[PATCH v3 04/25] ima: Align ima_file_mprotect() definition with LSM infrastructure

Mimi Zohar zohar at linux.ibm.com
Wed Oct 11 20:17:31 UTC 2023


On Wed, 2023-10-11 at 17:43 +0200, Roberto Sassu wrote:
> On Wed, 2023-10-11 at 10:51 -0400, Mimi Zohar wrote:
> > On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote:
> > > From: Roberto Sassu <roberto.sassu at huawei.com>
> > > 
> > > Change ima_file_mprotect() definition, so that it can be registered
> > > as implementation of the file_mprotect hook.
> > > 
> > > Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> > > Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>
> > > ---
> > >  include/linux/ima.h               | 5 +++--
> > >  security/integrity/ima/ima_main.c | 6 ++++--
> > >  security/security.c               | 2 +-
> > >  3 files changed, 8 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/include/linux/ima.h b/include/linux/ima.h
> > > index 893c3b98b4d0..56e72c0beb96 100644
> > > --- a/include/linux/ima.h
> > > +++ b/include/linux/ima.h
> > > @@ -24,7 +24,8 @@ extern void ima_post_create_tmpfile(struct mnt_idmap *idmap,
> > >  extern void ima_file_free(struct file *file);
> > >  extern int ima_file_mmap(struct file *file, unsigned long reqprot,
> > >  			 unsigned long prot, unsigned long flags);
> > > -extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
> > > +int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
> > > +		      unsigned long prot);
> > 
> > "extern" is needed here and similarly in 5/25.
> 
> I removed because of a complain from checkpatch.pl --strict.

Intermixing with/without "extern" looks weird.  I would suggest
removing all the externs as a separate patch, but they're being removed
in "[PATCH v3 21/25] ima: Move to LSM infrastructure" anyway.  For now
I would include the "extern".

-- 
thanks,

Mimi




More information about the Linux-security-module-archive mailing list