[PATCH] lsm: add reserved flag in lsm_prop struct

[15074444048 at 163.com]

From: lihaojie <lihaojie at kylinos.cn>

lsm_prop size is controled by macro, lsm_prop size will be 0
when marco don't define. add flag to alloc sm_prop basic size.

empty struct will make target_ref & target_comm in audit_context
located at the same address, __member_size of target_comm is
same as __member_size of target_ref, so strscpy warn buffer
overflow when compile time.

Signed-off-by: lihaojie <lihaojie at kylinos.cn>
---
 include/linux/security.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/linux/security.h b/include/linux/security.h
index cbdba435b798..f502deecb142 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -164,6 +164,7 @@ struct lsm_prop {
 	struct lsm_prop_smack smack;
 	struct lsm_prop_apparmor apparmor;
 	struct lsm_prop_bpf bpf;
+	u8 reserved;
 };
 
 extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
-- 
2.25.1

Hi paul


The root cause is that target_ref is empty, that make __member_size of target_comm will 
return target_ref size, because they have same address, so, overflow will be detected.
as you said, I should not change member size, there may be other potential hazards.

so i add patch v3, please check above. 

I have been test local.
-gcc will alloc empty struct 0 byte. __member_size of member behind empty struct will return 0 byte;

-g++ will alloc empty struct 1 byte. __member_size of member behind empty struct will return normal bytes; 

-pahole result
        struct lsm_prop            target_ref;           /*   812     1 */
        char                       target_comm[16];      /*   813    16 */


thanks
lihaojie