[RFC PATCH 10/10] landlock: Debug print inode hashtable in landlock_merge_ruleset2

Tingmao Wang m at maowtm.org
Wed May 21 19:32:06 UTC 2025


Signed-off-by: Tingmao Wang <m at maowtm.org>
---
 security/landlock/domain.c |  5 +++
 security/landlock/hash.h   | 62 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+)

diff --git a/security/landlock/domain.c b/security/landlock/domain.c
index fae21b260591..9c82f5c1bdb9 100644
--- a/security/landlock/domain.c
+++ b/security/landlock/domain.c
@@ -161,6 +161,11 @@ landlock_merge_ruleset2(const struct landlock_domain *curr_domain,
 		return ERR_PTR(err);
 	}
 
+#ifdef DEBUG
+	pr_debug("landlock_merge_ruleset2: inode hash table:\n");
+	landlock_hash_debug_print(&new_domain->inode_table, LANDLOCK_KEY_INODE);
+#endif /* DEBUG */
+
 	return new_domain;
 }
 
diff --git a/security/landlock/hash.h b/security/landlock/hash.h
index 8208944c309e..0c41cd8a102b 100644
--- a/security/landlock/hash.h
+++ b/security/landlock/hash.h
@@ -229,4 +229,66 @@ static inline int landlock_hash_upsert(struct landlock_hashtable *const ht,
 	return 0;
 }
 
+static inline void
+landlock_hash_debug_print(const struct landlock_hashtable *ht,
+			  const enum landlock_key_type key_type)
+{
+	size_t max_hlist_len = 0, slot_index = 0, num_rules = 0;
+
+	for (slot_index = 0; slot_index < (1ULL << ht->hash_bits);
+	     slot_index += 1) {
+		struct hlist_head *head = &ht->hlist[slot_index];
+		struct landlock_rule *rule;
+		size_t rule_index = 0;
+		spinlock_t *lock;
+
+		pr_debug("  [%zu]: first = %p\n", slot_index, head->first);
+
+		hlist_for_each_entry(rule, head, hlist) {
+			size_t j;
+
+			switch (key_type) {
+			case LANDLOCK_KEY_INODE:
+				lock = &rule->key.object->lock;
+				spin_lock(lock);
+				struct inode *inode =
+					((struct inode *)
+						 rule->key.object->underobj);
+				if (inode) {
+					pr_debug(
+						"    [%zu] rule: ino %lu (%p), %d layers\n",
+						rule_index, inode->i_ino, inode,
+						rule->num_layers);
+				} else {
+					pr_debug(
+						"    [%zu] rule: inode released, %d layers\n",
+						rule_index, rule->num_layers);
+				}
+				spin_unlock(lock);
+				break;
+			case LANDLOCK_KEY_NET_PORT:
+				pr_debug(
+					"    [%zu] rule: port %lu, %d layers\n",
+					rule_index, rule->key.data,
+					rule->num_layers);
+				break;
+			}
+			for (j = 0; j < rule->num_layers; j++) {
+				pr_debug("      layer %u: access %x\n",
+					 rule->layers[j].level,
+					 rule->layers[j].access);
+			}
+			rule_index += 1;
+			num_rules += 1;
+		}
+
+		if (rule_index > max_hlist_len)
+			max_hlist_len = rule_index;
+	}
+
+	pr_debug("  summary: %zu rules, %llu hash slots, "
+		 "%zu max hlist chain len\n",
+		 num_rules, (1ULL << ht->hash_bits), max_hlist_len);
+}
+
 #endif /* _SECURITY_LANDLOCK_HASH_H */
-- 
2.49.0




More information about the Linux-security-module-archive mailing list