From: Kees Cook <kees@kernel.org>
To: Paul Moore <paul@paul-moore.com>
Cc: linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
"John Johansen" <john.johansen@canonical.com>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"Roberto Sassu" <roberto.sassu@huawei.com>,
"Fan Wu" <wufan@kernel.org>, "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Micah Morton" <mortonm@chromium.org>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Tetsuo Handa" <penguin-kernel@i-love.sakura.ne.jp>
Subject: Re: [RFC PATCH 09/29] lsm: cleanup and normalize the LSM enabled functions
Date: Wed, 9 Apr 2025 17:11:37 -0700 [thread overview]
Message-ID: <202504091656.21EEF38DCA@keescook> (raw)
In-Reply-To: <20250409185019.238841-40-paul@paul-moore.com>
On Wed, Apr 09, 2025 at 02:49:54PM -0400, Paul Moore wrote:
> One part of a larger effort to cleanup the LSM framework initialization
> code.
>
> Signed-off-by: Paul Moore <paul@paul-moore.com>
> ---
> security/inode.c | 9 ++--
> security/lsm_init.c | 110 ++++++++++++++++++++++++--------------------
> 2 files changed, 63 insertions(+), 56 deletions(-)
>
> diff --git a/security/inode.c b/security/inode.c
> index 49bc3578bd23..f687e22e6809 100644
> --- a/security/inode.c
> +++ b/security/inode.c
> @@ -351,18 +351,17 @@ static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
>
> for (i = 0; i < lsm_count; i++)
> /* the '+ 1' accounts for either a comma or a NUL terminator */
> - len += strlen(lsm_order[i]->id->name) + 1;
> + len += strlen(lsm_idlist[i]->name) + 1;
>
> str = kmalloc(len, GFP_KERNEL);
> if (!str)
> return -ENOMEM;
> str[0] = '\0';
>
> - i = 0;
> - while (i < lsm_count) {
> - strcat(str, lsm_order[i]->id->name);
> - if (++i < lsm_count)
> + for (i = 0; i < lsm_count; i++) {
> + if (i > 0)
> strcat(str, ",");
> + strcat(str, lsm_idlist[i]->name);
> }
>
> rc = simple_read_from_buffer(buf, count, ppos, str, len);
This chunk needs to be folded into the lsm_names changing patch, I
think. I missed this on the first pass, but lsm_order can never be used
here because lsm_order is initdata -- it will be thrown away after init
is done.
> diff --git a/security/lsm_init.c b/security/lsm_init.c
> index 978bb81b58fa..7f2bc8c22ce9 100644
> --- a/security/lsm_init.c
> +++ b/security/lsm_init.c
> @@ -10,6 +10,10 @@
>
> #include "lsm.h"
>
> +/* LSM enabled constants. */
> +int lsm_enabled_true = 1;
> +int lsm_enabled_false = 0;
Why are these losing static and __initdata? It looks like they're
staying assigned to the __init-marked lsm_info instances.
> +
> /* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */
> extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
> extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
> @@ -72,41 +76,42 @@ static int __init lsm_debug_enable(char *str)
> }
> __setup("lsm.debug", lsm_debug_enable);
>
> -/* Mark an LSM's enabled flag. */
> -static int lsm_enabled_true __initdata = 1;
> -static int lsm_enabled_false __initdata = 0;
> -static void __init set_enabled(struct lsm_info *lsm, bool enabled)
> +/**
> + * lsm_enabled_set - Mark a LSM as enabled
> + * @lsm: LSM definition
> + * @enabled: enabled flag
> + */
> +static void __init lsm_enabled_set(struct lsm_info *lsm, bool enabled)
> {
> /*
> * When an LSM hasn't configured an enable variable, we can use
> * a hard-coded location for storing the default enabled state.
> */
> - if (!lsm->enabled) {
> - if (enabled)
> - lsm->enabled = &lsm_enabled_true;
> - else
> - lsm->enabled = &lsm_enabled_false;
> - } else if (lsm->enabled == &lsm_enabled_true) {
> - if (!enabled)
> - lsm->enabled = &lsm_enabled_false;
> - } else if (lsm->enabled == &lsm_enabled_false) {
> - if (enabled)
> - lsm->enabled = &lsm_enabled_true;
> + if (!lsm->enabled ||
> + lsm->enabled == &lsm_enabled_true ||
> + lsm->enabled == &lsm_enabled_false) {
> + lsm->enabled = enabled ? &lsm_enabled_true : &lsm_enabled_false;
> } else {
> *lsm->enabled = enabled;
> }
> }
Good logic folding.
>
> -static inline bool is_enabled(struct lsm_info *lsm)
> +/**
> + * lsm_is_enabled - Determine if a LSM is enabled
> + * @lsm: LSM definition
> + */
> +static inline bool lsm_is_enabled(struct lsm_info *lsm)
> {
> if (!lsm->enabled)
> return false;
> -
> return *lsm->enabled;
> }
This could be one-lined, actually:
return lsm->enabled ? *lsm->enabled : false;
>
> -/* Is an LSM already listed in the ordered LSMs list? */
> -static bool __init exists_ordered_lsm(struct lsm_info *lsm)
> +/**
> + * lsm_order_exists - Determine if a LSM exists in the ordered list
> + * @lsm: LSM definition
> + */
> +static bool __init lsm_order_exists(struct lsm_info *lsm)
> {
> struct lsm_info **check;
>
> @@ -118,25 +123,29 @@ static bool __init exists_ordered_lsm(struct lsm_info *lsm)
> return false;
> }
>
> -/* Append an LSM to the list of ordered LSMs to initialize. */
> -static int last_lsm __initdata;
> -static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
> +/**
> + * lsm_order_append - Append a LSM to the ordered list
> + * @lsm: LSM definition
> + * @src: source of the addition
> + */
> +static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
> {
> /* Ignore duplicate selections. */
> - if (exists_ordered_lsm(lsm))
> + if (lsm_order_exists(lsm))
> return;
>
> - if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from))
> - return;
> + /* Skip explicitly disabled LSMs. */
> + if (lsm->enabled && !lsm_is_enabled(lsm)) {
> + if (WARN(lsm_count == MAX_LSM_COUNT,
> + "%s: out of LSM static calls!?\n", src))
> + return;
> + lsm_enabled_set(lsm, true);
> + lsm_order[lsm_count] = lsm;
> + lsm_idlist[lsm_count++] = lsm->id;
> + }
>
> - /* Enable this LSM, if it is not already set. */
> - if (!lsm->enabled)
> - lsm->enabled = &lsm_enabled_true;
> - lsm_order[last_lsm] = lsm;
> - lsm_idlist[last_lsm++] = lsm->id;
I don't understand the logic change here. I may be missing something (it
feels like a lot of logic changes mixed together again), but this logic:
/* Enable this LSM, if it is not already set. */
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
seems like it has gone missing now? And I think the last_lsm/lsm_count
changes need to be in the "lsm: rework lsm_active_cnt and lsm_idlist[]"
patch? I'm really struggling to follow this patch, but maybe I am EOD.
:P
> -
> - init_debug("%s ordered: %s (%s)\n", from, lsm->id->name,
> - is_enabled(lsm) ? "enabled" : "disabled");
> + init_debug("%s ordered: %s (%s)\n", src, lsm->id->name,
> + lsm_is_enabled(lsm) ? "enabled" : "disabled");
> }
>
> static void __init lsm_set_blob_size(int *need, int *lbs)
> @@ -159,17 +168,17 @@ static void __init lsm_prep_single(struct lsm_info *lsm)
> {
> struct lsm_blob_sizes *blobs;
>
> - if (!is_enabled(lsm)) {
> - set_enabled(lsm, false);
> + if (!lsm_is_enabled(lsm)) {
> + lsm_enabled_set(lsm, false);
> return;
> } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) {
> init_debug("exclusive disabled: %s\n", lsm->id->name);
> - set_enabled(lsm, false);
> + lsm_enabled_set(lsm, false);
> return;
> }
>
> /* Mark the LSM as enabled. */
> - set_enabled(lsm, true);
> + lsm_enabled_set(lsm, true);
> if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) {
> init_debug("exclusive chosen: %s\n", lsm->id->name);
> lsm_exclusive = lsm;
> @@ -200,7 +209,7 @@ static void __init lsm_prep_single(struct lsm_info *lsm)
> /* Initialize a given LSM, if it is enabled. */
> static void __init initialize_lsm(struct lsm_info *lsm)
> {
> - if (is_enabled(lsm)) {
> + if (lsm_is_enabled(lsm)) {
> int ret;
>
> init_debug("initializing %s\n", lsm->id->name);
> @@ -218,7 +227,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
> /* LSM_ORDER_FIRST is always first. */
> for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
> if (lsm->order == LSM_ORDER_FIRST)
> - append_ordered_lsm(lsm, " first");
> + lsm_order_append(lsm, " first");
> }
>
> /* Process "security=", if given. */
> @@ -235,7 +244,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
> major++) {
> if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
> strcmp(major->id->name, lsm_order_legacy) != 0) {
> - set_enabled(major, false);
> + lsm_enabled_set(major, false);
> init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
> lsm_order_legacy, major->id->name);
> }
> @@ -251,7 +260,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
> for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
> if (strcmp(lsm->id->name, name) == 0) {
> if (lsm->order == LSM_ORDER_MUTABLE)
> - append_ordered_lsm(lsm, origin);
> + lsm_order_append(lsm, origin);
> found = true;
> }
> }
> @@ -264,24 +273,24 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
> /* Process "security=", if given. */
> if (lsm_order_legacy) {
> for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
> - if (exists_ordered_lsm(lsm))
> + if (lsm_order_exists(lsm))
> continue;
> if (strcmp(lsm->id->name, lsm_order_legacy) == 0)
> - append_ordered_lsm(lsm, "security=");
> + lsm_order_append(lsm, "security=");
> }
> }
>
> /* LSM_ORDER_LAST is always last. */
> for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
> if (lsm->order == LSM_ORDER_LAST)
> - append_ordered_lsm(lsm, " last");
> + lsm_order_append(lsm, " last");
> }
>
> /* Disable all LSMs not in the ordered list. */
> for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
> - if (exists_ordered_lsm(lsm))
> + if (lsm_order_exists(lsm))
> continue;
> - set_enabled(lsm, false);
> + lsm_enabled_set(lsm, false);
> init_debug("%s skipped: %s (not in requested order)\n",
> origin, lsm->id->name);
> }
> @@ -313,13 +322,13 @@ static void __init lsm_init_ordered(void)
>
> pr_info("initializing lsm=");
> lsm_early_for_each_raw(early) {
> - if (is_enabled(early))
> + if (lsm_is_enabled(early))
> pr_cont("%s%s",
> early == __start_early_lsm_info ? "" : ",",
> early->id->name);
> }
> lsm_order_for_each(lsm) {
> - if (is_enabled(*lsm))
> + if (lsm_is_enabled(*lsm))
> pr_cont("%s%s",
> lsm == lsm_order ? "" : ",", (*lsm)->id->name);
> }
> @@ -404,8 +413,7 @@ int __init early_security_init(void)
> struct lsm_info *lsm;
>
> lsm_early_for_each_raw(lsm) {
> - if (!lsm->enabled)
> - lsm->enabled = &lsm_enabled_true;
> + lsm_enabled_set(lsm, true);
> lsm_prep_single(lsm);
> initialize_lsm(lsm);
> }
> @@ -432,7 +440,7 @@ int __init security_init(void)
> */
> lsm_early_for_each_raw(lsm) {
> init_debug(" early started: %s (%s)\n", lsm->id->name,
> - is_enabled(lsm) ? "enabled" : "disabled");
> + lsm_is_enabled(lsm) ? "enabled" : "disabled");
> }
>
> /* Load LSMs in specified order. */
> --
> 2.49.0
The simple renamings looks fine, but would be nicer if they got split
out.
--
Kees Cook
next prev parent reply other threads:[~2025-04-10 0:11 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-09 18:49 [RFC PATCH 0/29] Rework the LSM initialization Paul Moore
2025-04-09 18:49 ` [RFC PATCH 01/29] lsm: split the notifier code out into lsm_notifier.c Paul Moore
2025-04-09 21:17 ` Kees Cook
2025-04-15 12:14 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 02/29] lsm: split the init code out into lsm_init.c Paul Moore
2025-04-09 21:18 ` Kees Cook
2025-04-15 22:01 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 03/29] lsm: simplify prepare_lsm() and rename to lsm_prep_single() Paul Moore
2025-04-09 21:30 ` Kees Cook
2025-04-09 21:54 ` Paul Moore
2025-04-15 22:10 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 04/29] lsm: simplify ordered_lsm_init() and rename to lsm_init_ordered() Paul Moore
2025-04-09 21:38 ` Kees Cook
2025-04-09 22:31 ` Paul Moore
2025-04-09 18:49 ` [RFC PATCH 05/29] lsm: replace the name field with a pointer to the lsm_id struct Paul Moore
2025-04-09 21:40 ` Kees Cook
2025-04-15 22:20 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 06/29] lsm: cleanup and normalize the LSM order symbols naming Paul Moore
2025-04-09 23:00 ` Kees Cook
2025-04-15 22:23 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 07/29] lsm: rework lsm_active_cnt and lsm_idlist[] Paul Moore
2025-04-09 21:38 ` Casey Schaufler
2025-04-10 21:58 ` Paul Moore
2025-04-09 23:06 ` Kees Cook
2025-04-10 22:04 ` Paul Moore
2025-04-10 22:25 ` Kees Cook
2025-04-11 0:58 ` Casey Schaufler
2025-04-09 18:49 ` [RFC PATCH 08/29] lsm: get rid of the lsm_names list and do some cleanup Paul Moore
2025-04-09 23:13 ` Kees Cook
2025-04-10 22:47 ` Paul Moore
2025-04-11 2:15 ` Kees Cook
2025-04-11 3:14 ` Paul Moore
2025-04-15 22:30 ` John Johansen
2025-05-22 21:26 ` Casey Schaufler
2025-04-09 18:49 ` [RFC PATCH 09/29] lsm: cleanup and normalize the LSM enabled functions Paul Moore
2025-04-10 0:11 ` Kees Cook [this message]
2025-04-11 1:50 ` Paul Moore
2025-04-11 2:03 ` Paul Moore
2025-04-11 2:14 ` Paul Moore
2025-04-11 2:17 ` Kees Cook
2025-04-09 18:49 ` [RFC PATCH 10/29] lsm: cleanup the LSM blob size code Paul Moore
2025-04-09 23:29 ` Kees Cook
2025-04-15 23:02 ` John Johansen
2025-04-19 2:42 ` Fan Wu
2025-04-19 5:53 ` Kees Cook
2025-04-19 15:58 ` Fan Wu
2025-04-09 18:49 ` [RFC PATCH 11/29] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Paul Moore
2025-04-09 23:30 ` Kees Cook
2025-04-15 23:04 ` John Johansen
2025-04-09 18:49 ` [RFC PATCH 12/29] lsm: cleanup the LSM ordered parsing Paul Moore
2025-04-09 18:49 ` [RFC PATCH 13/29] lsm: fold lsm_init_ordered() into security_init() Paul Moore
2025-04-09 18:49 ` [RFC PATCH 14/29] lsm: add missing function header comment blocks in lsm_init.c Paul Moore
2025-05-14 10:10 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 15/29] lsm: cleanup the debug and console output " Paul Moore
2025-04-09 18:50 ` [RFC PATCH 16/29] lsm: output available LSMs when debugging Paul Moore
2025-05-14 12:01 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 17/29] lsm: introduce an initcall mechanism into the LSM framework Paul Moore
2025-04-09 21:16 ` Kees Cook
2025-04-10 20:52 ` Paul Moore
2025-05-14 11:59 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 18/29] loadpin: move initcalls to " Paul Moore
2025-04-09 23:39 ` Kees Cook
2025-04-11 1:15 ` Paul Moore
2025-04-11 2:16 ` Kees Cook
2025-04-11 2:41 ` Paul Moore
2025-05-14 11:57 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 19/29] ipe: " Paul Moore
2025-04-09 23:40 ` Kees Cook
2025-04-14 21:19 ` Fan Wu
2025-04-15 1:58 ` Paul Moore
2025-05-14 12:02 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 20/29] smack: " Paul Moore
2025-04-09 23:42 ` Kees Cook
2025-04-11 2:30 ` Paul Moore
2025-04-10 17:30 ` Casey Schaufler
2025-04-10 17:47 ` Casey Schaufler
2025-04-11 20:09 ` Paul Moore
2025-04-14 21:04 ` Fan Wu
2025-04-15 1:54 ` Paul Moore
2025-04-09 18:50 ` [RFC PATCH 21/29] tomoyo: " Paul Moore
2025-04-09 23:43 ` Kees Cook
2025-05-14 12:05 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 22/29] safesetid: " Paul Moore
2025-04-09 23:43 ` Kees Cook
2025-04-11 19:20 ` Micah Morton
2025-04-11 20:45 ` Paul Moore
2025-05-14 12:18 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 23/29] apparmor: " Paul Moore
2025-04-09 23:44 ` Kees Cook
2025-05-14 13:33 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 24/29] lockdown: " Paul Moore
2025-04-09 23:44 ` Kees Cook
2025-05-14 13:31 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 25/29] ima,evm: " Paul Moore
2025-05-14 13:06 ` John Johansen
2025-06-11 20:09 ` Paul Moore
2025-05-30 22:03 ` Mimi Zohar
2025-06-11 20:27 ` Paul Moore
2025-06-13 20:34 ` Mimi Zohar
2025-07-21 21:59 ` Paul Moore
2025-04-09 18:50 ` [RFC PATCH 26/29] selinux: " Paul Moore
2025-04-10 16:33 ` Stephen Smalley
2025-04-11 3:24 ` Paul Moore
2025-05-23 15:12 ` Casey Schaufler
2025-04-09 18:50 ` [RFC PATCH 27/29] lsm: consolidate all of the LSM framework initcalls Paul Moore
2025-04-09 23:52 ` Kees Cook
2025-04-11 1:21 ` Paul Moore
2025-04-11 2:16 ` Kees Cook
2025-05-14 13:38 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 28/29] lsm: add a LSM_STARTED_ALL notification event Paul Moore
2025-04-09 23:53 ` Kees Cook
2025-05-14 13:34 ` John Johansen
2025-04-09 18:50 ` [RFC PATCH 29/29] lsm: add support for counting lsm_prop support among LSMs Paul Moore
2025-05-13 16:39 ` Casey Schaufler
2025-05-13 20:23 ` Paul Moore
2025-05-14 19:30 ` Casey Schaufler
2025-05-14 20:57 ` Paul Moore
2025-05-14 21:16 ` Casey Schaufler
2025-05-14 22:11 ` Paul Moore
2025-05-15 14:12 ` Casey Schaufler
2025-05-15 18:13 ` Paul Moore
2025-05-15 19:41 ` Casey Schaufler
2025-05-15 21:02 ` Paul Moore
2025-04-10 14:13 ` [RFC PATCH 0/29] Rework the LSM initialization Casey Schaufler
2025-04-10 16:31 ` Kees Cook
2025-04-11 2:28 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202504091656.21EEF38DCA@keescook \
--to=kees@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=gnoack@google.com \
--cc=john.johansen@canonical.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mortonm@chromium.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=wufan@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.