[PATCH 00/22] Move LSM hook comments into security/security.c

Roberto Sassu roberto.sassu at huaweicloud.com
Tue Mar 7 16:38:33 UTC 2023 

On Tue, 2023-03-07 at 11:33 -0500, Paul Moore wrote:
> On Tue, Mar 7, 2023 at 3:09 AM Roberto Sassu
> <roberto.sassu at huaweicloud.com> wrote:
> > On Mon, 2023-03-06 at 13:49 -0500, Paul Moore wrote:
> > > On Thu, Feb 16, 2023 at 10:26 PM Paul Moore <paul at paul-moore.com> wrote:
> > > > Hello all,
> > > > 
> > > > The LSM hook comment blocks are a in a rather sad state; separated from
> > > > the hook definitions they are often out of mind, and as a result
> > > > most of them are in varying levels of bit-rot, some severely.  This
> > > > patchset moves all of the comment blocks out of lsm_hooks.c and onto
> > > > the top of the function definitions as one would normally expect.
> > > > In the process of moving the comment blocks, they have been massaged
> > > > into the standard kernel-doc format for the sake of consistency and
> > > > easier reading.  Unfortunately, correcting all of the errors in the
> > > > comments would have made an extremely long and painful task even worse,
> > > > so a number of errors remain, but the worst offenders were corrected in
> > > > the move.  Now that the comments are in the proper location, and in the
> > > > proper format, my hope is that future patch submissions correcting the
> > > > actual comment contents will be much easier and the comments as a whole
> > > > will be easier to maintain.
> > > > 
> > > > There are no code changes in this patchset, although since I was
> > > > already adding a lot of churn to security.c, the last patch in this
> > > > patchset (22/22) does take the liberty of fixing some rather ugly
> > > > style problems.
> > > > 
> > > >  include/linux/lsm_hooks.h | 1624 +++++++++++++++++++++
> > > >  security/security.c       | 2702 +---------------------------------------
> > > >  2 files changed, 1710 insertions(+), 2616 deletions(-)
> > > 
> > > Seeing no objections, and the ACK from Casey, I've gone ahead and
> > > merged this patchset into the lsm/next branch.  There was some minor
> > > merge fuzz due to the mount idmap work and some IMA changes, but the
> > > vast majority of the patchset is exactly as posted.
> > 
> > Oh, I thought it was an intermediate version and didn't report some
> > issues:
> 
> If you don't see a "RFC" in the patch subject line it's safe to assume
> it is a "final" version.  Regardless, feedback is never bad, even if
> it is a RFC.
> 
> > scripts/kernel-doc security/security.c|grep warning
> > security/security.c:1236: warning: Function parameter or member 'mnt_opts' not described in 'security_free_mnt_opts'
> > security/security.c:1236: warning: Excess function parameter 'mnt_ops' description in 'security_free_mnt_opts'
> > security/security.c:1254: warning: Function parameter or member 'mnt_opts' not described in 'security_sb_eat_lsm_opts'
> > security/security.c:1254: warning: Excess function parameter 'mnt_ops' description in 'security_sb_eat_lsm_opts'
> > security/security.c:1423: warning: Function parameter or member 'oldsb' not described in 'security_sb_clone_mnt_opts'
> > security/security.c:1423: warning: Function parameter or member 'newsb' not described in 'security_sb_clone_mnt_opts'
> 
> Unsurprising.  Those patches were mostly just to relocate the comment
> blocks out of lsm_hooks.h and into security.c; while I did fix some of
> the really bad errors, fixing everything in the move wasn't really the
> goal, that's for future work.
> 
> Did you want to submit a patch to fix those?

I rebased the stacked IMA/EVM to your patch set, so that it is closer
to the final version. I expect there will not be too many conflicts.

It is also ok for me to fix those issues in the future.

Roberto

More information about the Linux-security-module-archive mailing list