KABI: KABI reservation for IMA namespace

hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4REJ3 CVE: NA --------------------------- KABI reservation for IMA namespace reference: https://gitee.com/openeuler/kernel/issues/I49KW1Signed-off-by: N Guo Zihua <guozihua@huawei.com> Reviewed-by: N Xiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: N weiyang wang <wangweiyang2@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

KABI: KABI reservation for IMA namespace
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I4REJ3 CVE: NA --------------------------- KABI reservation for IMA namespace reference: https://gitee.com/openeuler/kernel/issues/I49KW1Signed-off-by: N Guo Zihua <guozihua@huawei.com> Reviewed-by: N Xiu Jianfeng <xiujianfeng@huawei.com> Reviewed-by: N weiyang wang <wangweiyang2@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
ea10c1ed · Guo Zihua · Zheng Zengkai · 8f406326 · ea10c1ed · ea10c1ed
5 changed file
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -968,6 +968,8 @@ struct file {
 	struct address_space	*f_mapping;
 	errseq_t		f_wb_err;
 	errseq_t		f_sb_err; /* for syncfs */
+
+	KABI_RESERVE(1)
 } __randomize_layout
  __attribute__((aligned(4)));	/* lest something weird decides that 2 is OK */


--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -10,6 +10,7 @@

 #include <linux/key.h>
 #include <linux/errno.h>
+#include <linux/kabi.h>

 #ifdef CONFIG_KEYS

@@ -55,6 +56,7 @@ struct key_match_data {
 	unsigned	lookup_type;	/* Type of lookup for this search. */
 #define KEYRING_SEARCH_LOOKUP_DIRECT	0x0000	/* Direct lookup by description. */
 #define KEYRING_SEARCH_LOOKUP_ITERATE	0x0001	/* Iterative search. */
+	KABI_RESERVE(1)
 };

 /*

--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -20,6 +20,7 @@
 #include <linux/assoc_array.h>
 #include <linux/refcount.h>
 #include <linux/time64.h>
+#include <linux/kabi.h>

 #ifdef __KERNEL__
 #include <linux/uidgid.h>
@@ -272,6 +273,7 @@ struct key {
 	 * restriction.
 	 */
 	struct key_restriction *restrict_link;
+	KABI_RESERVE(1)
 };

 extern struct key *key_alloc(struct key_type *type,

--- a/include/linux/nsproxy.h
+++ b/include/linux/nsproxy.h
@@ -4,6 +4,7 @@

 #include <linux/spinlock.h>
 #include <linux/sched.h>
+#include <linux/kabi.h>

 struct mnt_namespace;
 struct uts_namespace;
@@ -38,6 +39,14 @@ struct nsproxy {
 	struct time_namespace *time_ns;
 	struct time_namespace *time_ns_for_children;
 	struct cgroup_namespace *cgroup_ns;
+	KABI_RESERVE(1)
+	KABI_RESERVE(2)
+	KABI_RESERVE(3)
+	KABI_RESERVE(4)
+	KABI_RESERVE(5)
+	KABI_RESERVE(6)
+	KABI_RESERVE(7)
+	KABI_RESERVE(8)
 };
 extern struct nsproxy init_nsproxy;


--- a/include/linux/proc_ns.h
+++ b/include/linux/proc_ns.h
@@ -16,7 +16,7 @@ struct inode;
 struct proc_ns_operations {
 	const char *name;
 	const char *real_ns_name;
-	int type;
+	u64 type;
 	struct ns_common *(*get)(struct task_struct *task);
 	void (*put)(struct ns_common *ns);
 	int (*install)(struct nsset *nsset, struct ns_common *ns);