• R/O
  • SSH
  • HTTPS

akari: Commit


Commit MetaInfo

Revision592 (tree)
Zeit2018-04-09 22:45:44
Autorkumaneko

Log Message

(empty log message)

Ändern Zusammenfassung

Diff

--- trunk/akari/probe.c (revision 591)
+++ trunk/akari/probe.c (revision 592)
@@ -201,9 +201,15 @@
201201 do {
202202 struct security_hook_list *p;
203203
204+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
205+ hlist_for_each_entry(p, &probe_dummy_security_hook_heads.
206+ bprm_committed_creds, list)
207+ p->hook.bprm_committed_creds(bprm);
208+#else
204209 list_for_each_entry(p, &probe_dummy_security_hook_heads.
205210 bprm_committed_creds, list)
206211 p->hook.bprm_committed_creds(bprm);
212+#endif
207213 } while (0);
208214 }
209215
@@ -519,9 +525,15 @@
519525 }
520526 /* This should be "struct security_hook_heads security_hook_heads;". */
521527 shh = ((void *) (*(unsigned long *) cp)) - offset;
528+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
529+ hlist_for_each_entry(entry, &shh->bprm_set_creds, list)
530+ if (entry->hook.bprm_set_creds == cap)
531+ return shh;
532+#else
522533 list_for_each_entry(entry, &shh->bprm_set_creds, list)
523534 if (entry->hook.bprm_set_creds == cap)
524535 return shh;
536+#endif
525537 printk(KERN_ERR "Guessed security_hook_heads is 0x%lx\n",
526538 (unsigned long) shh);
527539 return NULL;
--- trunk/akari/lsm-4.12.c (revision 591)
+++ trunk/akari/lsm-4.12.c (revision 592)
@@ -1018,13 +1018,34 @@
10181018
10191019 static inline void add_hook(struct security_hook_list *hook)
10201020 {
1021+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
1022+ hlist_add_tail_rcu(&hook->list, hook->head);
1023+#else
10211024 list_add_tail_rcu(&hook->list, hook->head);
1025+#endif
10221026 }
10231027
10241028 static void __init swap_hook(struct security_hook_list *hook,
10251029 union security_list_options *original)
10261030 {
1031+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
1032+ struct hlist_head *list = hook->head;
1033+
1034+ if (hlist_empty(list)) {
1035+ add_hook(hook);
1036+ } else {
1037+ struct security_hook_list *shp =
1038+ hlist_entry(list->first, typeof(*shp), list);
1039+
1040+ while (shp->list.next)
1041+ shp = hlist_entry(shp->list.next, typeof(*shp), list);
1042+ *original = shp->hook;
1043+ smp_wmb();
1044+ shp->hook = hook->hook;
1045+ }
1046+#else
10271047 struct list_head *list = hook->head;
1048+
10281049 if (list_empty(list)) {
10291050 add_hook(hook);
10301051 } else {
@@ -1034,9 +1055,10 @@
10341055 smp_wmb();
10351056 shp->hook = hook->hook;
10361057 }
1058+#endif
10371059 }
10381060
1039-#if defined(CONFIG_STRICT_KERNEL_RWX) && !defined(SECURITY_WRITABLE_HOOKS)
1061+#if defined(CONFIG_STRICT_KERNEL_RWX) && !defined(CONFIG_SECURITY_WRITABLE_HOOKS)
10401062 #include <linux/uaccess.h> /* probe_kernel_write() */
10411063 #define NEED_TO_CHECK_HOOKS_ARE_WRITABLE
10421064
@@ -1068,6 +1090,23 @@
10681090 static bool __init check_ro_pages(struct security_hook_heads *hooks)
10691091 {
10701092 int i;
1093+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
1094+ struct hlist_head *list = &hooks->capable;
1095+
1096+ if (!probe_kernel_write(list, list, sizeof(void *)))
1097+ return true;
1098+ for (i = 0; i < ARRAY_SIZE(akari_hooks); i++) {
1099+ struct hlist_head *head = akari_hooks[i].head;
1100+ struct security_hook_list *shp;
1101+
1102+ if (!lsm_test_page_ro(&head->first))
1103+ return false;
1104+ hlist_for_each_entry(shp, head, list)
1105+ if (!lsm_test_page_ro(&shp->list.next) ||
1106+ !lsm_test_page_ro(&shp->list.pprev))
1107+ return false;
1108+ }
1109+#else
10711110 struct list_head *list = &hooks->capable;
10721111
10731112 if (!probe_kernel_write(list, list, sizeof(void *)))
@@ -1084,12 +1123,17 @@
10841123 !lsm_test_page_ro(&shp->list.prev))
10851124 return false;
10861125 }
1126+#endif
10871127 return true;
10881128 }
10891129 #else
10901130 static bool __init check_ro_pages(struct security_hook_heads *hooks)
10911131 {
1132+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
1133+ struct hlist_head *list = &hooks->capable;
1134+#else
10921135 struct list_head *list = &hooks->capable;
1136+#endif
10931137
10941138 return !probe_kernel_write(list, list, sizeof(void *));
10951139 }
--- branches/kportreserve/kpr.c (revision 591)
+++ branches/kportreserve/kpr.c (revision 592)
@@ -830,7 +830,7 @@
830830 };
831831
832832 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
833-#if defined(CONFIG_STRICT_KERNEL_RWX) && !defined(SECURITY_WRITABLE_HOOKS)
833+#if defined(CONFIG_STRICT_KERNEL_RWX) && !defined(CONFIG_SECURITY_WRITABLE_HOOKS)
834834 #include <linux/uaccess.h> /* probe_kernel_write() */
835835 #define NEED_TO_CHECK_HOOKS_ARE_WRITABLE
836836
@@ -861,6 +861,23 @@
861861
862862 static bool __init check_ro_pages(struct security_hook_heads *hooks)
863863 {
864+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
865+ struct hlist_head *list = &hooks->capable;
866+
867+ if (!probe_kernel_write(list, list, sizeof(void *)))
868+ return true;
869+ {
870+ struct hlist_head *head = kpr_hook.head;
871+ struct security_hook_list *shp;
872+
873+ if (!lsm_test_page_ro(&head->first))
874+ return false;
875+ hlist_for_each_entry(shp, head, list)
876+ if (!lsm_test_page_ro(&shp->list.next) ||
877+ !lsm_test_page_ro(&shp->list.pprev))
878+ return false;
879+ }
880+#else
864881 struct list_head *list = &hooks->capable;
865882
866883 if (!probe_kernel_write(list, list, sizeof(void *)))
@@ -877,12 +894,17 @@
877894 !lsm_test_page_ro(&shp->list.prev))
878895 return false;
879896 }
897+#endif
880898 return true;
881899 }
882900 #else
883901 static bool __init check_ro_pages(struct security_hook_heads *hooks)
884902 {
903+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
904+ struct hlist_head *list = &hooks->capable;
905+#else
885906 struct list_head *list = &hooks->capable;
907+#endif
886908
887909 return !probe_kernel_write(list, list, sizeof(void *));
888910 }
@@ -948,7 +970,11 @@
948970 for (idx = 0; idx < ro_pages_len; idx++)
949971 set_bit(_PAGE_BIT_RW, &(ro_pages[idx]->flags));
950972 #endif
973+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
974+ hlist_add_tail_rcu(&kpr_hook.list, kpr_hook.head);
975+#else
951976 list_add_tail_rcu(&kpr_hook.list, kpr_hook.head);
977+#endif
952978 #if defined(NEED_TO_CHECK_HOOKS_ARE_WRITABLE) && defined(CONFIG_X86)
953979 for (idx = 0; idx < ro_pages_len; idx++)
954980 clear_bit(_PAGE_BIT_RW, &(ro_pages[idx]->flags));
--- branches/kportreserve/probe.c (revision 591)
+++ branches/kportreserve/probe.c (revision 592)
@@ -201,9 +201,15 @@
201201 do {
202202 struct security_hook_list *p;
203203
204+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
205+ hlist_for_each_entry(p, &probe_dummy_security_hook_heads.
206+ bprm_committed_creds, list)
207+ p->hook.bprm_committed_creds(bprm);
208+#else
204209 list_for_each_entry(p, &probe_dummy_security_hook_heads.
205210 bprm_committed_creds, list)
206211 p->hook.bprm_committed_creds(bprm);
212+#endif
207213 } while (0);
208214 }
209215
@@ -519,9 +525,15 @@
519525 }
520526 /* This should be "struct security_hook_heads security_hook_heads;". */
521527 shh = ((void *) (*(unsigned long *) cp)) - offset;
528+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
529+ hlist_for_each_entry(entry, &shh->bprm_set_creds, list)
530+ if (entry->hook.bprm_set_creds == cap)
531+ return shh;
532+#else
522533 list_for_each_entry(entry, &shh->bprm_set_creds, list)
523534 if (entry->hook.bprm_set_creds == cap)
524535 return shh;
536+#endif
525537 printk(KERN_ERR "Guessed security_hook_heads is 0x%lx\n",
526538 (unsigned long) shh);
527539 return NULL;
--- branches/tasktracker/probe.c (revision 591)
+++ branches/tasktracker/probe.c (revision 592)
@@ -201,9 +201,15 @@
201201 do {
202202 struct security_hook_list *p;
203203
204+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
205+ hlist_for_each_entry(p, &probe_dummy_security_hook_heads.
206+ bprm_committed_creds, list)
207+ p->hook.bprm_committed_creds(bprm);
208+#else
204209 list_for_each_entry(p, &probe_dummy_security_hook_heads.
205210 bprm_committed_creds, list)
206211 p->hook.bprm_committed_creds(bprm);
212+#endif
207213 } while (0);
208214 }
209215
@@ -519,9 +525,15 @@
519525 }
520526 /* This should be "struct security_hook_heads security_hook_heads;". */
521527 shh = ((void *) (*(unsigned long *) cp)) - offset;
528+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
529+ hlist_for_each_entry(entry, &shh->bprm_set_creds, list)
530+ if (entry->hook.bprm_set_creds == cap)
531+ return shh;
532+#else
522533 list_for_each_entry(entry, &shh->bprm_set_creds, list)
523534 if (entry->hook.bprm_set_creds == cap)
524535 return shh;
536+#endif
525537 printk(KERN_ERR "Guessed security_hook_heads is 0x%lx\n",
526538 (unsigned long) shh);
527539 return NULL;
--- branches/tasktracker/tt.c (revision 591)
+++ branches/tasktracker/tt.c (revision 592)
@@ -607,13 +607,34 @@
607607
608608 static inline void add_hook(struct security_hook_list *hook)
609609 {
610+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
611+ hlist_add_tail_rcu(&hook->list, hook->head);
612+#else
610613 list_add_tail_rcu(&hook->list, hook->head);
614+#endif
611615 }
612616
613617 static void __init swap_hook(struct security_hook_list *hook,
614618 union security_list_options *original)
615619 {
620+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
621+ struct hlist_head *list = hook->head;
622+
623+ if (hlist_empty(list)) {
624+ add_hook(hook);
625+ } else {
626+ struct security_hook_list *shp =
627+ hlist_entry(list->first, typeof(*shp), list);
628+
629+ while (shp->list.next)
630+ shp = hlist_entry(shp->list.next, typeof(*shp), list);
631+ *original = shp->hook;
632+ smp_wmb();
633+ shp->hook = hook->hook;
634+ }
635+#else
616636 struct list_head *list = hook->head;
637+
617638 if (list_empty(list)) {
618639 add_hook(hook);
619640 } else {
@@ -623,10 +644,11 @@
623644 smp_wmb();
624645 shp->hook = hook->hook;
625646 }
647+#endif
626648 }
627649
628650 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
629-#if defined(CONFIG_STRICT_KERNEL_RWX) && !defined(SECURITY_WRITABLE_HOOKS)
651+#if defined(CONFIG_STRICT_KERNEL_RWX) && !defined(CONFIG_SECURITY_WRITABLE_HOOKS)
630652 #include <linux/uaccess.h> /* probe_kernel_write() */
631653 #define NEED_TO_CHECK_HOOKS_ARE_WRITABLE
632654
@@ -658,6 +680,23 @@
658680 static bool __init check_ro_pages(struct security_hook_heads *hooks)
659681 {
660682 int i;
683+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
684+ struct hlist_head *list = &hooks->capable;
685+
686+ if (!probe_kernel_write(list, list, sizeof(void *)))
687+ return true;
688+ for (i = 0; i < ARRAY_SIZE(tt_hooks); i++) {
689+ struct hlist_head *head = tt_hooks[i].head;
690+ struct security_hook_list *shp;
691+
692+ if (!lsm_test_page_ro(&head->first))
693+ return false;
694+ hlist_for_each_entry(shp, head, list)
695+ if (!lsm_test_page_ro(&shp->list.next) ||
696+ !lsm_test_page_ro(&shp->list.pprev))
697+ return false;
698+ }
699+#else
661700 struct list_head *list = &hooks->capable;
662701
663702 if (!probe_kernel_write(list, list, sizeof(void *)))
@@ -674,12 +713,17 @@
674713 !lsm_test_page_ro(&shp->list.prev))
675714 return false;
676715 }
716+#endif
677717 return true;
678718 }
679719 #else
680720 static bool __init check_ro_pages(struct security_hook_heads *hooks)
681721 {
722+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
723+ struct hlist_head *list = &hooks->capable;
724+#else
682725 struct list_head *list = &hooks->capable;
726+#endif
683727
684728 return !probe_kernel_write(list, list, sizeof(void *));
685729 }
@@ -752,10 +796,17 @@
752796 tt_hooks[idx].head = ((void *) hooks)
753797 + ((unsigned long) tt_hooks[idx].head)
754798 - ((unsigned long) &probe_dummy_security_hook_heads);
799+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
800+ if (!hlist_empty(tt_hooks[1].head) || !hlist_empty(tt_hooks[2].head)) {
801+ printk(KERN_INFO "TaskTracker module needs exclusive access to task_getsecid/secid_to_secctx hooks. Please restart the system with security=none kernel command line option.\n");
802+ return -EINVAL;
803+ }
804+#else
755805 if (!list_empty(tt_hooks[1].head) || !list_empty(tt_hooks[2].head)) {
756806 printk(KERN_INFO "TaskTracker module needs exclusive access to task_getsecid/secid_to_secctx hooks. Please restart the system with security=none kernel command line option.\n");
757807 return -EINVAL;
758808 }
809+#endif
759810 #if defined(NEED_TO_CHECK_HOOKS_ARE_WRITABLE)
760811 if (!check_ro_pages(hooks)) {
761812 printk(KERN_INFO "Can't update security_hook_heads due to write protected. Retry with rodata=0 kernel command line option added.\n");
Show on old repository browser