -112,6 +112,7 @@ choice config INIT_STACK_ALL_PATTERN bool "pattern-init everything (strongest)" depends on CC_HAS_AUTO_VAR_INIT_PATTERN + depends on !KMSAN help Initializes everything on the stack (including padding) with a specific debug value. This is intended to eliminate @@ -130,6 +131,7 @@ choice config INIT_STACK_ALL_ZERO bool "zero-init everything (strongest and safest)" depends on CC_HAS_AUTO_VAR_INIT_ZERO + depends on !KMSAN help Initializes everything on the stack (including padding) with a zero value. This is intended to eliminate all @@ -224,6 +226,7 @@ config STACKLEAK_RUNTIME_DISABLE config INIT_ON_ALLOC_DEFAULT_ON bool "Enable heap memory zeroing on allocation by default" + depends on !KMSAN help This has the effect of setting "init_on_alloc=1" on the kernel command line. This can be disabled with "init_on_alloc=0". @@ -236,6 +239,7 @@ config INIT_ON_ALLOC_DEFAULT_ON config INIT_ON_FREE_DEFAULT_ON bool "Enable heap memory zeroing on free by default" + depends on !KMSAN help This has the effect of setting "init_on_free=1" on the kernel command line. This can be disabled with "init_on_free=0". diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index e29cade7b662..f56070270c69 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -614,7 +614,7 @@ static int apparmor_sb_pivotroot(const struct path *old_path, return error; } -static int apparmor_getprocattr(struct task_struct *task, char *name, +static int apparmor_getprocattr(struct task_struct *task, const char *name, char **value) { int error = -ENOENT; diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 5e6a90760753..4448758f643a 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -79,7 +79,7 @@ static void keyring_revoke(struct key *keyring); static void keyring_destroy(struct key *keyring); static void keyring_describe(const struct key *keyring, struct seq_file *m); static long keyring_read(const struct key *keyring, - char __user *buffer, size_t buflen); + char *buffer, size_t buflen); struct key_type key_type_keyring = { .name = "keyring", diff --git a/security/security.c b/security/security.c index 9696dd64095e..79d82cb6e469 100644 --- a/security/security.c +++ b/security/security.c @@ -52,6 +52,7 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_IOPORT] = "raw io port access", [LOCKDOWN_MSR] = "raw MSR access", [LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables", + [LOCKDOWN_DEVICE_TREE] = "modifying device tree contents", [LOCKDOWN_PCMCIA_CIS] = "direct PCMCIA CIS storage", [LOCKDOWN_TIOCSSERIAL] = "reconfiguration of serial port IO", [LOCKDOWN_MODULE_PARAMETERS] = "unsafe module parameters", @@ -60,6 +61,7 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_XMON_WR] = "xmon write access", [LOCKDOWN_BPF_WRITE_USER] = "use of bpf to write user RAM", [LOCKDOWN_DBG_WRITE_KERNEL] = "use of kgdb/kdb to write kernel RAM", + [LOCKDOWN_RTAS_ERROR_INJECTION] = "RTAS error injection", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_KCORE] = "/proc/kcore access", [LOCKDOWN_KPROBES] = "use of kprobes", @@ -2062,8 +2064,8 @@ void security_d_instantiate(struct dentry *dentry, struct inode *inode) } EXPORT_SYMBOL(security_d_instantiate); -int security_getprocattr(struct task_struct *p, const char *lsm, char *name, - char **value) +int security_getprocattr(struct task_struct *p, const char *lsm, + const char *name, char **value) { struct security_hook_list *hp; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f8b05f14284b..f553c370397e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6330,7 +6330,7 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) } static int selinux_getprocattr(struct task_struct *p, - char *name, char **value) + const char *name, char **value) { const struct task_security_struct *__tsec; u32 sid; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index dadcb9941da5..b6306d71c908 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3493,7 +3493,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode) * * Returns the length of the smack label or an error code */ -static int smack_getprocattr(struct task_struct *p, char *name, char **value) +static int smack_getprocattr(struct task_struct *p, const char *name, char **value) { struct smack_known *skp = smk_of_task_struct_obj(p); char *cp; diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index 023bedd9dfa3..7cf8fdbb29bf 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c @@ -423,7 +423,7 @@ void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) int len; va_start(args, fmt); - len = vsnprintf((char *) &len, 1, fmt, args) + 1; + len = vsnprintf(NULL, 0, fmt, args) + 1; va_end(args); va_start(args, fmt); tomoyo_write_log2(r, len, fmt, args); diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index ff17abc96e5c..f4cd9b58b205 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -2057,7 +2057,7 @@ int tomoyo_supervisor(struct tomoyo_request_info *r, const char *fmt, ...) bool quota_exceeded = false; va_start(args, fmt); - len = vsnprintf((char *) &len, 1, fmt, args) + 1; + len = vsnprintf(NULL, 0, fmt, args) + 1; va_end(args); /* Write /sys/kernel/security/tomoyo/audit. */ va_start(args, fmt); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 1e6077568fde..8f3b90b6e03d 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -717,7 +717,7 @@ int tomoyo_path_number_perm(const u8 type, const struct path *path, int idx; if (tomoyo_init_request_info(&r, NULL, tomoyo_pn2mac[type]) - == TOMOYO_CONFIG_DISABLED || !path->dentry) + == TOMOYO_CONFIG_DISABLED) return 0; idx = tomoyo_read_lock(); if (!tomoyo_get_realpath(&buf, path)) diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index df4798980416..1c483ee7f93d 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -240,11 +240,8 @@ char *tomoyo_realpath_from_path(const struct path *path) char *name = NULL; unsigned int buf_len = PAGE_SIZE / 2; struct dentry *dentry = path->dentry; - struct super_block *sb; + struct super_block *sb = dentry->d_sb; - if (!dentry) - return NULL; - sb = dentry->d_sb; while (1) { char *pos; struct inode *inode; @@ -264,10 +261,8 @@ char *tomoyo_realpath_from_path(const struct path *path) inode = d_backing_inode(sb->s_root); /* * Get local name for filesystems without rename() operation - * or dentry without vfsmount. */ - if (!path->mnt || - (!inode->i_op->rename && + if ((!inode->i_op->rename && !(sb->s_type->fs_flags & FS_REQUIRES_DEV))) pos = tomoyo_get_local_path(path->dentry, buf, buf_len - 1); |