mirror of
https://github.com/torvalds/linux.git
synced 2025-12-07 20:06:24 +00:00
lsm: cleanup the LSM blob size code
Convert the lsm_blob_size fields to unsigned integers as there is no current need for them to be negative, change "lsm_set_blob_size()" to "lsm_blob_size_update()" to better reflect reality, and perform some other minor cleanups to the associated code. Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore
@@ -102,23 +102,23 @@ struct security_hook_list {
|
||||
* Security blob size or offset data.
|
||||
*/
|
||||
struct lsm_blob_sizes {
|
||||
int lbs_cred;
|
||||
int lbs_file;
|
||||
int lbs_ib;
|
||||
int lbs_inode;
|
||||
int lbs_sock;
|
||||
int lbs_superblock;
|
||||
int lbs_ipc;
|
||||
int lbs_key;
|
||||
int lbs_msg_msg;
|
||||
int lbs_perf_event;
|
||||
int lbs_task;
|
||||
int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
|
||||
int lbs_tun_dev;
|
||||
int lbs_bdev;
|
||||
int lbs_bpf_map;
|
||||
int lbs_bpf_prog;
|
||||
int lbs_bpf_token;
|
||||
unsigned int lbs_cred;
|
||||
unsigned int lbs_file;
|
||||
unsigned int lbs_ib;
|
||||
unsigned int lbs_inode;
|
||||
unsigned int lbs_sock;
|
||||
unsigned int lbs_superblock;
|
||||
unsigned int lbs_ipc;
|
||||
unsigned int lbs_key;
|
||||
unsigned int lbs_msg_msg;
|
||||
unsigned int lbs_perf_event;
|
||||
unsigned int lbs_task;
|
||||
unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
|
||||
unsigned int lbs_tun_dev;
|
||||
unsigned int lbs_bdev;
|
||||
unsigned int lbs_bpf_map;
|
||||
unsigned int lbs_bpf_prog;
|
||||
unsigned int lbs_bpf_token;
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@@ -169,16 +169,22 @@ out:
|
||||
lsm_is_enabled(lsm) ? "enabled" : "disabled");
|
||||
}
|
||||
|
||||
static void __init lsm_set_blob_size(int *need, int *lbs)
|
||||
/**
|
||||
* lsm_blob_size_update - Update the LSM blob size and offset information
|
||||
* @sz_req: the requested additional blob size
|
||||
* @sz_cur: the existing blob size
|
||||
*/
|
||||
static void __init lsm_blob_size_update(unsigned int *sz_req,
|
||||
unsigned int *sz_cur)
|
||||
{
|
||||
int offset;
|
||||
unsigned int offset;
|
||||
|
||||
if (*need <= 0)
|
||||
if (*sz_req == 0)
|
||||
return;
|
||||
|
||||
offset = ALIGN(*lbs, sizeof(void *));
|
||||
*lbs = offset + *need;
|
||||
*need = offset;
|
||||
offset = ALIGN(*sz_cur, sizeof(void *));
|
||||
*sz_cur = offset + *sz_req;
|
||||
*sz_req = offset;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -193,27 +199,30 @@ static void __init lsm_prepare(struct lsm_info *lsm)
|
||||
return;
|
||||
|
||||
/* Register the LSM blob sizes. */
|
||||
lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
|
||||
lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
|
||||
lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
|
||||
blobs = lsm->blobs;
|
||||
lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
|
||||
lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
|
||||
lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
|
||||
/* inode blob gets an rcu_head in addition to LSM blobs. */
|
||||
if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
|
||||
blob_sizes.lbs_inode = sizeof(struct rcu_head);
|
||||
lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode);
|
||||
lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
|
||||
lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key);
|
||||
lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
|
||||
lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event);
|
||||
lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock);
|
||||
lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock);
|
||||
lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task);
|
||||
lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
|
||||
lsm_set_blob_size(&blobs->lbs_xattr_count,
|
||||
&blob_sizes.lbs_xattr_count);
|
||||
lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
|
||||
lsm_set_blob_size(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
|
||||
lsm_set_blob_size(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
|
||||
lsm_set_blob_size(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
|
||||
lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
|
||||
lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
|
||||
lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
|
||||
lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
|
||||
lsm_blob_size_update(&blobs->lbs_perf_event,
|
||||
&blob_sizes.lbs_perf_event);
|
||||
lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
|
||||
lsm_blob_size_update(&blobs->lbs_superblock,
|
||||
&blob_sizes.lbs_superblock);
|
||||
lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
|
||||
lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
|
||||
lsm_blob_size_update(&blobs->lbs_xattr_count,
|
||||
&blob_sizes.lbs_xattr_count);
|
||||
lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
|
||||
lsm_blob_size_update(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
|
||||
lsm_blob_size_update(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
|
||||
lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
|
||||
}
|
||||
|
||||
/* Initialize a given LSM, if it is enabled. */
|
||||
|
||||
Reference in New Issue
Block a user