Skip to content

Commit 291271e

Browse files
pcmoorepcmoore
committed
lsm: cleanup the LSM blob size code
Convert the lsm_blob_size fields to unsigned integers as there is no current need for them to be negative, change "lsm_set_blob_size()" to "lsm_blob_size_update()" to better reflect reality, and perform some other minor cleanups to the associated code. Reviewed-by: Kees Cook <kees@kernel.org> Reviewed-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
1 parent 752db06 commit 291271e

File tree

2 files changed

+50
-41
lines changed

2 files changed

+50
-41
lines changed

include/linux/lsm_hooks.h

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -102,23 +102,23 @@ struct security_hook_list {
102102
* Security blob size or offset data.
103103
*/
104104
struct lsm_blob_sizes {
105-
int lbs_cred;
106-
int lbs_file;
107-
int lbs_ib;
108-
int lbs_inode;
109-
int lbs_sock;
110-
int lbs_superblock;
111-
int lbs_ipc;
112-
int lbs_key;
113-
int lbs_msg_msg;
114-
int lbs_perf_event;
115-
int lbs_task;
116-
int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
117-
int lbs_tun_dev;
118-
int lbs_bdev;
119-
int lbs_bpf_map;
120-
int lbs_bpf_prog;
121-
int lbs_bpf_token;
105+
unsigned int lbs_cred;
106+
unsigned int lbs_file;
107+
unsigned int lbs_ib;
108+
unsigned int lbs_inode;
109+
unsigned int lbs_sock;
110+
unsigned int lbs_superblock;
111+
unsigned int lbs_ipc;
112+
unsigned int lbs_key;
113+
unsigned int lbs_msg_msg;
114+
unsigned int lbs_perf_event;
115+
unsigned int lbs_task;
116+
unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
117+
unsigned int lbs_tun_dev;
118+
unsigned int lbs_bdev;
119+
unsigned int lbs_bpf_map;
120+
unsigned int lbs_bpf_prog;
121+
unsigned int lbs_bpf_token;
122122
};
123123

124124
/*

security/lsm_init.c

Lines changed: 33 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -169,16 +169,22 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
169169
lsm_is_enabled(lsm) ? "enabled" : "disabled");
170170
}
171171

172-
static void __init lsm_set_blob_size(int *need, int *lbs)
172+
/**
173+
* lsm_blob_size_update - Update the LSM blob size and offset information
174+
* @sz_req: the requested additional blob size
175+
* @sz_cur: the existing blob size
176+
*/
177+
static void __init lsm_blob_size_update(unsigned int *sz_req,
178+
unsigned int *sz_cur)
173179
{
174-
int offset;
180+
unsigned int offset;
175181

176-
if (*need <= 0)
182+
if (*sz_req == 0)
177183
return;
178184

179-
offset = ALIGN(*lbs, sizeof(void *));
180-
*lbs = offset + *need;
181-
*need = offset;
185+
offset = ALIGN(*sz_cur, sizeof(void *));
186+
*sz_cur = offset + *sz_req;
187+
*sz_req = offset;
182188
}
183189

184190
/**
@@ -193,27 +199,30 @@ static void __init lsm_prepare(struct lsm_info *lsm)
193199
return;
194200

195201
/* Register the LSM blob sizes. */
196-
lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
197-
lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
198-
lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
202+
blobs = lsm->blobs;
203+
lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
204+
lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
205+
lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
199206
/* inode blob gets an rcu_head in addition to LSM blobs. */
200207
if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
201208
blob_sizes.lbs_inode = sizeof(struct rcu_head);
202-
lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode);
203-
lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
204-
lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key);
205-
lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
206-
lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event);
207-
lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock);
208-
lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock);
209-
lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task);
210-
lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
211-
lsm_set_blob_size(&blobs->lbs_xattr_count,
212-
&blob_sizes.lbs_xattr_count);
213-
lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
214-
lsm_set_blob_size(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
215-
lsm_set_blob_size(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
216-
lsm_set_blob_size(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
209+
lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
210+
lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
211+
lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
212+
lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
213+
lsm_blob_size_update(&blobs->lbs_perf_event,
214+
&blob_sizes.lbs_perf_event);
215+
lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
216+
lsm_blob_size_update(&blobs->lbs_superblock,
217+
&blob_sizes.lbs_superblock);
218+
lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
219+
lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
220+
lsm_blob_size_update(&blobs->lbs_xattr_count,
221+
&blob_sizes.lbs_xattr_count);
222+
lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
223+
lsm_blob_size_update(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
224+
lsm_blob_size_update(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
225+
lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
217226
}
218227

219228
/* Initialize a given LSM, if it is enabled. */

0 commit comments

Comments
 (0)