[PATCH v5 04/15] landlock: helper functions refactoring
Mickaël Salaün
mic at digikod.net
Mon May 16 18:28:01 UTC 2022
On 16/05/2022 19:43, Konstantin Meskhidze wrote:
>
>
> 5/16/2022 8:14 PM, Mickaël Salaün пишет:
>>
>> On 16/05/2022 17:20, Konstantin Meskhidze wrote:
>>> Unmask_layers(), init_layer_masks() and
>>> get_handled_accesses() helper functions move to
>>> ruleset.c and rule_type argument is added.
>>> This modification supports implementing new rule
>>> types into next landlock versions.
>>>
>>> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze at huawei.com>
[...]
>>> -/*
>>> - * @layer_masks is read and may be updated according to the access
>>> request and
>>> - * the matching rule.
>>> - *
>>> - * Returns true if the request is allowed (i.e. relevant layer masks
>>> for the
>>> - * request are empty).
>>> - */
>>> -static inline bool
>>> -unmask_layers(const struct landlock_rule *const rule,
>>> - const access_mask_t access_request,
>>> - layer_mask_t (*const layer_masks)[LANDLOCK_NUM_ACCESS_FS])
>>
>> Moving these entire blocks of code make the review/diff impossible.
>> Why moving these helpers?
>
> Cause these helpers are going to be used both for filesystem and
> network. I moved them into ruleset.c/h
Right. Please create a commit which only moves these helpers without
modifying them, and explain in the commit message that this removes
inlined code. We'll see later if this adds a visible performance impact.
[...]
>>> @@ -519,17 +413,25 @@ static int check_access_path_dual(
>>>
>>> if (unlikely(dentry_child1)) {
>>> unmask_layers(find_rule(domain, dentry_child1),
>>> - init_layer_masks(domain, LANDLOCK_MASK_ACCESS_FS,
>>> - &_layer_masks_child1),
>>> - &_layer_masks_child1);
>>> + init_layer_masks(domain,
>>> + LANDLOCK_MASK_ACCESS_FS,
>>> + &_layer_masks_child1,
>>> + sizeof(_layer_masks_child1),
>>> + LANDLOCK_RULE_PATH_BENEATH),
>>> + &_layer_masks_child1,
>>> + ARRAY_SIZE(_layer_masks_child1));
>>
>> There is a lot of formatting diff and that makes the review difficult.
>> Please format everything with clang-format-14.
>
> Ok. Do you have some tool that helps you with editing code with clang
> format?
I just run `clang-format-14 -i` on files before each commit. Some
editors such as VSCode can handle the clang-format configuration (which
is in the Linux source tree).
>>
>>> layer_masks_child1 = &_layer_masks_child1;
>>> child1_is_directory = d_is_dir(dentry_child1);
>>> }
>>> if (unlikely(dentry_child2)) {
>>> unmask_layers(find_rule(domain, dentry_child2),
>>> - init_layer_masks(domain, LANDLOCK_MASK_ACCESS_FS,
>>> - &_layer_masks_child2),
>>> - &_layer_masks_child2);
>>> + init_layer_masks(domain,
>>> + LANDLOCK_MASK_ACCESS_FS,
>>> + &_layer_masks_child2,
>>> + sizeof(_layer_masks_child2),
>>> + LANDLOCK_RULE_PATH_BENEATH),
>>> + &_layer_masks_child2,
>>> + ARRAY_SIZE(_layer_masks_child2));
>>> layer_masks_child2 = &_layer_masks_child2;
>>> child2_is_directory = d_is_dir(dentry_child2);
>>> }
>>> @@ -582,14 +484,15 @@ static int check_access_path_dual(
>>>
>>> rule = find_rule(domain, walker_path.dentry);
>>> allowed_parent1 = unmask_layers(rule, access_masked_parent1,
>>> - layer_masks_parent1);
>>> + layer_masks_parent1,
>>> + ARRAY_SIZE(*layer_masks_parent1));
>>> allowed_parent2 = unmask_layers(rule, access_masked_parent2,
>>> - layer_masks_parent2);
>>> + layer_masks_parent2,
>>> + ARRAY_SIZE(*layer_masks_parent2));
>>>
>>> /* Stops when a rule from each layer grants access. */
>>> if (allowed_parent1 && allowed_parent2)
>>> break;
>>> -
>>
>> There is no place for such formatting/whitespace patches.
>>
> I missed that. scripts/checkpatch.pl did not show any problem here.
checkpatch.pl doesn't warn about whitespace changes.
> I will fix it. Thanks.
>>
>>> jump_up:
>>> if (walker_path.dentry == walker_path.mnt->mnt_root) {
>>> if (follow_up(&walker_path)) {
>>> @@ -645,7 +548,9 @@ static inline int check_access_path(const struct
>>> landlock_ruleset *const domain,
>>> {
>>> layer_mask_t layer_masks[LANDLOCK_NUM_ACCESS_FS] = {};
>>>
>>> - access_request = init_layer_masks(domain, access_request,
>>> &layer_masks);
>>> + access_request = init_layer_masks(domain, access_request,
>>> + &layer_masks, sizeof(layer_masks),
>>> + LANDLOCK_RULE_PATH_BENEATH);
>>> return check_access_path_dual(domain, path, access_request,
>>> &layer_masks, NULL, 0, NULL, NULL);
>>> }
>>> @@ -729,7 +634,8 @@ static bool collect_domain_accesses(
>>> return true;
>>>
>>> access_dom = init_layer_masks(domain, LANDLOCK_MASK_ACCESS_FS,
>>> - layer_masks_dom);
>>> + layer_masks_dom, sizeof(*layer_masks_dom),
>>> + LANDLOCK_RULE_PATH_BENEATH);
>>>
>>> dget(dir);
>>> while (true) {
>>> @@ -737,7 +643,8 @@ static bool collect_domain_accesses(
>>>
>>> /* Gets all layers allowing all domain accesses. */
>>> if (unmask_layers(find_rule(domain, dir), access_dom,
>>> - layer_masks_dom)) {
>>> + layer_masks_dom,
>>> + ARRAY_SIZE(*layer_masks_dom))) {
>>> /*
>>> * Stops when all handled accesses are allowed by at
>>> * least one rule in each layer.
>>> @@ -851,9 +758,10 @@ static int current_check_refer_path(struct
>>> dentry *const old_dentry,
>>> * The LANDLOCK_ACCESS_FS_REFER access right is not required
>>> * for same-directory referer (i.e. no reparenting).
>>> */
>>> - access_request_parent1 = init_layer_masks(
>>> - dom, access_request_parent1 | access_request_parent2,
>>> - &layer_masks_parent1);
>>> + access_request_parent1 = init_layer_masks(dom,
>>> + access_request_parent1 | access_request_parent2,
>>> + &layer_masks_parent1, sizeof(layer_masks_parent1),
>>> + LANDLOCK_RULE_PATH_BENEATH);
>>> return check_access_path_dual(dom, new_dir,
>>> access_request_parent1,
>>> &layer_masks_parent1, NULL, 0,
>>> @@ -861,7 +769,9 @@ static int current_check_refer_path(struct dentry
>>> *const old_dentry,
>>> }
>>>
>>> /* Backward compatibility: no reparenting support. */
>>> - if (!(get_handled_accesses(dom) & LANDLOCK_ACCESS_FS_REFER))
>>> + if (!(get_handled_accesses(dom, LANDLOCK_RULE_PATH_BENEATH,
>>> + LANDLOCK_NUM_ACCESS_FS) &
>>> + LANDLOCK_ACCESS_FS_REFER))
>>> return -EXDEV;
>>>
>>> access_request_parent1 |= LANDLOCK_ACCESS_FS_REFER;
>>> diff --git a/security/landlock/ruleset.c b/security/landlock/ruleset.c
>>> index 4b4c9953bb32..c4ed783d655b 100644
>>> --- a/security/landlock/ruleset.c
>>> +++ b/security/landlock/ruleset.c
>>> @@ -233,7 +233,8 @@ static int insert_rule(struct landlock_ruleset
>>> *const ruleset,
>>> &(*layers)[0]);
>>> if (IS_ERR(new_rule))
>>> return PTR_ERR(new_rule);
>>> - rb_replace_node(&this->node, &new_rule->node,
>>> &ruleset->root_inode);
>>> + rb_replace_node(&this->node, &new_rule->node,
>>> + &ruleset->root_inode);
>>
>> This is a pure formatting hunk. :/
>>
> Thats strange, cause in my editor I have normal aligment of arguments.
> Could please share clang-format-14 tab size and other format
> parameters?
They are in the .clang-format file. It would be much easier to just run
clang-format-14 -i on your changed files. I guess you had different
changes between consecutive commits.
More information about the Linux-security-module-archive
mailing list