Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
lsm: cleanup the LSM blob size code
Convert the lsm_blob_size fields to unsigned integers as there is no
current need for them to be negative, change "lsm_set_blob_size()" to
"lsm_blob_size_update()" to better reflect reality, and perform some
other minor cleanups to the associated code.
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
+50
-41
+17
-17
include/linux/lsm_hooks.h
+17
-17
include/linux/lsm_hooks.h
···
102
102
* Security blob size or offset data.
103
103
*/
104
104
struct lsm_blob_sizes {
105
-
int lbs_cred;
106
-
int lbs_file;
107
-
int lbs_ib;
108
-
int lbs_inode;
109
-
int lbs_sock;
110
-
int lbs_superblock;
111
-
int lbs_ipc;
112
-
int lbs_key;
113
-
int lbs_msg_msg;
114
-
int lbs_perf_event;
115
-
int lbs_task;
116
-
int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
117
-
int lbs_tun_dev;
118
-
int lbs_bdev;
119
-
int lbs_bpf_map;
120
-
int lbs_bpf_prog;
121
-
int lbs_bpf_token;
105
+
unsigned int lbs_cred;
106
+
unsigned int lbs_file;
107
+
unsigned int lbs_ib;
108
+
unsigned int lbs_inode;
109
+
unsigned int lbs_sock;
110
+
unsigned int lbs_superblock;
111
+
unsigned int lbs_ipc;
112
+
unsigned int lbs_key;
113
+
unsigned int lbs_msg_msg;
114
+
unsigned int lbs_perf_event;
115
+
unsigned int lbs_task;
116
+
unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
117
+
unsigned int lbs_tun_dev;
118
+
unsigned int lbs_bdev;
119
+
unsigned int lbs_bpf_map;
120
+
unsigned int lbs_bpf_prog;
121
+
unsigned int lbs_bpf_token;
122
122
};
123
123
124
124
/*
+33
-24
security/lsm_init.c
+33
-24
security/lsm_init.c
···
169
169
lsm_is_enabled(lsm) ? "enabled" : "disabled");
170
170
}
171
171
172
-
static void __init lsm_set_blob_size(int *need, int *lbs)
172
+
/**
173
+
* lsm_blob_size_update - Update the LSM blob size and offset information
174
+
* @sz_req: the requested additional blob size
175
+
* @sz_cur: the existing blob size
176
+
*/
177
+
static void __init lsm_blob_size_update(unsigned int *sz_req,
178
+
unsigned int *sz_cur)
173
179
{
174
-
int offset;
180
+
unsigned int offset;
175
181
176
-
if (*need <= 0)
182
+
if (*sz_req == 0)
177
183
return;
178
184
179
-
offset = ALIGN(*lbs, sizeof(void *));
180
-
*lbs = offset + *need;
181
-
*need = offset;
185
+
offset = ALIGN(*sz_cur, sizeof(void *));
186
+
*sz_cur = offset + *sz_req;
187
+
*sz_req = offset;
182
188
}
183
189
184
190
/**
···
199
193
return;
200
194
201
195
/* Register the LSM blob sizes. */
202
-
lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
203
-
lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
204
-
lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
196
+
blobs = lsm->blobs;
197
+
lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
198
+
lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
199
+
lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
205
200
/* inode blob gets an rcu_head in addition to LSM blobs. */
206
201
if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
207
202
blob_sizes.lbs_inode = sizeof(struct rcu_head);
208
-
lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode);
209
-
lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
210
-
lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key);
211
-
lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
212
-
lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event);
213
-
lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock);
214
-
lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock);
215
-
lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task);
216
-
lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
217
-
lsm_set_blob_size(&blobs->lbs_xattr_count,
218
-
&blob_sizes.lbs_xattr_count);
219
-
lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
220
-
lsm_set_blob_size(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
221
-
lsm_set_blob_size(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
222
-
lsm_set_blob_size(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
203
+
lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
204
+
lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
205
+
lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
206
+
lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
207
+
lsm_blob_size_update(&blobs->lbs_perf_event,
208
+
&blob_sizes.lbs_perf_event);
209
+
lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
210
+
lsm_blob_size_update(&blobs->lbs_superblock,
211
+
&blob_sizes.lbs_superblock);
212
+
lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
213
+
lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
214
+
lsm_blob_size_update(&blobs->lbs_xattr_count,
215
+
&blob_sizes.lbs_xattr_count);
216
+
lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
217
+
lsm_blob_size_update(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
218
+
lsm_blob_size_update(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
219
+
lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
223
220
}
224
221
225
222
/* Initialize a given LSM, if it is enabled. */