tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

rust: replace lsm context+len with lsm_context

This brings the Rust SecurityCtx abstraction [1] up to date with the new
API where context+len is replaced with an lsm_context [2] struct.

Link: https://lore.kernel.org/r/20240915-alice-file-v10-5-88484f7a3dcf@google.com [1]
Link: https://lore.kernel.org/r/20241023212158.18718-3-casey@schaufler-ca.com [2]
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Closes: https://lore.kernel.org/r/CA+G9fYv_Y2tzs+uYhMGtfUK9dSYV2mFr6WyKEzJazDsdk9o5zw@mail.gmail.com
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
[PM: subj line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Alice Ryhl and committed by
Paul Moore 9c76eaf7 a4626e97

+21 -25
+4 -4
rust/helpers/security.c
··· 8 8 security_cred_getsecid(c, secid); 9 9 } 10 10 11 - int rust_helper_security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) 11 + int rust_helper_security_secid_to_secctx(u32 secid, struct lsm_context *cp) 12 12 { 13 - return security_secid_to_secctx(secid, secdata, seclen); 13 + return security_secid_to_secctx(secid, cp); 14 14 } 15 15 16 - void rust_helper_security_release_secctx(char *secdata, u32 seclen) 16 + void rust_helper_security_release_secctx(struct lsm_context *cp) 17 17 { 18 - security_release_secctx(secdata, seclen); 18 + security_release_secctx(cp); 19 19 } 20 20 #endif
+17 -21
rust/kernel/security.rs
··· 15 15 /// 16 16 /// # Invariants 17 17 /// 18 - /// The `secdata` and `seclen` fields correspond to a valid security context as returned by a 19 - /// successful call to `security_secid_to_secctx`, that has not yet been destroyed by calling 20 - /// `security_release_secctx`. 18 + /// The `ctx` field corresponds to a valid security context as returned by a successful call to 19 + /// `security_secid_to_secctx`, that has not yet been destroyed by `security_release_secctx`. 21 20 pub struct SecurityCtx { 22 - secdata: *mut core::ffi::c_char, 23 - seclen: usize, 21 + ctx: bindings::lsm_context, 24 22 } 25 23 26 24 impl SecurityCtx { 27 25 /// Get the security context given its id. 28 26 pub fn from_secid(secid: u32) -> Result<Self> { 29 - let mut secdata = core::ptr::null_mut(); 30 - let mut seclen = 0u32; 31 - // SAFETY: Just a C FFI call. The pointers are valid for writes. 32 - to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut secdata, &mut seclen) })?; 27 + // SAFETY: `struct lsm_context` can be initialized to all zeros. 28 + let mut ctx: bindings::lsm_context = unsafe { core::mem::zeroed() }; 29 + 30 + // SAFETY: Just a C FFI call. The pointer is valid for writes. 31 + to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut ctx) })?; 33 32 34 33 // INVARIANT: If the above call did not fail, then we have a valid security context. 35 - Ok(Self { 36 - secdata, 37 - seclen: seclen as usize, 38 - }) 34 + Ok(Self { ctx }) 39 35 } 40 36 41 37 /// Returns whether the security context is empty. 42 38 pub fn is_empty(&self) -> bool { 43 - self.seclen == 0 39 + self.ctx.len == 0 44 40 } 45 41 46 42 /// Returns the length of this security context. 47 43 pub fn len(&self) -> usize { 48 - self.seclen 44 + self.ctx.len as usize 49 45 } 50 46 51 47 /// Returns the bytes for this security context. 52 48 pub fn as_bytes(&self) -> &[u8] { 53 - let ptr = self.secdata; 49 + let ptr = self.ctx.context; 54 50 if ptr.is_null() { 55 - debug_assert_eq!(self.seclen, 0); 51 + debug_assert_eq!(self.len(), 0); 56 52 // We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero. 57 53 return &[]; 58 54 } 59 55 60 56 // SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for 61 - // `seclen` bytes. Furthermore, if the length is zero, then we have ensured that the 57 + // `self.len()` bytes. Furthermore, if the length is zero, then we have ensured that the 62 58 // pointer is not null. 63 - unsafe { core::slice::from_raw_parts(ptr.cast(), self.seclen) } 59 + unsafe { core::slice::from_raw_parts(ptr.cast(), self.len()) } 64 60 } 65 61 } 66 62 67 63 impl Drop for SecurityCtx { 68 64 fn drop(&mut self) { 69 - // SAFETY: By the invariant of `Self`, this frees a pointer that came from a successful 65 + // SAFETY: By the invariant of `Self`, this frees a context that came from a successful 70 66 // call to `security_secid_to_secctx` and has not yet been destroyed by 71 67 // `security_release_secctx`. 72 - unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) }; 68 + unsafe { bindings::security_release_secctx(&mut self.ctx) }; 73 69 } 74 70 }