From: Khadija Kamran <kamrankhadijadj@gmail.com>
To: linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, Serge Hallyn <serge@hallyn.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
linux-security-module@vger.kernel.org,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Eric Paris <eparis@parisplace.org>,
selinux@vger.kernel.org, ztarkhani@microsoft.com,
alison.schofield@intel.com
Subject: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
Date: Wed, 23 Aug 2023 11:53:57 +0500 [thread overview]
Message-ID: <ZOWtBTKkfcc8sKkY@gmail.com> (raw)
The 'vm_enough_memory' hook has implementations registered in SELinux
and commoncap. Looking at the function implementations we observe that
the 'mm' parameter is not changing.
Mark the 'mm' parameter of LSM hook security_vm_enough_memory_mm() as
'const' since it will not be changing in the LSM hook.
Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com>
---
include/linux/lsm_hook_defs.h | 2 +-
include/linux/mm.h | 2 +-
include/linux/security.h | 6 +++---
security/commoncap.c | 2 +-
security/security.c | 2 +-
security/selinux/hooks.c | 2 +-
6 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 6bb55e61e8e8..aabf13482721 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -48,7 +48,7 @@ LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
LSM_HOOK(int, 0, syslog, int type)
LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
const struct timezone *tz)
-LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages)
+LSM_HOOK(int, 0, vm_enough_memory, const struct mm_struct *mm, long pages)
LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm)
LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, struct file *file)
LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 27ce77080c79..52d43c5c20cd 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node);
avc; avc = anon_vma_interval_tree_iter_next(avc, start, last))
/* mmap.c */
-extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin);
+extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin);
extern int vma_expand(struct vma_iterator *vmi, struct vm_area_struct *vma,
unsigned long start, unsigned long end, pgoff_t pgoff,
struct vm_area_struct *next);
diff --git a/include/linux/security.h b/include/linux/security.h
index e2734e9e44d5..442495335ffd 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -169,7 +169,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
extern int cap_task_setscheduler(struct task_struct *p);
extern int cap_task_setioprio(struct task_struct *p, int ioprio);
extern int cap_task_setnice(struct task_struct *p, int nice);
-extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
+extern int cap_vm_enough_memory(const struct mm_struct *mm, long pages);
struct msghdr;
struct sk_buff;
@@ -287,7 +287,7 @@ int security_quotactl(int cmds, int type, int id, struct super_block *sb);
int security_quota_on(struct dentry *dentry);
int security_syslog(int type);
int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
-int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
+int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages);
int security_bprm_creds_for_exec(struct linux_binprm *bprm);
int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
int security_bprm_check(struct linux_binprm *bprm);
@@ -600,7 +600,7 @@ static inline int security_settime64(const struct timespec64 *ts,
return cap_settime(ts, tz);
}
-static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
+static inline int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages)
{
return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
}
diff --git a/security/commoncap.c b/security/commoncap.c
index 0b3fc2f3afe7..b7193f916b2c 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1397,7 +1397,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
*
* Return: 1 if permission is granted, 0 if not.
*/
-int cap_vm_enough_memory(struct mm_struct *mm, long pages)
+int cap_vm_enough_memory(const struct mm_struct *mm, long pages)
{
int cap_sys_admin = 0;
diff --git a/security/security.c b/security/security.c
index d5ff7ff45b77..f9c3dbc2376b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1017,7 +1017,7 @@ int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
* Return: Returns 0 if permission is granted by the LSM infrastructure to the
* caller.
*/
-int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
+int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages)
{
struct security_hook_list *hp;
int cap_sys_admin = 1;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 79b4890e9936..8ae9cc81902c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2158,7 +2158,7 @@ static int selinux_syslog(int type)
* Do not audit the selinux permission check, as this is applied to all
* processes that allocate mappings.
*/
-static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
+static int selinux_vm_enough_memory(const struct mm_struct *mm, long pages)
{
int rc, cap_sys_admin = 0;
--
2.34.1
next reply other threads:[~2023-08-23 6:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-23 6:53 Khadija Kamran [this message]
2023-08-23 12:06 ` [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm() Matthew Wilcox
2023-09-13 22:01 ` Paul Moore
2023-08-24 13:03 ` kernel test robot
2023-09-13 22:02 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZOWtBTKkfcc8sKkY@gmail.com \
--to=kamrankhadijadj@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=alison.schofield@intel.com \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.smalley.work@gmail.com \
--cc=ztarkhani@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.