[RFC PATCH 10/29] lsm: cleanup the LSM blob size code

Kees Cook kees at kernel.org
Sat Apr 19 05:53:16 UTC 2025 

On Fri, Apr 18, 2025 at 07:42:52PM -0700, Fan Wu wrote:
> On Wed, Apr 9, 2025 at 11:53 AM Paul Moore <paul at paul-moore.com> wrote:
> >
> > Convert the lsm_blob_size fields to unsigned integers as there is no
> > current need for them to be negative, change "lsm_set_blob_size()" to
> > "lsm_blob_size_update()" to better reflect reality, and perform some
> > other minor cleanups to the associated code.
> >
> > Signed-off-by: Paul Moore <paul at paul-moore.com>
> > ---
> >  include/linux/lsm_hooks.h | 28 +++++++++++-----------
> >  security/lsm_init.c       | 50 +++++++++++++++++++++++----------------
> >  2 files changed, 43 insertions(+), 35 deletions(-)
> >
> > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> > index bc477fb20d02..a7ecb0791a0f 100644
> > --- a/include/linux/lsm_hooks.h
> > +++ b/include/linux/lsm_hooks.h
> > @@ -102,20 +102,20 @@ struct security_hook_list {
> >   * Security blob size or offset data.
> >   */
> >  struct lsm_blob_sizes {
> > -       int lbs_cred;
> > -       int lbs_file;
> > -       int lbs_ib;
> > -       int lbs_inode;
> > -       int lbs_sock;
> > -       int lbs_superblock;
> > -       int lbs_ipc;
> > -       int lbs_key;
> > -       int lbs_msg_msg;
> > -       int lbs_perf_event;
> > -       int lbs_task;
> > -       int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
> > -       int lbs_tun_dev;
> > -       int lbs_bdev;
> > +       unsigned int lbs_cred;
> > +       unsigned int lbs_file;
> > +       unsigned int lbs_ib;
> > +       unsigned int lbs_inode;
> > +       unsigned int lbs_sock;
> > +       unsigned int lbs_superblock;
> > +       unsigned int lbs_ipc;
> > +       unsigned int lbs_key;
> > +       unsigned int lbs_msg_msg;
> > +       unsigned int lbs_perf_event;
> > +       unsigned int lbs_task;
> > +       unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
> > +       unsigned int lbs_tun_dev;
> > +       unsigned int lbs_bdev;
> >  };
> 
> Can we use size_t here?

These blobs are relatively small -- size_t would double the memory usage here.

-- 
Kees Cook

More information about the Linux-security-module-archive mailing list