KABI reservation for IMA and crypto module.
v3: Reserve one more u64 for crypto related structs.
v2: Changed reservation ordering, and more reservation.
GUO Zihua (2): crypto: kabi: KABI reservation for crypto ima: kabi: KABI reservation for IMA
include/crypto/aead.h | 7 +++++++ include/crypto/akcipher.h | 7 +++++++ include/crypto/algapi.h | 7 +++++++ include/crypto/cryptd.h | 3 +++ include/crypto/hash.h | 9 +++++++++ include/crypto/if_alg.h | 9 +++++++++ include/crypto/public_key.h | 5 +++++ include/crypto/rng.h | 5 +++++ include/crypto/skcipher.h | 7 +++++++ include/linux/crypto.h | 5 +++++ include/linux/fs.h | 5 +++++ include/linux/kernel_read_file.h | 3 +++ include/linux/kexec.h | 5 +++++ include/linux/user_namespace.h | 3 +++ 14 files changed, 80 insertions(+)
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8RI9L
--------------------------------
Reserve KABI for future crypto development.
Signed-off-by: GUO Zihua guozihua@huawei.com --- include/crypto/aead.h | 7 +++++++ include/crypto/akcipher.h | 7 +++++++ include/crypto/algapi.h | 7 +++++++ include/crypto/cryptd.h | 3 +++ include/crypto/hash.h | 9 +++++++++ include/crypto/if_alg.h | 9 +++++++++ include/crypto/public_key.h | 5 +++++ include/crypto/rng.h | 5 +++++ include/crypto/skcipher.h | 7 +++++++ include/linux/crypto.h | 5 +++++ include/linux/kernel_read_file.h | 3 +++ include/linux/kexec.h | 5 +++++ 12 files changed, 72 insertions(+)
diff --git a/include/crypto/aead.h b/include/crypto/aead.h index 35e45b854a6f..b7a2dca0c0ed 100644 --- a/include/crypto/aead.h +++ b/include/crypto/aead.h @@ -13,6 +13,7 @@ #include <linux/crypto.h> #include <linux/slab.h> #include <linux/types.h> +#include <linux/kabi.h>
/** * DOC: Authenticated Encryption With Associated Data (AEAD) Cipher API @@ -97,6 +98,8 @@ struct aead_request {
struct scatterlist *src; struct scatterlist *dst; + KABI_RESERVE(1); + KABI_RESERVE(2);
void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -169,6 +172,8 @@ struct aead_alg { unsigned int ivsize; unsigned int maxauthsize; unsigned int chunksize; + KABI_RESERVE(1); + KABI_RESERVE(2);
struct crypto_alg base; }; @@ -177,6 +182,8 @@ struct crypto_aead { unsigned int authsize; unsigned int reqsize;
+ KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; };
diff --git a/include/crypto/akcipher.h b/include/crypto/akcipher.h index 670508f1dca1..017553277f54 100644 --- a/include/crypto/akcipher.h +++ b/include/crypto/akcipher.h @@ -10,6 +10,7 @@
#include <linux/atomic.h> #include <linux/crypto.h> +#include <linux/kabi.h>
/** * struct akcipher_request - public key request @@ -38,6 +39,8 @@ struct akcipher_request { struct scatterlist *dst; unsigned int src_len; unsigned int dst_len; + KABI_RESERVE(1); + KABI_RESERVE(2); void *__ctx[] CRYPTO_MINALIGN_ATTR; };
@@ -51,6 +54,8 @@ struct akcipher_request { struct crypto_akcipher { unsigned int reqsize;
+ KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; };
@@ -130,6 +135,8 @@ struct akcipher_alg { #ifdef CONFIG_CRYPTO_STATS struct crypto_istat_akcipher stat; #endif + KABI_RESERVE(1); + KABI_RESERVE(2);
struct crypto_alg base; }; diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index ca86f4c6ba43..1c8f8bb0694b 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -13,6 +13,7 @@ #include <linux/crypto.h> #include <linux/types.h> #include <linux/workqueue.h> +#include <linux/kabi.h>
/* * Maximum values for blocksize and alignmask, used to allocate @@ -69,6 +70,8 @@ struct crypto_type { unsigned int maskclear; unsigned int maskset; unsigned int tfmsize; + KABI_RESERVE(1); + KABI_RESERVE(2); };
struct crypto_instance { @@ -84,6 +87,8 @@ struct crypto_instance { };
struct work_struct free_work; + KABI_RESERVE(1); + KABI_RESERVE(2);
void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -111,6 +116,8 @@ struct crypto_spawn { u32 mask; bool dead; bool registered; + KABI_RESERVE(1); + KABI_RESERVE(2); };
struct crypto_queue { diff --git a/include/crypto/cryptd.h b/include/crypto/cryptd.h index 796d986e58e1..44054e4aaf9d 100644 --- a/include/crypto/cryptd.h +++ b/include/crypto/cryptd.h @@ -18,6 +18,7 @@ #include <crypto/aead.h> #include <crypto/hash.h> #include <crypto/skcipher.h> +#include <linux/kabi.h>
struct cryptd_skcipher { struct crypto_skcipher base; @@ -32,6 +33,8 @@ bool cryptd_skcipher_queued(struct cryptd_skcipher *tfm); void cryptd_free_skcipher(struct cryptd_skcipher *tfm);
struct cryptd_ahash { + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_ahash base; };
diff --git a/include/crypto/hash.h b/include/crypto/hash.h index f7c2a22cd776..929889a89d89 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -11,6 +11,7 @@ #include <linux/atomic.h> #include <linux/crypto.h> #include <linux/string.h> +#include <linux/kabi.h>
struct crypto_ahash;
@@ -78,6 +79,8 @@ struct ahash_request {
/* This field may only be used by the ahash API code. */ void *priv; + KABI_RESERVE(1); + KABI_RESERVE(2);
void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -173,6 +176,8 @@ struct ahash_alg { };
struct shash_desc { + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_shash *tfm; void *__ctx[] __aligned(ARCH_SLAB_MINALIGN); }; @@ -262,11 +267,15 @@ struct crypto_ahash {
unsigned int statesize; unsigned int reqsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; };
struct crypto_shash { unsigned int descsize; + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; };
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index ef8ce86b1f78..9707db268b0d 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -14,6 +14,7 @@ #include <linux/scatterlist.h> #include <linux/types.h> #include <linux/atomic.h> +#include <linux/kabi.h> #include <net/sock.h>
#include <crypto/aead.h> @@ -32,6 +33,8 @@ struct alg_sock {
const struct af_alg_type *type; void *private; + KABI_RESERVE(1); + KABI_RESERVE(2); };
struct af_alg_control { @@ -59,6 +62,9 @@ struct af_alg_sgl { struct sg_table sgt; struct scatterlist sgl[ALG_MAX_PAGES + 1]; bool need_unpin; + KABI_RESERVE(1); + KABI_RESERVE(2); + KABI_RESERVE(3); };
/* TX SGL entry */ @@ -154,6 +160,9 @@ struct af_alg_ctx { bool init;
unsigned int len; + KABI_RESERVE(1); + KABI_RESERVE(2); + KABI_RESERVE(3); };
int af_alg_register_type(const struct af_alg_type *type); diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 462f8a34cdf8..af3fa5aafb42 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -12,6 +12,7 @@
#include <linux/keyctl.h> #include <linux/oid_registry.h> +#include <linux/kabi.h>
/* * Cryptographic data for the public-key subtype of the asymmetric key type. @@ -29,6 +30,8 @@ struct public_key { const char *id_type; const char *pkey_algo; unsigned long key_eflags; /* key extension flags */ + KABI_RESERVE(1); + KABI_RESERVE(2); #define KEY_EFLAG_CA 0 /* set if the CA basic constraints is set */ #define KEY_EFLAG_DIGITALSIG 1 /* set if the digitalSignature usage is set */ #define KEY_EFLAG_KEYCERTSIGN 2 /* set if the keyCertSign usage is set */ @@ -48,6 +51,8 @@ struct public_key_signature { const char *pkey_algo; const char *hash_algo; const char *encoding; + KABI_RESERVE(1); + KABI_RESERVE(2); };
extern void public_key_signature_free(struct public_key_signature *sig); diff --git a/include/crypto/rng.h b/include/crypto/rng.h index 6abe5102e5fb..92e11b2ae0ff 100644 --- a/include/crypto/rng.h +++ b/include/crypto/rng.h @@ -12,6 +12,7 @@ #include <linux/atomic.h> #include <linux/container_of.h> #include <linux/crypto.h> +#include <linux/kabi.h>
struct crypto_rng;
@@ -68,11 +69,15 @@ struct rng_alg { #endif
unsigned int seedsize; + KABI_RESERVE(1); + KABI_RESERVE(2);
struct crypto_alg base; };
struct crypto_rng { + KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; };
diff --git a/include/crypto/skcipher.h b/include/crypto/skcipher.h index 080d1ba3611d..4a031bcb4ede 100644 --- a/include/crypto/skcipher.h +++ b/include/crypto/skcipher.h @@ -14,6 +14,7 @@ #include <linux/slab.h> #include <linux/string.h> #include <linux/types.h> +#include <linux/kabi.h>
struct scatterlist;
@@ -35,6 +36,8 @@ struct skcipher_request { struct scatterlist *dst;
struct crypto_async_request base; + KABI_RESERVE(1); + KABI_RESERVE(2);
void *__ctx[] CRYPTO_MINALIGN_ATTR; }; @@ -42,6 +45,8 @@ struct skcipher_request { struct crypto_skcipher { unsigned int reqsize;
+ KABI_RESERVE(1); + KABI_RESERVE(2); struct crypto_tfm base; };
@@ -142,6 +147,8 @@ struct skcipher_alg { #endif
struct crypto_alg base; + KABI_RESERVE(1); + KABI_RESERVE(2); };
#define MAX_SYNC_SKCIPHER_REQSIZE 384 diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 31f6fee0c36c..ccf6385a5cbd 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -16,6 +16,7 @@ #include <linux/refcount.h> #include <linux/slab.h> #include <linux/types.h> +#include <linux/kabi.h>
/* * Algorithm masks and types. @@ -367,6 +368,8 @@ struct crypto_alg { void (*cra_destroy)(struct crypto_alg *alg); struct module *cra_module; + KABI_RESERVE(1); + KABI_RESERVE(2); } CRYPTO_MINALIGN_ATTR;
/* @@ -429,6 +432,8 @@ struct crypto_tfm { void (*exit)(struct crypto_tfm *tfm); struct crypto_alg *__crt_alg; + KABI_RESERVE(1); + KABI_RESERVE(2);
void *__crt_ctx[] CRYPTO_MINALIGN_ATTR; }; diff --git a/include/linux/kernel_read_file.h b/include/linux/kernel_read_file.h index 90451e2e12bd..79e6a8d6e6bd 100644 --- a/include/linux/kernel_read_file.h +++ b/include/linux/kernel_read_file.h @@ -14,6 +14,9 @@ id(KEXEC_INITRAMFS, kexec-initramfs) \ id(POLICY, security-policy) \ id(X509_CERTIFICATE, x509-certificate) \ + id(KABI_RESERVE1, KABI_RESERVE1) \ + id(KABI_RESERVE2, KABI_RESERVE2) \ + id(KABI_RESERVE3, KABI_RESERVE3) \ id(MAX_ID, )
#define __fid_enumify(ENUM, dummy) READING_ ## ENUM, diff --git a/include/linux/kexec.h b/include/linux/kexec.h index 32c78078552c..e15a4bc473bc 100644 --- a/include/linux/kexec.h +++ b/include/linux/kexec.h @@ -21,6 +21,7 @@
#include <uapi/linux/kexec.h> #include <linux/verification.h> +#include <linux/kabi.h>
/* Location of a reserved region to hold the crash kernel. */ @@ -368,6 +369,10 @@ struct kimage { void *elf_headers; unsigned long elf_headers_sz; unsigned long elf_load_addr; + + KABI_RESERVE(1); + KABI_RESERVE(2); + KABI_RESERVE(3); };
/* kexec interface functions */
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8RI9L
--------------------------------
KABI reservation for IMA and related modules.
Signed-off-by: GUO Zihua guozihua@huawei.com --- include/linux/fs.h | 5 +++++ include/linux/user_namespace.h | 3 +++ 2 files changed, 8 insertions(+)
diff --git a/include/linux/fs.h b/include/linux/fs.h index cc34619424cf..2ba60051ae61 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -43,7 +43,11 @@ #include <linux/cred.h> #include <linux/mnt_idmapping.h> #include <linux/slab.h> +<<<<<<< HEAD #include <linux/tracepoint-defs.h> +======= +#include <linux/kabi.h> +>>>>>>> 5c42f4c4934e (ima: kabi: KABI reservation for IMA)
#include <asm/byteorder.h> #include <uapi/linux/fs.h> @@ -1038,6 +1042,7 @@ struct file { errseq_t f_wb_err; errseq_t f_sb_err; /* for syncfs */ fmode_t f_ctl_mode; + KABI_RESERVE(1); } __randomize_layout __attribute__((aligned(4))); /* lest something weird decides that 2 is OK */
diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h index 45f09bec02c4..71ce00e85c29 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -10,6 +10,7 @@ #include <linux/rwsem.h> #include <linux/sysctl.h> #include <linux/err.h> +#include <linux/kabi.h>
#define UID_GID_MAP_MAX_BASE_EXTENTS 5 #define UID_GID_MAP_MAX_EXTENTS 340 @@ -102,6 +103,8 @@ struct user_namespace { struct ucounts *ucounts; long ucount_max[UCOUNT_COUNTS]; long rlimit_max[UCOUNT_RLIMIT_COUNTS]; + KABI_RESERVE(1); + KABI_RESERVE(2); } __randomize_layout;
struct ucounts {