[PATCH 5/6] LSM: Infrastructure management of the infiniband blob

Paul Moore paul at paul-moore.com
Tue Jul 9 22:08:04 UTC 2024


On Jul  8, 2024 Casey Schaufler <casey at schaufler-ca.com> wrote:
> 
> Move management of the infiniband security blob out of the individual
> security modules and into the LSM infrastructure.  The security modules
> tell the infrastructure how much space they require at initialization.
> 
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>
> ---
>  include/linux/lsm_hook_defs.h     |  2 +-
>  include/linux/lsm_hooks.h         |  1 +
>  security/security.c               | 11 ++++++++++-
>  security/selinux/hooks.c          | 16 +++-------------
>  security/selinux/include/objsec.h |  6 ++++++
>  5 files changed, 21 insertions(+), 15 deletions(-)

...

> diff --git a/security/security.c b/security/security.c
> index 2c9d075f5f92..731a54fabc79 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -5081,6 +5089,7 @@ EXPORT_SYMBOL(security_ib_alloc_security);
>  void security_ib_free_security(void *sec)
>  {
>  	call_void_hook(ib_free_security, sec);
> +	kfree(sec);
>  }
>  EXPORT_SYMBOL(security_ib_free_security);

Same comment as elsewhere, let's be consistent with the *free() hooks,
either we keep them or we remove them if unused (preferable).

--
paul-moore.com



More information about the Linux-security-module-archive mailing list