[PATCH OLK-6.6 v4 0/2] KABI reservation for IMA and crypto
KABI reservation for IMA and crypto module. v4: Fixed remaining merge marks. v3: Reserve one more u64 for crypto related structs. v2: Changed reservation ordering, and more reservation. GUO Zihua (2): crypto: kabi: KABI reservation for crypto ima: kabi: KABI reservation for IMA include/crypto/aead.h | 7 +++++++ include/crypto/akcipher.h | 7 +++++++ include/crypto/algapi.h | 7 +++++++ include/crypto/cryptd.h | 3 +++ include/crypto/hash.h | 9 +++++++++ include/crypto/if_alg.h | 9 +++++++++ include/crypto/public_key.h | 5 +++++ include/crypto/rng.h | 5 +++++ include/crypto/skcipher.h | 7 +++++++ include/linux/crypto.h | 5 +++++ include/linux/fs.h | 2 ++ include/linux/kernel_read_file.h | 3 +++ include/linux/kexec.h | 5 +++++ include/linux/user_namespace.h | 3 +++ 14 files changed, 77 insertions(+) -- 2.34.1
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8RI9L -------------------------------- Reserve KABI for future crypto development. Signed-off-by: GUO Zihua <guozihua@huawei.com> --- include/crypto/aead.h | 7 +++++++ include/crypto/akcipher.h | 7 +++++++ include/crypto/algapi.h | 7 +++++++ include/crypto/cryptd.h | 3 +++ include/crypto/hash.h | 9 +++++++++ include/crypto/if_alg.h | 9 +++++++++ include/crypto/public_key.h | 5 +++++ include/crypto/rng.h | 5 +++++ include/crypto/skcipher.h | 7 +++++++ include/linux/crypto.h | 5 +++++ include/linux/kernel_read_file.h | 3 +++ include/linux/kexec.h | 5 +++++ 12 files changed, 72 insertions(+) diff --git a/include/crypto/aead.h b/include/crypto/aead.h index 35e45b854a6f..b7a2dca0c0ed 100644 --- a/include/crypto/aead.h +++ b/include/crypto/aead.h @@ -13,6 +13,7 @@ #include <linux/crypto.h> #include <linux/slab.h> #include <linux/types.h> +#include <linux/kabi.h> /** * DOC: Authenticated Encryption With Associated Data (AEAD) Cipher API @@ -97,6 +98,8 @@ struct aead_request { struct scatterlist *src; struct scatterlist *dst; + KABI_RESERVE(1); + KABI_RESERVE(2); void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -169,6 +172,8 @@ struct aead_alg { unsigned int ivsize; unsigned int maxauthsize; unsigned int chunksize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_alg base; }; @@ -177,6 +182,8 @@ struct crypto_aead { unsigned int authsize; unsigned int reqsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; }; diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h index 670508f1dca1..017553277f54 100644 --- a/include/crypto/akcipher.h +++ b/include/crypto/akcipher.h @@ -10,6 +10,7 @@ #include <linux/atomic.h> #include <linux/crypto.h> +#include <linux/kabi.h> /** * struct akcipher_request - public key request @@ -38,6 +39,8 @@ struct akcipher_request { struct scatterlist *dst; unsigned int src_len; unsigned int dst_len; + KABI_RESERVE(1); + KABI_RESERVE(2); void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -51,6 +54,8 @@ struct akcipher_request { struct crypto_akcipher { unsigned int reqsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; }; @@ -130,6 +135,8 @@ struct akcipher_alg { #ifdef CONFIG_CRYPTO_STATS struct crypto_istat_akcipher stat; #endif + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_alg base; }; diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index ca86f4c6ba43..1c8f8bb0694b 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -13,6 +13,7 @@ #include <linux/crypto.h> #include <linux/types.h> #include <linux/workqueue.h> +#include <linux/kabi.h> /* * Maximum values for blocksize and alignmask, used to allocate @@ -69,6 +70,8 @@ struct crypto_type { unsigned int maskclear; unsigned int maskset; unsigned int tfmsize; + KABI_RESERVE(1); + KABI_RESERVE(2); }; struct crypto_instance { @@ -84,6 +87,8 @@ struct crypto_instance { }; struct work_struct free_work; + KABI_RESERVE(1); + KABI_RESERVE(2); void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -111,6 +116,8 @@ struct crypto_spawn { u32 mask; bool dead; bool registered; + KABI_RESERVE(1); + KABI_RESERVE(2); }; struct crypto_queue { diff --git a/include/crypto/cryptd.h b/include/crypto/cryptd.h index 796d986e58e1..44054e4aaf9d 100644 --- a/include/crypto/cryptd.h +++ b/include/crypto/cryptd.h @@ -18,6 +18,7 @@ #include <crypto/aead.h> #include <crypto/hash.h> #include <crypto/skcipher.h> +#include <linux/kabi.h> struct cryptd_skcipher { struct crypto_skcipher base; @@ -32,6 +33,8 @@ bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm); void cryptd_free_skcipher(struct cryptd_skcipher *tfm); struct cryptd_ahash { + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_ahash base; }; diff --git a/include/crypto/hash.h b/include/crypto/hash.h index f7c2a22cd776..929889a89d89 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -11,6 +11,7 @@ #include <linux/atomic.h> #include <linux/crypto.h> #include <linux/string.h> +#include <linux/kabi.h> struct crypto_ahash; @@ -78,6 +79,8 @@ struct ahash_request { /* This field may only be used by the ahash API code. */ void *priv; + KABI_RESERVE(1); + KABI_RESERVE(2); void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -173,6 +176,8 @@ struct ahash_alg { }; struct shash_desc { + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_shash *tfm; void *__ctx[] __aligned(ARCH_SLAB_MINALIGN); }; @@ -262,11 +267,15 @@ struct crypto_ahash { unsigned int statesize; unsigned int reqsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; }; struct crypto_shash { unsigned int descsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; }; diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index ef8ce86b1f78..9707db268b0d 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -14,6 +14,7 @@ #include <linux/scatterlist.h> #include <linux/types.h> #include <linux/atomic.h> +#include <linux/kabi.h> #include <net/sock.h> #include <crypto/aead.h> @@ -32,6 +33,8 @@ struct alg_sock { const struct af_alg_type *type; void *private; + KABI_RESERVE(1); + KABI_RESERVE(2); }; struct af_alg_control { @@ -59,6 +62,9 @@ struct af_alg_sgl { struct sg_table sgt; struct scatterlist sgl[ALG_MAX_PAGES + 1]; bool need_unpin; + KABI_RESERVE(1); + KABI_RESERVE(2); + KABI_RESERVE(3); }; /* TX SGL entry */ @@ -154,6 +160,9 @@ struct af_alg_ctx { bool init; unsigned int len; + KABI_RESERVE(1); + KABI_RESERVE(2); + KABI_RESERVE(3); }; int af_alg_register_type(const struct af_alg_type *type); diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 462f8a34cdf8..af3fa5aafb42 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -12,6 +12,7 @@ #include <linux/keyctl.h> #include <linux/oid_registry.h> +#include <linux/kabi.h> /* * Cryptographic data for the public-key subtype of the asymmetric key type. @@ -29,6 +30,8 @@ struct public_key { const char *id_type; const char *pkey_algo; unsigned long key_eflags; /* key extension flags */ + KABI_RESERVE(1); + KABI_RESERVE(2); #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ @@ -48,6 +51,8 @@ struct public_key_signature { const char *pkey_algo; const char *hash_algo; const char *encoding; + KABI_RESERVE(1); + KABI_RESERVE(2); }; extern void public_key_signature_free(struct public_key_signature *sig); diff --git a/include/crypto/rng.h b/include/crypto/rng.h index 6abe5102e5fb..92e11b2ae0ff 100644 --- a/include/crypto/rng.h +++ b/include/crypto/rng.h @@ -12,6 +12,7 @@ #include <linux/atomic.h> #include <linux/container_of.h> #include <linux/crypto.h> +#include <linux/kabi.h> struct crypto_rng; @@ -68,11 +69,15 @@ struct rng_alg { #endif unsigned int seedsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_alg base; }; struct crypto_rng { + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; }; diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 080d1ba3611d..4a031bcb4ede 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -14,6 +14,7 @@ #include <linux/slab.h> #include <linux/string.h> #include <linux/types.h> +#include <linux/kabi.h> struct scatterlist; @@ -35,6 +36,8 @@ struct skcipher_request { struct scatterlist *dst; struct crypto_async_request base; + KABI_RESERVE(1); + KABI_RESERVE(2); void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -42,6 +45,8 @@ struct skcipher_request { struct crypto_skcipher { unsigned int reqsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; }; @@ -142,6 +147,8 @@ struct skcipher_alg { #endif struct crypto_alg base; + KABI_RESERVE(1); + KABI_RESERVE(2); }; #define MAX_SYNC_SKCIPHER_REQSIZE 384 diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 31f6fee0c36c..ccf6385a5cbd 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -16,6 +16,7 @@ #include <linux/refcount.h> #include <linux/slab.h> #include <linux/types.h> +#include <linux/kabi.h> /* * Algorithm masks and types. @@ -367,6 +368,8 @@ struct crypto_alg { void (*cra_destroy)(struct crypto_alg *alg); struct module *cra_module; + KABI_RESERVE(1); + KABI_RESERVE(2); } CRYPTO_MINALIGN_ATTR; /* @@ -429,6 +432,8 @@ struct crypto_tfm { void (*exit)(struct crypto_tfm *tfm); struct crypto_alg *__crt_alg; + KABI_RESERVE(1); + KABI_RESERVE(2); void *__crt_ctx[] CRYPTO_MINALIGN_ATTR; }; diff --git a/include/linux/kernel_read_file.h b/include/linux/kernel_read_file.h index 90451e2e12bd..79e6a8d6e6bd 100644 --- a/include/linux/kernel_read_file.h +++ b/include/linux/kernel_read_file.h @@ -14,6 +14,9 @@ id(KEXEC_INITRAMFS, kexec-initramfs) \ id(POLICY, security-policy) \ id(X509_CERTIFICATE, x509-certificate) \ + id(KABI_RESERVE1, KABI_RESERVE1) \ + id(KABI_RESERVE2, KABI_RESERVE2) \ + id(KABI_RESERVE3, KABI_RESERVE3) \ id(MAX_ID, ) #define __fid_enumify(ENUM, dummy) READING_ ## ENUM, diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 32c78078552c..e15a4bc473bc 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -21,6 +21,7 @@ #include <uapi/linux/kexec.h> #include <linux/verification.h> +#include <linux/kabi.h> /* Location of a reserved region to hold the crash kernel. */ @@ -368,6 +369,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + KABI_RESERVE(1); + KABI_RESERVE(2); + KABI_RESERVE(3); }; /* kexec interface functions */ -- 2.34.1
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8RI9L -------------------------------- KABI reservation for IMA and related modules. Signed-off-by: GUO Zihua <guozihua@huawei.com> --- include/linux/fs.h | 2 ++ include/linux/user_namespace.h | 3 +++ 2 files changed, 5 insertions(+) diff --git a/include/linux/fs.h b/include/linux/fs.h index cc34619424cf..238439cba869 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -44,6 +44,7 @@ #include <linux/mnt_idmapping.h> #include <linux/slab.h> #include <linux/tracepoint-defs.h> +#include <linux/kabi.h> #include <asm/byteorder.h> #include <uapi/linux/fs.h> @@ -1038,6 +1039,7 @@ struct file { errseq_t f_wb_err; errseq_t f_sb_err; /* for syncfs */ fmode_t f_ctl_mode; + KABI_RESERVE(1); } __randomize_layout __attribute__((aligned(4))); /* lest something weird decides that 2 is OK */ diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 45f09bec02c4..71ce00e85c29 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -10,6 +10,7 @@ #include <linux/rwsem.h> #include <linux/sysctl.h> #include <linux/err.h> +#include <linux/kabi.h> #define UID_GID_MAP_MAX_BASE_EXTENTS 5 #define UID_GID_MAP_MAX_EXTENTS 340 @@ -102,6 +103,8 @@ struct user_namespace { struct ucounts *ucounts; long ucount_max[UCOUNT_COUNTS]; long rlimit_max[UCOUNT_RLIMIT_COUNTS]; + KABI_RESERVE(1); + KABI_RESERVE(2); } __randomize_layout; struct ucounts { -- 2.34.1
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://gitee.com/openeuler/kernel/pulls/4279 邮件列表地址:https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/J... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/4279 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/J...
participants (2)
-
GUO Zihua -
patchwork bot