From 1e80cd1672bc77c96fa72205ba6db78dc10825b4 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Wed, 10 Oct 2018 17:18:18 -0700 Subject: vmlinux.lds.h: Avoid copy/paste of security_init section Avoid copy/paste by defining SECURITY_INIT in terms of SECURITY_INITCALL. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris Reviewed-by: John Johansen Signed-off-by: James Morris --- include/asm-generic/vmlinux.lds.h | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'include/asm-generic/vmlinux.lds.h') diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 7b75ff6e2fce..934a45395547 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -473,13 +473,6 @@ #define RODATA RO_DATA_SECTION(4096) #define RO_DATA(align) RO_DATA_SECTION(align) -#define SECURITY_INIT \ - .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ - __security_initcall_start = .; \ - KEEP(*(.security_initcall.init)) \ - __security_initcall_end = .; \ - } - /* * .text section. Map to function alignment to avoid address changes * during second ld run in second ld pass when generating System.map @@ -798,6 +791,12 @@ KEEP(*(.security_initcall.init)) \ __security_initcall_end = .; +/* Older linker script style for security init. */ +#define SECURITY_INIT \ + .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ + SECURITY_INITCALL \ + } + #ifdef CONFIG_BLK_DEV_INITRD #define INIT_RAM_FS \ . = ALIGN(4); \ -- cgit v1.2.3-59-g8ed1b From b048ae6e6c7062809e4398f4d0bfe80870715d3c Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Wed, 10 Oct 2018 17:18:19 -0700 Subject: LSM: Rename .security_initcall section to .lsm_info In preparation for switching from initcall to just a regular set of pointers in a section, rename the internal section name. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: James Morris Reviewed-by: John Johansen Signed-off-by: James Morris --- include/asm-generic/vmlinux.lds.h | 10 +++++----- include/linux/init.h | 4 ++-- security/security.c | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'include/asm-generic/vmlinux.lds.h') diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 934a45395547..5079a969e612 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -787,14 +787,14 @@ __con_initcall_end = .; #define SECURITY_INITCALL \ - __security_initcall_start = .; \ - KEEP(*(.security_initcall.init)) \ - __security_initcall_end = .; + __start_lsm_info = .; \ + KEEP(*(.lsm_info.init)) \ + __end_lsm_info = .; /* Older linker script style for security init. */ #define SECURITY_INIT \ - .security_initcall.init : AT(ADDR(.security_initcall.init) - LOAD_OFFSET) { \ - SECURITY_INITCALL \ + .lsm_info.init : AT(ADDR(.lsm_info.init) - LOAD_OFFSET) { \ + LSM_INFO \ } #ifdef CONFIG_BLK_DEV_INITRD diff --git a/include/linux/init.h b/include/linux/init.h index 2538d176dd1f..77636539e77c 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -133,7 +133,7 @@ static inline initcall_t initcall_from_entry(initcall_entry_t *entry) #endif extern initcall_entry_t __con_initcall_start[], __con_initcall_end[]; -extern initcall_entry_t __security_initcall_start[], __security_initcall_end[]; +extern initcall_entry_t __start_lsm_info[], __end_lsm_info[]; /* Used for contructor calls. */ typedef void (*ctor_fn_t)(void); @@ -236,7 +236,7 @@ extern bool initcall_debug; static exitcall_t __exitcall_##fn __exit_call = fn #define console_initcall(fn) ___define_initcall(fn,, .con_initcall) -#define security_initcall(fn) ___define_initcall(fn,, .security_initcall) +#define security_initcall(fn) ___define_initcall(fn,, .lsm_info) struct obs_kernel_param { const char *str; diff --git a/security/security.c b/security/security.c index 4cbcf244a965..892fe6b691cf 100644 --- a/security/security.c +++ b/security/security.c @@ -51,9 +51,9 @@ static void __init do_security_initcalls(void) initcall_t call; initcall_entry_t *ce; - ce = __security_initcall_start; + ce = __start_lsm_info; trace_initcall_level("security"); - while (ce < __security_initcall_end) { + while (ce < __end_lsm_info) { call = initcall_from_entry(ce); trace_initcall_start(call); ret = call(); -- cgit v1.2.3-59-g8ed1b From 3ac946d12e344a48c1192ef8910c6095a0d6a8ac Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Wed, 10 Oct 2018 17:18:22 -0700 Subject: vmlinux.lds.h: Move LSM_TABLE into INIT_DATA Since the struct lsm_info table is not an initcall, we can just move it into INIT_DATA like all the other tables. Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen Reviewed-by: James Morris Signed-off-by: James Morris --- arch/arc/kernel/vmlinux.lds.S | 1 - arch/arm/kernel/vmlinux-xip.lds.S | 1 - arch/arm64/kernel/vmlinux.lds.S | 1 - arch/h8300/kernel/vmlinux.lds.S | 1 - arch/microblaze/kernel/vmlinux.lds.S | 2 -- arch/powerpc/kernel/vmlinux.lds.S | 2 -- arch/um/include/asm/common.lds.S | 2 -- arch/xtensa/kernel/vmlinux.lds.S | 1 - include/asm-generic/vmlinux.lds.h | 24 +++++++++++------------- 9 files changed, 11 insertions(+), 24 deletions(-) (limited to 'include/asm-generic/vmlinux.lds.h') diff --git a/arch/arc/kernel/vmlinux.lds.S b/arch/arc/kernel/vmlinux.lds.S index f35ed578e007..8fb16bdabdcf 100644 --- a/arch/arc/kernel/vmlinux.lds.S +++ b/arch/arc/kernel/vmlinux.lds.S @@ -71,7 +71,6 @@ SECTIONS INIT_SETUP(L1_CACHE_BYTES) INIT_CALLS CON_INITCALL - SECURITY_INITCALL } .init.arch.info : { diff --git a/arch/arm/kernel/vmlinux-xip.lds.S b/arch/arm/kernel/vmlinux-xip.lds.S index 3593d5c1acd2..8c74037ade22 100644 --- a/arch/arm/kernel/vmlinux-xip.lds.S +++ b/arch/arm/kernel/vmlinux-xip.lds.S @@ -96,7 +96,6 @@ SECTIONS INIT_SETUP(16) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS } diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S index 605d1b60469c..7d23d591b03c 100644 --- a/arch/arm64/kernel/vmlinux.lds.S +++ b/arch/arm64/kernel/vmlinux.lds.S @@ -166,7 +166,6 @@ SECTIONS INIT_SETUP(16) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS *(.init.rodata.* .init.bss) /* from the EFI stub */ } diff --git a/arch/h8300/kernel/vmlinux.lds.S b/arch/h8300/kernel/vmlinux.lds.S index 35716a3048de..49f716c0a1df 100644 --- a/arch/h8300/kernel/vmlinux.lds.S +++ b/arch/h8300/kernel/vmlinux.lds.S @@ -56,7 +56,6 @@ SECTIONS __init_begin = .; INIT_TEXT_SECTION(4) INIT_DATA_SECTION(4) - SECURITY_INIT __init_end = .; _edata = . ; _begin_data = LOADADDR(.data); diff --git a/arch/microblaze/kernel/vmlinux.lds.S b/arch/microblaze/kernel/vmlinux.lds.S index 289d0e7f3e3a..e1f3e8741292 100644 --- a/arch/microblaze/kernel/vmlinux.lds.S +++ b/arch/microblaze/kernel/vmlinux.lds.S @@ -117,8 +117,6 @@ SECTIONS { CON_INITCALL } - SECURITY_INIT - __init_end_before_initramfs = .; .init.ramfs : AT(ADDR(.init.ramfs) - LOAD_OFFSET) { diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S index 07ae018e550e..105a976323aa 100644 --- a/arch/powerpc/kernel/vmlinux.lds.S +++ b/arch/powerpc/kernel/vmlinux.lds.S @@ -212,8 +212,6 @@ SECTIONS CON_INITCALL } - SECURITY_INIT - . = ALIGN(8); __ftr_fixup : AT(ADDR(__ftr_fixup) - LOAD_OFFSET) { __start___ftr_fixup = .; diff --git a/arch/um/include/asm/common.lds.S b/arch/um/include/asm/common.lds.S index 7adb4e6b658a..4049f2c46387 100644 --- a/arch/um/include/asm/common.lds.S +++ b/arch/um/include/asm/common.lds.S @@ -53,8 +53,6 @@ CON_INITCALL } - SECURITY_INIT - .exitcall : { __exitcall_begin = .; *(.exitcall.exit) diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S index a1c3edb8ad56..b727b18a68ac 100644 --- a/arch/xtensa/kernel/vmlinux.lds.S +++ b/arch/xtensa/kernel/vmlinux.lds.S @@ -197,7 +197,6 @@ SECTIONS INIT_SETUP(XCHAL_ICACHE_LINESIZE) INIT_CALLS CON_INITCALL - SECURITY_INITCALL INIT_RAM_FS } diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index 5079a969e612..b31ea8bdfef9 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -203,6 +203,15 @@ #define EARLYCON_TABLE() #endif +#ifdef CONFIG_SECURITY +#define LSM_TABLE() . = ALIGN(8); \ + __start_lsm_info = .; \ + KEEP(*(.lsm_info.init)) \ + __end_lsm_info = .; +#else +#define LSM_TABLE() +#endif + #define ___OF_TABLE(cfg, name) _OF_TABLE_##cfg(name) #define __OF_TABLE(cfg, name) ___OF_TABLE(cfg, name) #define OF_TABLE(cfg, name) __OF_TABLE(IS_ENABLED(cfg), name) @@ -597,7 +606,8 @@ IRQCHIP_OF_MATCH_TABLE() \ ACPI_PROBE_TABLE(irqchip) \ ACPI_PROBE_TABLE(timer) \ - EARLYCON_TABLE() + EARLYCON_TABLE() \ + LSM_TABLE() #define INIT_TEXT \ *(.init.text .init.text.*) \ @@ -786,17 +796,6 @@ KEEP(*(.con_initcall.init)) \ __con_initcall_end = .; -#define SECURITY_INITCALL \ - __start_lsm_info = .; \ - KEEP(*(.lsm_info.init)) \ - __end_lsm_info = .; - -/* Older linker script style for security init. */ -#define SECURITY_INIT \ - .lsm_info.init : AT(ADDR(.lsm_info.init) - LOAD_OFFSET) { \ - LSM_INFO \ - } - #ifdef CONFIG_BLK_DEV_INITRD #define INIT_RAM_FS \ . = ALIGN(4); \ @@ -963,7 +962,6 @@ INIT_SETUP(initsetup_align) \ INIT_CALLS \ CON_INITCALL \ - SECURITY_INITCALL \ INIT_RAM_FS \ } -- cgit v1.2.3-59-g8ed1b