admin/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2025-12-07 20:06:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

lsm: cleanup the LSM blob size code

Browse Source 
Convert the lsm_blob_size fields to unsigned integers as there is no
current need for them to be negative, change "lsm_set_blob_size()" to
"lsm_blob_size_update()" to better reflect reality, and perform some
other minor cleanups to the associated code.

Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore
2025-02-11 17:49:11 -05:00
parent 752db06571
commit 291271e691
2 changed files with 50 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
include/linux/lsm_hooks.h
View File

@@ -102,23 +102,23 @@ struct security_hook_list {
* Security blob size or offset data. * Security blob size or offset data.
*/ */
struct lsm_blob_sizes { struct lsm_blob_sizes {
int lbs_cred; unsigned int lbs_cred;
int lbs_file; unsigned int lbs_file;
int lbs_ib; unsigned int lbs_ib;
int lbs_inode; unsigned int lbs_inode;
int lbs_sock; unsigned int lbs_sock;
int lbs_superblock; unsigned int lbs_superblock;
int lbs_ipc; unsigned int lbs_ipc;
int lbs_key; unsigned int lbs_key;
int lbs_msg_msg; unsigned int lbs_msg_msg;
int lbs_perf_event; unsigned int lbs_perf_event;
int lbs_task; unsigned int lbs_task;
int lbs_xattr_count; /* number of xattr slots in new_xattrs array */ unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
int lbs_tun_dev; unsigned int lbs_tun_dev;
int lbs_bdev; unsigned int lbs_bdev;
int lbs_bpf_map; unsigned int lbs_bpf_map;
int lbs_bpf_prog; unsigned int lbs_bpf_prog;
int lbs_bpf_token; unsigned int lbs_bpf_token;
}; };
/* /*

57
security/lsm_init.c
View File

@@ -169,16 +169,22 @@ out:
lsm_is_enabled(lsm) ? "enabled" : "disabled"); lsm_is_enabled(lsm) ? "enabled" : "disabled");
} }
static void __init lsm_set_blob_size(int *need, int *lbs) /**
* lsm_blob_size_update - Update the LSM blob size and offset information
* @sz_req: the requested additional blob size
* @sz_cur: the existing blob size
*/
static void __init lsm_blob_size_update(unsigned int *sz_req,
unsigned int *sz_cur)
{ {
int offset; unsigned int offset;
if (*need <= 0) if (*sz_req == 0)
return; return;
offset = ALIGN(*lbs, sizeof(void *)); offset = ALIGN(*sz_cur, sizeof(void *));
*lbs = offset + *need; *sz_cur = offset + *sz_req;
*need = offset; *sz_req = offset;
} }
/** /**
@@ -193,27 +199,30 @@ static void __init lsm_prepare(struct lsm_info *lsm)
return; return;
/* Register the LSM blob sizes. */ /* Register the LSM blob sizes. */
lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred); blobs = lsm->blobs;
lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file); lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib); lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
/* inode blob gets an rcu_head in addition to LSM blobs. */ /* inode blob gets an rcu_head in addition to LSM blobs. */
if (blobs->lbs_inode && blob_sizes.lbs_inode == 0) if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
blob_sizes.lbs_inode = sizeof(struct rcu_head); blob_sizes.lbs_inode = sizeof(struct rcu_head);
lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode); lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc); lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key); lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg); lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event); lsm_blob_size_update(&blobs->lbs_perf_event,
lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock); &blob_sizes.lbs_perf_event);
lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock); lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task); lsm_blob_size_update(&blobs->lbs_superblock,
lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev); &blob_sizes.lbs_superblock);
lsm_set_blob_size(&blobs->lbs_xattr_count, lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
&blob_sizes.lbs_xattr_count); lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev); lsm_blob_size_update(&blobs->lbs_xattr_count,
lsm_set_blob_size(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map); &blob_sizes.lbs_xattr_count);
lsm_set_blob_size(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog); lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
lsm_set_blob_size(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token); lsm_blob_size_update(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
lsm_blob_size_update(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
} }
/* Initialize a given LSM, if it is enabled. */ /* Initialize a given LSM, if it is enabled. */