From: Guo Zihua guozihua@huawei.com
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4REJ3 CVE: NA
---------------------------
KABI reservation for IMA namespace
reference: https://gitee.com/openeuler/kernel/issues/I49KW1
Signed-off-by: Guo Zihua guozihua@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Reviewed-by: weiyang wang wangweiyang2@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- include/linux/fs.h | 2 ++ include/linux/key-type.h | 2 ++ include/linux/key.h | 2 ++ include/linux/nsproxy.h | 9 +++++++++ include/linux/proc_ns.h | 2 +- 5 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/include/linux/fs.h b/include/linux/fs.h index b7f96c3c52ac..db632747781a 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -968,6 +968,8 @@ struct file { struct address_space *f_mapping; errseq_t f_wb_err; errseq_t f_sb_err; /* for syncfs */ + + KABI_RESERVE(1) } __randomize_layout __attribute__((aligned(4))); /* lest something weird decides that 2 is OK */
diff --git a/include/linux/key-type.h b/include/linux/key-type.h index 2ab2d6d6aeab..9a595cc831ea 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h @@ -10,6 +10,7 @@
#include <linux/key.h> #include <linux/errno.h> +#include <linux/kabi.h>
#ifdef CONFIG_KEYS
@@ -55,6 +56,7 @@ struct key_match_data { unsigned lookup_type; /* Type of lookup for this search. */ #define KEYRING_SEARCH_LOOKUP_DIRECT 0x0000 /* Direct lookup by description. */ #define KEYRING_SEARCH_LOOKUP_ITERATE 0x0001 /* Iterative search. */ + KABI_RESERVE(1) };
/* diff --git a/include/linux/key.h b/include/linux/key.h index eed3ce139a32..6657ca910034 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -20,6 +20,7 @@ #include <linux/assoc_array.h> #include <linux/refcount.h> #include <linux/time64.h> +#include <linux/kabi.h>
#ifdef __KERNEL__ #include <linux/uidgid.h> @@ -272,6 +273,7 @@ struct key { * restriction. */ struct key_restriction *restrict_link; + KABI_RESERVE(1) };
extern struct key *key_alloc(struct key_type *type, diff --git a/include/linux/nsproxy.h b/include/linux/nsproxy.h index cdb171efc7cb..be2d42c27780 100644 --- a/include/linux/nsproxy.h +++ b/include/linux/nsproxy.h @@ -4,6 +4,7 @@
#include <linux/spinlock.h> #include <linux/sched.h> +#include <linux/kabi.h>
struct mnt_namespace; struct uts_namespace; @@ -38,6 +39,14 @@ struct nsproxy { struct time_namespace *time_ns; struct time_namespace *time_ns_for_children; struct cgroup_namespace *cgroup_ns; + KABI_RESERVE(1) + KABI_RESERVE(2) + KABI_RESERVE(3) + KABI_RESERVE(4) + KABI_RESERVE(5) + KABI_RESERVE(6) + KABI_RESERVE(7) + KABI_RESERVE(8) }; extern struct nsproxy init_nsproxy;
diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h index 75807ecef880..81e99aa97cd7 100644 --- a/include/linux/proc_ns.h +++ b/include/linux/proc_ns.h @@ -16,7 +16,7 @@ struct inode; struct proc_ns_operations { const char *name; const char *real_ns_name; - int type; + u64 type; struct ns_common *(*get)(struct task_struct *task); void (*put)(struct ns_common *ns); int (*install)(struct nsset *nsset, struct ns_common *ns);