[PATCH] lsm: cleanup lsm_hooks.h

Casey Schaufler casey at schaufler-ca.com
Mon Jul 29 22:09:38 UTC 2024 

On 7/29/2024 2:57 PM, Paul Moore wrote:
> Some cleanup and style corrections for lsm_hooks.h.
>
>  * Drop the lsm_inode_alloc() extern declaration, it is not needed.
>  * Relocate lsm_get_xattr_slot() and extern variables in the file to
>    improve grouping of related objects.
>  * Don't use tabs to needlessly align structure fields.
>
> Signed-off-by: Paul Moore <paul at paul-moore.com>

Sense of aesthetics aside,

Reviewed-by: Casey Schaufler <casey at schaufler-ca.com>

> ---
>  include/linux/lsm_hooks.h | 82 +++++++++++++++++++--------------------
>  security/security.c       |  2 +-
>  2 files changed, 41 insertions(+), 43 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 845457f0eeb7..f0dd453b39d5 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -79,8 +79,8 @@ struct lsm_static_calls_table {
>   * Contains the information that identifies the LSM.
>   */
>  struct lsm_id {
> -	const char	*name;
> -	u64		id;
> +	const char *name;
> +	u64 id;
>  };
>  
>  /*
> @@ -93,48 +93,30 @@ struct lsm_id {
>   * @lsm: The name of the lsm that owns this hook.
>   */
>  struct security_hook_list {
> -	struct lsm_static_call	*scalls;
> -	union security_list_options	hook;
> -	const struct lsm_id		*lsmid;
> +	struct lsm_static_call *scalls;
> +	union security_list_options hook;
> +	const struct lsm_id *lsmid;
>  } __randomize_layout;
>  
>  /*
>   * Security blob size or offset data.
>   */
>  struct lsm_blob_sizes {
> -	int	lbs_cred;
> -	int	lbs_file;
> -	int	lbs_ib;
> -	int	lbs_inode;
> -	int	lbs_sock;
> -	int	lbs_superblock;
> -	int	lbs_ipc;
> -	int	lbs_key;
> -	int	lbs_msg_msg;
> -	int	lbs_perf_event;
> -	int	lbs_task;
> -	int	lbs_xattr_count; /* number of xattr slots in new_xattrs array */
> -	int	lbs_tun_dev;
> +	int lbs_cred;
> +	int lbs_file;
> +	int lbs_ib;
> +	int lbs_inode;
> +	int lbs_sock;
> +	int lbs_superblock;
> +	int lbs_ipc;
> +	int lbs_key;
> +	int lbs_msg_msg;
> +	int lbs_perf_event;
> +	int lbs_task;
> +	int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
> +	int lbs_tun_dev;
>  };
>  
> -/**
> - * lsm_get_xattr_slot - Return the next available slot and increment the index
> - * @xattrs: array storing LSM-provided xattrs
> - * @xattr_count: number of already stored xattrs (updated)
> - *
> - * Retrieve the first available slot in the @xattrs array to fill with an xattr,
> - * and increment @xattr_count.
> - *
> - * Return: The slot to fill in @xattrs if non-NULL, NULL otherwise.
> - */
> -static inline struct xattr *lsm_get_xattr_slot(struct xattr *xattrs,
> -					       int *xattr_count)
> -{
> -	if (unlikely(!xattrs))
> -		return NULL;
> -	return &xattrs[(*xattr_count)++];
> -}
> -
>  /*
>   * LSM_RET_VOID is used as the default value in LSM_HOOK definitions for void
>   * LSM hooks (in include/linux/lsm_hook_defs.h).
> @@ -153,8 +135,6 @@ static inline struct xattr *lsm_get_xattr_slot(struct xattr *xattrs,
>  		.hook = { .NAME = HOOK }		\
>  	}
>  
> -extern char *lsm_names;
> -
>  extern void security_add_hooks(struct security_hook_list *hooks, int count,
>  			       const struct lsm_id *lsmid);
>  
> @@ -176,9 +156,6 @@ struct lsm_info {
>  	struct lsm_blob_sizes *blobs; /* Optional: for blob sharing. */
>  };
>  
> -extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
> -extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
> -
>  #define DEFINE_LSM(lsm)							\
>  	static struct lsm_info __lsm_##lsm				\
>  		__used __section(".lsm_info.init")			\
> @@ -189,7 +166,28 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
>  		__used __section(".early_lsm_info.init")		\
>  		__aligned(sizeof(unsigned long))
>  
> -extern int lsm_inode_alloc(struct inode *inode);
> +/* DO NOT tamper with these variables outside of the LSM framework */
> +extern char *lsm_names;
>  extern struct lsm_static_calls_table static_calls_table __ro_after_init;
> +extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
> +extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
> +
> +/**
> + * lsm_get_xattr_slot - Return the next available slot and increment the index
> + * @xattrs: array storing LSM-provided xattrs
> + * @xattr_count: number of already stored xattrs (updated)
> + *
> + * Retrieve the first available slot in the @xattrs array to fill with an xattr,
> + * and increment @xattr_count.
> + *
> + * Return: The slot to fill in @xattrs if non-NULL, NULL otherwise.
> + */
> +static inline struct xattr *lsm_get_xattr_slot(struct xattr *xattrs,
> +					       int *xattr_count)
> +{
> +	if (unlikely(!xattrs))
> +		return NULL;
> +	return &xattrs[(*xattr_count)++];
> +}
>  
>  #endif /* ! __LINUX_LSM_HOOKS_H */
> diff --git a/security/security.c b/security/security.c
> index 780b84f5d09c..7ac6765f9260 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -764,7 +764,7 @@ static int lsm_file_alloc(struct file *file)
>   *
>   * Returns 0, or -ENOMEM if memory can't be allocated.
>   */
> -int lsm_inode_alloc(struct inode *inode)
> +static int lsm_inode_alloc(struct inode *inode)
>  {
>  	if (!lsm_inode_cache) {
>  		inode->i_security = NULL;

More information about the Linux-security-module-archive mailing list