security: fix: use default initialization instead of nanopb init_zero
Nanopb init_zero doesn't cover all fields on oneof entries. On 5.4 COS,
the unknown fields are replaced with 0xAA leading to a crash.
BUG=b/168558508
BUG=b/169598588
TEST=Integration tests.
SOURCE=KTD
Signed-off-by: Thomas Garnier <thgarnie@chromium.org>
Change-Id: Id24ca76587bce89e7cfde5fd4628b6d675a7adc6
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/6080
Tested-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: John Davis <kyuzo@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/21831
Reviewed-by: Oleksandr Tymoshenko <ovt@google.com>
Tested-by: Oleksandr Tymoshenko <ovt@google.com>
Main-Branch-Verified: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/security/container/monitor.c b/security/container/monitor.c
index c2e1427..e01cad3 100644
--- a/security/container/monitor.c
+++ b/security/container/monitor.c
@@ -201,7 +201,7 @@
int csm_update_config_from_buffer(void *data, size_t size)
{
- schema_ConfigurationRequest c = schema_ConfigurationRequest_init_zero;
+ schema_ConfigurationRequest c = {};
pb_istream_t istream;
c.execute_config.envp_allowlist.funcs.decode = pb_decode_string_array;
@@ -251,7 +251,7 @@
static void csm_enable(void)
{
- schema_ConfigurationRequest req = schema_ConfigurationRequest_init_zero;
+ schema_ConfigurationRequest req = {};
/* Expect the lock to be held for write before this call. */
lockdep_assert_held_exclusive(&csm_rwsem_config);
@@ -267,7 +267,7 @@
static void csm_disable(void)
{
- schema_ConfigurationRequest req = schema_ConfigurationRequest_init_zero;
+ schema_ConfigurationRequest req = {};
/* Expect the lock to be held for write before this call. */
lockdep_assert_held_exclusive(&csm_rwsem_config);
@@ -496,8 +496,8 @@
u64 cid;
pb_istream_t istream;
struct task_struct *task;
- schema_ContainerReport report = schema_ContainerReport_init_zero;
- schema_Event event = schema_Event_init_zero;
+ schema_ContainerReport report = {};
+ schema_Event event = {};
schema_Container *container;
char *uuid = NULL;
diff --git a/security/container/process.c b/security/container/process.c
index 0aecac0..426e37a 100644
--- a/security/container/process.c
+++ b/security/container/process.c
@@ -703,7 +703,7 @@
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_Process *proc;
struct string_arr_ctx argv_ctx;
void *stack = NULL, *ctx = NULL;
@@ -819,7 +819,7 @@
int err;
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_Process *proc;
if (!csm_execute_enabled ||
@@ -845,7 +845,7 @@
void csm_task_exit(struct task_struct *task)
{
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_ExitEvent *exit;
char uuid[PROCESS_UUID_SIZE];
@@ -878,7 +878,7 @@
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_MemoryExecEvent *memexec;
u64 cid;
struct file_data path_data = {};
@@ -933,7 +933,7 @@
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_MemoryExecEvent *memexec;
struct file *exe_file;
u64 cid;
@@ -1088,7 +1088,7 @@
char parent_uuid[PROCESS_UUID_SIZE];
struct file *exe_file = NULL;
struct file_data path_data = {};
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_Process *proc = &event.event.enumproc.proc;
exe_file = get_task_exe_file(task);