| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Nov 2011 15:41:04 -0500 From: Paul Gortmaker <paul.gortmaker@...driver.com> To: Al Viro <viro@...iv.linux.org.uk> Cc: linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [RFC][PATCH] trimming includes from linux/security.h On Wed, Nov 30, 2011 at 1:50 AM, Al Viro <viro@...iv.linux.org.uk> wrote: > linux/security.h pulls a lot of garbage; most of it can be avoided > by several more struct ....; added in there, the rest is a matter of adding > explicit includes in places that (weirdly) relied on security.h to pull > what they wanted. Plus taking round_hit_to_min() to the only place using > it (mm/mmap.c)... > > NOTE: it almost certainly won't build on some configs; it *does* > survive allmodconfig on amd64, but that's all it had been tested on. Help > with review and (build-)testing would be very appreciated... Fortunately, > all breakage will show up on build, which makes finding it less painful. > > Signed-off-by: Al Viro <viro@...iv.linux.org.uk> Hi Al, I did some testing on this for powerpc and arm. The one snag I came across was that security.h uses things like current->mm and fields in task_struct, so you get fallout like I've pasted below. But to put sched.h (and all its 300 sub-includes) back into security.h kind of defeats the purpose of what you were trying to do, I think. A proper fix would be to somehow really make security.h a real standalone header, via using defines instead of inlines or similar? For now, I just added sched.h to the files that were breaking, but it seems wrong to penalize random C files for the breakage in the security.h header file. This tree seems to survive most powerpc and arm defconfigs: http://git.kernel.org/?p=linux/kernel/git/paulg/linux.git;a=shortlog;h=refs/heads/al-security-Nov30 but as I said above, I'm not really liking the last commit on it that adds sched.h to 20-odd files. Paul. --- In file included from /home/paul/git/linux-head/fs/super.c:28: /home/paul/git/linux-head/include/linux/security.h: In function 'security_real_capable': /home/paul/git/linux-head/include/linux/security.h:1890: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1890: warning: type defaults to 'int' in declaration of '_________p1' /home/paul/git/linux-head/include/linux/security.h:1890: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1890: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1890: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1890: warning: type defaults to 'int' in declaration of 'type name' /home/paul/git/linux-head/include/linux/security.h:1890: warning: type defaults to 'int' in declaration of 'type name' /home/paul/git/linux-head/include/linux/security.h:1890: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1890: warning: type defaults to 'int' in declaration of 'type name' /home/paul/git/linux-head/include/linux/security.h:1890: warning: passing argument 2 of 'cap_capable' from incompatible pointer type /home/paul/git/linux-head/include/linux/security.h:71: note: expected 'const struct cred *' but argument is of type 'int *' /home/paul/git/linux-head/include/linux/security.h: In function 'security_real_capable_noaudit': /home/paul/git/linux-head/include/linux/security.h:1901: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1901: warning: type defaults to 'int' in declaration of '_________p1' /home/paul/git/linux-head/include/linux/security.h:1901: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1901: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1901: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1901: warning: type defaults to 'int' in declaration of 'type name' /home/paul/git/linux-head/include/linux/security.h:1901: warning: type defaults to 'int' in declaration of 'type name' /home/paul/git/linux-head/include/linux/security.h:1901: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1901: warning: type defaults to 'int' in declaration of 'type name' /home/paul/git/linux-head/include/linux/security.h:1902: warning: passing argument 2 of 'cap_capable' from incompatible pointer type /home/paul/git/linux-head/include/linux/security.h:71: note: expected 'const struct cred *' but argument is of type 'int *' /home/paul/git/linux-head/include/linux/security.h: In function 'security_vm_enough_memory': /home/paul/git/linux-head/include/linux/security.h:1931: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h:1932: error: dereferencing pointer to incomplete type /home/paul/git/linux-head/include/linux/security.h: In function 'security_vm_enough_memory_kern': /home/paul/git/linux-head/include/linux/security.h:1945: error: dereferencing pointer to incomplete type make[3]: *** [fs/super.o] Error 1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists