security: fix: use default initialization instead of nanopb init_zero
Nanopb init_zero doesn't cover all fields on oneof entries. On 5.4 COS,
the unknown fields are replaced with 0xAA leading to a crash.
BUG=b/168558508
TEST=Integration tests.
SOURCE=KTD
Signed-off-by: Thomas Garnier <thgarnie@chromium.org>
Change-Id: Id24ca76587bce89e7cfde5fd4628b6d675a7adc6
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/6080
Tested-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Reviewed-by: John Davis <kyuzo@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
(cherry picked from commit 81aec0f01b2da82430d9816a25a6643c48e2642a)
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/6120
Reviewed-by: Roy Yang <royyang@google.com>
diff --git a/security/container/monitor.c b/security/container/monitor.c
index 0174156..fa03398 100644
--- a/security/container/monitor.c
+++ b/security/container/monitor.c
@@ -205,7 +205,7 @@ static void csm_update_config(schema_ConfigurationRequest *req)
int csm_update_config_from_buffer(void *data, size_t size)
{
- schema_ConfigurationRequest c = schema_ConfigurationRequest_init_zero;
+ schema_ConfigurationRequest c = {};
pb_istream_t istream;
c.execute_config.envp_allowlist.funcs.decode = pb_decode_string_array;
@@ -255,7 +255,7 @@ static const struct file_operations csm_config_fops = {
static void csm_enable(void)
{
- schema_ConfigurationRequest req = schema_ConfigurationRequest_init_zero;
+ schema_ConfigurationRequest req = {};
/* Expect the lock to be held for write before this call. */
lockdep_assert_held_write(&csm_rwsem_config);
@@ -271,7 +271,7 @@ static void csm_enable(void)
static void csm_disable(void)
{
- schema_ConfigurationRequest req = schema_ConfigurationRequest_init_zero;
+ schema_ConfigurationRequest req = {};
/* Expect the lock to be held for write before this call. */
lockdep_assert_held_write(&csm_rwsem_config);
@@ -500,8 +500,8 @@ static ssize_t csm_container_write(struct file *file, const char __user *buf,
u64 cid;
pb_istream_t istream;
struct task_struct *task;
- schema_ContainerReport report = schema_ContainerReport_init_zero;
- schema_Event event = schema_Event_init_zero;
+ schema_ContainerReport report = {};
+ schema_Event event = {};
schema_Container *container;
char *uuid = NULL;
diff --git a/security/container/process.c b/security/container/process.c
index afe065d..a66fd2b 100644
--- a/security/container/process.c
+++ b/security/container/process.c
@@ -703,7 +703,7 @@ int csm_bprm_check_security(struct linux_binprm *bprm)
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_Process *proc;
struct string_arr_ctx argv_ctx;
void *stack = NULL, *ctx = NULL;
@@ -819,7 +819,7 @@ void csm_task_post_alloc(struct task_struct *task)
int err;
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_Process *proc;
if (!csm_execute_enabled ||
@@ -845,7 +845,7 @@ void csm_task_post_alloc(struct task_struct *task)
void csm_task_exit(struct task_struct *task)
{
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_ExitEvent *exit;
char uuid[PROCESS_UUID_SIZE];
@@ -878,7 +878,7 @@ int csm_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_MemoryExecEvent *memexec;
u64 cid;
struct file_data path_data = {};
@@ -933,7 +933,7 @@ int csm_mmap_file(struct file *file, unsigned long reqprot,
char uuid[PROCESS_UUID_SIZE];
char parent_uuid[PROCESS_UUID_SIZE];
int err;
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_MemoryExecEvent *memexec;
struct file *exe_file;
u64 cid;
@@ -1088,7 +1088,7 @@ void delayed_enumerate_processes(struct work_struct *work)
char parent_uuid[PROCESS_UUID_SIZE];
struct file *exe_file = NULL;
struct file_data path_data = {};
- schema_Event event = schema_Event_init_zero;
+ schema_Event event = {};
schema_Process *proc = &event.event.enumproc.proc;
exe_file = get_task_exe_file(task);
diff --git a/security/container/vsock.c b/security/container/vsock.c
index 2b4d6e9..2670b70 100644
--- a/security/container/vsock.c
+++ b/security/container/vsock.c
@@ -342,8 +342,7 @@ static void csm_heartbeat(struct work_struct *work)
static int config_send_response(int err)
{
char buf[CSM_ERROR_BUF_SIZE] = {};
- schema_ConfigurationResponse resp =
- schema_ConfigurationResponse_init_zero;
+ schema_ConfigurationResponse resp = {};
resp.error = schema_ConfigurationResponse_ErrorCode_NO_ERROR;
resp.version = CSM_VERSION;