[PATCH] lsm: constify 'mnt_opts' parameter in security_free_mnt_opts()

Khadija Kamran kamrankhadijadj at gmail.com
Wed Aug 23 08:44:45 UTC 2023


The "sb_free_mnt_opts" hook has implementations registered in SELinux
and Smack. Looking at the function implementations we observe that the
"mnt_opts" parameter is not changing.

Mark the "mnt_opts" parameter of LSM hook security_free_mnt_opts() as
"const" since it will not be changing in the LSM hook.

Signed-off-by: Khadija Kamran <kamrankhadijadj at gmail.com>
---
 include/linux/lsm_hook_defs.h | 2 +-
 include/linux/security.h      | 2 +-
 security/security.c           | 2 +-
 security/selinux/hooks.c      | 2 +-
 security/smack/smack_lsm.c    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 6bb55e61e8e8..7b193349db89 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -61,7 +61,7 @@ LSM_HOOK(int, -ENOPARAM, fs_context_parse_param, struct fs_context *fc,
 LSM_HOOK(int, 0, sb_alloc_security, struct super_block *sb)
 LSM_HOOK(void, LSM_RET_VOID, sb_delete, struct super_block *sb)
 LSM_HOOK(void, LSM_RET_VOID, sb_free_security, struct super_block *sb)
-LSM_HOOK(void, LSM_RET_VOID, sb_free_mnt_opts, void *mnt_opts)
+LSM_HOOK(void, LSM_RET_VOID, sb_free_mnt_opts, const void *mnt_opts)
 LSM_HOOK(int, 0, sb_eat_lsm_opts, char *orig, void **mnt_opts)
 LSM_HOOK(int, 0, sb_mnt_opts_compat, struct super_block *sb, void *mnt_opts)
 LSM_HOOK(int, 0, sb_remount, struct super_block *sb, void *mnt_opts)
diff --git a/include/linux/security.h b/include/linux/security.h
index e2734e9e44d5..acdd1eccf2d3 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -298,7 +298,7 @@ int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *
 int security_sb_alloc(struct super_block *sb);
 void security_sb_delete(struct super_block *sb);
 void security_sb_free(struct super_block *sb);
-void security_free_mnt_opts(void **mnt_opts);
+void security_free_mnt_opts(const void **mnt_opts);
 int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
 int security_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts);
 int security_sb_remount(struct super_block *sb, void *mnt_opts);
diff --git a/security/security.c b/security/security.c
index d5ff7ff45b77..8386d764d9fc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1238,7 +1238,7 @@ void security_sb_free(struct super_block *sb)
  *
  * Free memory associated with @mnt_ops.
  */
-void security_free_mnt_opts(void **mnt_opts)
+void security_free_mnt_opts(const void **mnt_opts)
 {
 	if (!*mnt_opts)
 		return;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 79b4890e9936..225b76839c95 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -342,7 +342,7 @@ struct selinux_mnt_opts {
 	u32 defcontext_sid;
 };
 
-static void selinux_free_mnt_opts(void *mnt_opts)
+static void selinux_free_mnt_opts(const void *mnt_opts)
 {
 	kfree(mnt_opts);
 }
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7a3e9ab137d8..290593dcd852 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -557,7 +557,7 @@ struct smack_mnt_opts {
 	const char *fstransmute;
 };
 
-static void smack_free_mnt_opts(void *mnt_opts)
+static void smack_free_mnt_opts(const void *mnt_opts)
 {
 	kfree(mnt_opts);
 }
-- 
2.34.1



More information about the Linux-security-module-archive mailing list