Merge tag 'lsm-pr-20260203' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

+3 -35

fs/nfs/nfs4proc.c

··· 8172 8172 return -EOPNOTSUPP; 8173 8173 } 8174 8174 8175 - static ssize_t 8176 - nfs4_listxattr_nfs4_label(struct inode *inode, char *list, size_t list_len) 8177 - { 8178 - int len = 0; 8179 - 8180 - if (nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL)) { 8181 - len = security_inode_listsecurity(inode, list, list_len); 8182 - if (len >= 0 && list_len && len > list_len) 8183 - return -ERANGE; 8184 - } 8185 - return len; 8186 - } 8187 - 8188 8175 static const struct xattr_handler nfs4_xattr_nfs4_label_handler = { 8189 8176 .prefix = XATTR_SECURITY_PREFIX, 8190 8177 .get = nfs4_xattr_get_nfs4_label, 8191 8178 .set = nfs4_xattr_set_nfs4_label, 8192 8179 }; 8193 - 8194 - #else 8195 - 8196 - static ssize_t 8197 - nfs4_listxattr_nfs4_label(struct inode *inode, char *list, size_t list_len) 8198 - { 8199 - return 0; 8200 - } 8201 8180 8202 8181 #endif 8203 8182 ··· 10974 10995 10975 10996 static ssize_t nfs4_listxattr(struct dentry *dentry, char *list, size_t size) 10976 10997 { 10977 - ssize_t error, error2, error3, error4 = 0; 10998 + ssize_t error, error2, error3; 10978 10999 size_t left = size; 10979 11000 10980 11001 error = generic_listxattr(dentry, list, left); ··· 10985 11006 left -= error; 10986 11007 } 10987 11008 10988 - error2 = nfs4_listxattr_nfs4_label(d_inode(dentry), list, left); 11009 + error2 = security_inode_listsecurity(d_inode(dentry), list, left); 10989 11010 if (error2 < 0) 10990 11011 return error2; 10991 - 10992 11012 if (list) { 10993 11013 list += error2; 10994 11014 left -= error2; ··· 10996 11018 error3 = nfs4_listxattr_nfs4_user(d_inode(dentry), list, left); 10997 11019 if (error3 < 0) 10998 11020 return error3; 10999 - if (list) { 11000 - list += error3; 11001 - left -= error3; 11002 - } 11003 11021 11004 - if (!nfs_server_capable(d_inode(dentry), NFS_CAP_SECURITY_LABEL)) { 11005 - error4 = security_inode_listsecurity(d_inode(dentry), list, left); 11006 - if (error4 < 0) 11007 - return error4; 11008 - } 11009 - 11010 - error += error2 + error3 + error4; 11022 + error += error2 + error3; 11011 11023 if (size && error > size) 11012 11024 return -ERANGE; 11013 11025 return error;

-1

include/linux/cred.h

··· 164 164 return rcu_dereference_raw(init_task.cred); 165 165 } 166 166 extern int set_security_override(struct cred *, u32); 167 - extern int set_security_override_from_ctx(struct cred *, const char *); 168 167 extern int set_create_files_as(struct cred *, struct inode *); 169 168 extern int cred_fscmp(const struct cred *, const struct cred *); 170 169 extern void __init cred_init(void);

+2 -2

include/linux/lsm_hooks.h

··· 73 73 74 74 /** 75 75 * struct lsm_id - Identify a Linux Security Module. 76 - * @lsm: name of the LSM, must be approved by the LSM maintainers 76 + * @name: name of the LSM, must be approved by the LSM maintainers 77 77 * @id: LSM ID number from uapi/linux/lsm.h 78 78 * 79 79 * Contains the information that identifies the LSM. ··· 164 164 * @initcall_core: LSM callback for core_initcall() setup, optional 165 165 * @initcall_subsys: LSM callback for subsys_initcall() setup, optional 166 166 * @initcall_fs: LSM callback for fs_initcall setup, optional 167 - * @nitcall_device: LSM callback for device_initcall() setup, optional 167 + * @initcall_device: LSM callback for device_initcall() setup, optional 168 168 * @initcall_late: LSM callback for late_initcall() setup, optional 169 169 */ 170 170 struct lsm_info {

-23

kernel/cred.c

··· 621 621 EXPORT_SYMBOL(set_security_override); 622 622 623 623 /** 624 - * set_security_override_from_ctx - Set the security ID in a set of credentials 625 - * @new: The credentials to alter 626 - * @secctx: The LSM security context to generate the security ID from. 627 - * 628 - * Set the LSM security ID in a set of credentials so that the subjective 629 - * security is overridden when an alternative set of credentials is used. The 630 - * security ID is specified in string form as a security context to be 631 - * interpreted by the LSM. 632 - */ 633 - int set_security_override_from_ctx(struct cred *new, const char *secctx) 634 - { 635 - u32 secid; 636 - int ret; 637 - 638 - ret = security_secctx_to_secid(secctx, strlen(secctx), &secid); 639 - if (ret < 0) 640 - return ret; 641 - 642 - return set_security_override(new, secid); 643 - } 644 - EXPORT_SYMBOL(set_security_override_from_ctx); 645 - 646 - /** 647 624 * set_create_files_as - Set the LSM file create context in a set of credentials 648 625 * @new: The credentials to alter 649 626 * @inode: The inode to take the context from

+2 -2

rust/helpers/cred.c

··· 2 2 3 3 #include <linux/cred.h> 4 4 5 - const struct cred *rust_helper_get_cred(const struct cred *cred) 5 + __rust_helper const struct cred *rust_helper_get_cred(const struct cred *cred) 6 6 { 7 7 return get_cred(cred); 8 8 } 9 9 10 - void rust_helper_put_cred(const struct cred *cred) 10 + __rust_helper void rust_helper_put_cred(const struct cred *cred) 11 11 { 12 12 put_cred(cred); 13 13 }

+15 -11

rust/helpers/security.c

··· 3 3 #include <linux/security.h> 4 4 5 5 #ifndef CONFIG_SECURITY 6 - void rust_helper_security_cred_getsecid(const struct cred *c, u32 *secid) 6 + __rust_helper void rust_helper_security_cred_getsecid(const struct cred *c, 7 + u32 *secid) 7 8 { 8 9 security_cred_getsecid(c, secid); 9 10 } 10 11 11 - int rust_helper_security_secid_to_secctx(u32 secid, struct lsm_context *cp) 12 + __rust_helper int rust_helper_security_secid_to_secctx(u32 secid, 13 + struct lsm_context *cp) 12 14 { 13 15 return security_secid_to_secctx(secid, cp); 14 16 } 15 17 16 - void rust_helper_security_release_secctx(struct lsm_context *cp) 18 + __rust_helper void rust_helper_security_release_secctx(struct lsm_context *cp) 17 19 { 18 20 security_release_secctx(cp); 19 21 } 20 22 21 - int rust_helper_security_binder_set_context_mgr(const struct cred *mgr) 23 + __rust_helper int 24 + rust_helper_security_binder_set_context_mgr(const struct cred *mgr) 22 25 { 23 26 return security_binder_set_context_mgr(mgr); 24 27 } 25 28 26 - int rust_helper_security_binder_transaction(const struct cred *from, 27 - const struct cred *to) 29 + __rust_helper int 30 + rust_helper_security_binder_transaction(const struct cred *from, 31 + const struct cred *to) 28 32 { 29 33 return security_binder_transaction(from, to); 30 34 } 31 35 32 - int rust_helper_security_binder_transfer_binder(const struct cred *from, 33 - const struct cred *to) 36 + __rust_helper int 37 + rust_helper_security_binder_transfer_binder(const struct cred *from, 38 + const struct cred *to) 34 39 { 35 40 return security_binder_transfer_binder(from, to); 36 41 } 37 42 38 - int rust_helper_security_binder_transfer_file(const struct cred *from, 39 - const struct cred *to, 40 - const struct file *file) 43 + __rust_helper int rust_helper_security_binder_transfer_file( 44 + const struct cred *from, const struct cred *to, const struct file *file) 41 45 { 42 46 return security_binder_transfer_file(from, to, file); 43 47 }

+1 -1

security/security.c

··· 115 115 #define DEFINE_LSM_STATIC_CALL(NUM, NAME, RET, ...) \ 116 116 DEFINE_STATIC_CALL_NULL(LSM_STATIC_CALL(NAME, NUM), \ 117 117 *((RET(*)(__VA_ARGS__))NULL)); \ 118 - DEFINE_STATIC_KEY_FALSE(SECURITY_HOOK_ACTIVE_KEY(NAME, NUM)); 118 + static DEFINE_STATIC_KEY_FALSE(SECURITY_HOOK_ACTIVE_KEY(NAME, NUM)); 119 119 120 120 #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ 121 121 LSM_DEFINE_UNROLL(DEFINE_LSM_STATIC_CALL, NAME, RET, __VA_ARGS__)

Configure Feed

Configure Feed