[PATCH 00/22] Move LSM hook comments into security/security.c

Paul Moore paul at paul-moore.com
Tue Mar 7 16:33:56 UTC 2023 

On Tue, Mar 7, 2023 at 3:09 AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
> On Mon, 2023-03-06 at 13:49 -0500, Paul Moore wrote:
> > On Thu, Feb 16, 2023 at 10:26 PM Paul Moore <paul at paul-moore.com> wrote:
> > > Hello all,
> > >
> > > The LSM hook comment blocks are a in a rather sad state; separated from
> > > the hook definitions they are often out of mind, and as a result
> > > most of them are in varying levels of bit-rot, some severely.  This
> > > patchset moves all of the comment blocks out of lsm_hooks.c and onto
> > > the top of the function definitions as one would normally expect.
> > > In the process of moving the comment blocks, they have been massaged
> > > into the standard kernel-doc format for the sake of consistency and
> > > easier reading.  Unfortunately, correcting all of the errors in the
> > > comments would have made an extremely long and painful task even worse,
> > > so a number of errors remain, but the worst offenders were corrected in
> > > the move.  Now that the comments are in the proper location, and in the
> > > proper format, my hope is that future patch submissions correcting the
> > > actual comment contents will be much easier and the comments as a whole
> > > will be easier to maintain.
> > >
> > > There are no code changes in this patchset, although since I was
> > > already adding a lot of churn to security.c, the last patch in this
> > > patchset (22/22) does take the liberty of fixing some rather ugly
> > > style problems.
> > >
> > >  include/linux/lsm_hooks.h | 1624 +++++++++++++++++++++
> > >  security/security.c       | 2702 +---------------------------------------
> > >  2 files changed, 1710 insertions(+), 2616 deletions(-)
> >
> > Seeing no objections, and the ACK from Casey, I've gone ahead and
> > merged this patchset into the lsm/next branch.  There was some minor
> > merge fuzz due to the mount idmap work and some IMA changes, but the
> > vast majority of the patchset is exactly as posted.
>
> Oh, I thought it was an intermediate version and didn't report some
> issues:

If you don't see a "RFC" in the patch subject line it's safe to assume
it is a "final" version.  Regardless, feedback is never bad, even if
it is a RFC.

> scripts/kernel-doc security/security.c|grep warning
> security/security.c:1236: warning: Function parameter or member 'mnt_opts' not described in 'security_free_mnt_opts'
> security/security.c:1236: warning: Excess function parameter 'mnt_ops' description in 'security_free_mnt_opts'
> security/security.c:1254: warning: Function parameter or member 'mnt_opts' not described in 'security_sb_eat_lsm_opts'
> security/security.c:1254: warning: Excess function parameter 'mnt_ops' description in 'security_sb_eat_lsm_opts'
> security/security.c:1423: warning: Function parameter or member 'oldsb' not described in 'security_sb_clone_mnt_opts'
> security/security.c:1423: warning: Function parameter or member 'newsb' not described in 'security_sb_clone_mnt_opts'

Unsurprising.  Those patches were mostly just to relocate the comment
blocks out of lsm_hooks.h and into security.c; while I did fix some of
the really bad errors, fixing everything in the move wasn't really the
goal, that's for future work.

Did you want to submit a patch to fix those?

-- 
paul-moore.com

More information about the Linux-security-module-archive mailing list