[PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
@ 2023-08-23  6:53 Khadija Kamran
  2023-08-23 12:06 ` Matthew Wilcox
  2023-08-24 13:03 ` kernel test robot
  0 siblings, 2 replies; 5+ messages in thread
From: Khadija Kamran @ 2023-08-23  6:53 UTC (permalink / raw)
  To: linux-kernel, Andrew Morton, linux-mm, Serge Hallyn, Paul Moore,
	James Morris, linux-security-module, Stephen Smalley, Eric Paris,
	selinux, ztarkhani, alison.schofield

The 'vm_enough_memory' hook has implementations registered in SELinux
and commoncap. Looking at the function implementations we observe that
the 'mm' parameter is not changing.

Mark the 'mm' parameter of LSM hook security_vm_enough_memory_mm() as
'const' since it will not be changing in the LSM hook.

Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com>
---
 include/linux/lsm_hook_defs.h | 2 +-
 include/linux/mm.h            | 2 +-
 include/linux/security.h      | 6 +++---
 security/commoncap.c          | 2 +-
 security/security.c           | 2 +-
 security/selinux/hooks.c      | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 6bb55e61e8e8..aabf13482721 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -48,7 +48,7 @@ LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
 LSM_HOOK(int, 0, syslog, int type)
 LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
 	 const struct timezone *tz)
-LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages)
+LSM_HOOK(int, 0, vm_enough_memory, const struct mm_struct *mm, long pages)
 LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm)
 LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, struct file *file)
 LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 27ce77080c79..52d43c5c20cd 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node);
 	     avc; avc = anon_vma_interval_tree_iter_next(avc, start, last))
 
 /* mmap.c */
-extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin);
+extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin);
 extern int vma_expand(struct vma_iterator *vmi, struct vm_area_struct *vma,
 		      unsigned long start, unsigned long end, pgoff_t pgoff,
 		      struct vm_area_struct *next);
diff --git a/include/linux/security.h b/include/linux/security.h
index e2734e9e44d5..442495335ffd 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -169,7 +169,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 extern int cap_task_setscheduler(struct task_struct *p);
 extern int cap_task_setioprio(struct task_struct *p, int ioprio);
 extern int cap_task_setnice(struct task_struct *p, int nice);
-extern int cap_vm_enough_memory(struct mm_struct *mm, long pages);
+extern int cap_vm_enough_memory(const struct mm_struct *mm, long pages);
 
 struct msghdr;
 struct sk_buff;
@@ -287,7 +287,7 @@ int security_quotactl(int cmds, int type, int id, struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
 int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
-int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
+int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages);
 int security_bprm_creds_for_exec(struct linux_binprm *bprm);
 int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
 int security_bprm_check(struct linux_binprm *bprm);
@@ -600,7 +600,7 @@ static inline int security_settime64(const struct timespec64 *ts,
 	return cap_settime(ts, tz);
 }
 
-static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
+static inline int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages)
 {
 	return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages));
 }
diff --git a/security/commoncap.c b/security/commoncap.c
index 0b3fc2f3afe7..b7193f916b2c 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1397,7 +1397,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
  *
  * Return: 1 if permission is granted, 0 if not.
  */
-int cap_vm_enough_memory(struct mm_struct *mm, long pages)
+int cap_vm_enough_memory(const struct mm_struct *mm, long pages)
 {
 	int cap_sys_admin = 0;
 
diff --git a/security/security.c b/security/security.c
index d5ff7ff45b77..f9c3dbc2376b 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1017,7 +1017,7 @@ int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
  * Return: Returns 0 if permission is granted by the LSM infrastructure to the
  *         caller.
  */
-int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
+int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages)
 {
 	struct security_hook_list *hp;
 	int cap_sys_admin = 1;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 79b4890e9936..8ae9cc81902c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2158,7 +2158,7 @@ static int selinux_syslog(int type)
  * Do not audit the selinux permission check, as this is applied to all
  * processes that allocate mappings.
  */
-static int selinux_vm_enough_memory(struct mm_struct *mm, long pages)
+static int selinux_vm_enough_memory(const struct mm_struct *mm, long pages)
 {
 	int rc, cap_sys_admin = 0;
 
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
  2023-08-23  6:53 [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm() Khadija Kamran
@ 2023-08-23 12:06 ` Matthew Wilcox
  2023-09-13 22:01   ` Paul Moore
  2023-08-24 13:03 ` kernel test robot
  1 sibling, 1 reply; 5+ messages in thread
From: Matthew Wilcox @ 2023-08-23 12:06 UTC (permalink / raw)
  To: Khadija Kamran
  Cc: linux-kernel, Andrew Morton, linux-mm, Serge Hallyn, Paul Moore,
	James Morris, linux-security-module, Stephen Smalley, Eric Paris,
	selinux, ztarkhani, alison.schofield

On Wed, Aug 23, 2023 at 11:53:57AM +0500, Khadija Kamran wrote:
> +++ b/include/linux/mm.h
> @@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node);
>  	     avc; avc = anon_vma_interval_tree_iter_next(avc, start, last))
>  
>  /* mmap.c */
> -extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin);
> +extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin);

Could you remove the 'extern' when you touch a function prototype?


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
  2023-08-23 12:06 ` Matthew Wilcox
@ 2023-09-13 22:01   ` Paul Moore
  0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2023-09-13 22:01 UTC (permalink / raw)
  To: Khadija Kamran
  Cc: Matthew Wilcox, linux-kernel, Andrew Morton, linux-mm,
	Serge Hallyn, James Morris, linux-security-module,
	Stephen Smalley, Eric Paris, selinux, ztarkhani, alison.schofield

On Wed, Aug 23, 2023 at 8:07 AM Matthew Wilcox <willy@infradead.org> wrote:
> On Wed, Aug 23, 2023 at 11:53:57AM +0500, Khadija Kamran wrote:
> > +++ b/include/linux/mm.h
> > @@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node);
> >            avc; avc = anon_vma_interval_tree_iter_next(avc, start, last))
> >
> >  /* mmap.c */
> > -extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin);
> > +extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin);
>
> Could you remove the 'extern' when you touch a function prototype?

Khadija, can you please make the change Matthew is requesting?

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
  2023-08-23  6:53 [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm() Khadija Kamran
  2023-08-23 12:06 ` Matthew Wilcox
@ 2023-08-24 13:03 ` kernel test robot
  2023-09-13 22:02   ` Paul Moore
  1 sibling, 1 reply; 5+ messages in thread
From: kernel test robot @ 2023-08-24 13:03 UTC (permalink / raw)
  To: Khadija Kamran, linux-kernel, Andrew Morton, Serge Hallyn,
	Paul Moore, James Morris, linux-security-module, Stephen Smalley,
	Eric Paris, selinux, ztarkhani, alison.schofield
  Cc: oe-kbuild-all, Linux Memory Management List

Hi Khadija,

kernel test robot noticed the following build errors:

[auto build test ERROR on akpm-mm/mm-everything]
[also build test ERROR on pcmoore-selinux/next pcmoore-audit/next linus/master v6.5-rc7 next-20230824]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Khadija-Kamran/lsm-constify-the-mm-parameter-in-security_vm_enough_memory_mm/20230823-145455
base:   https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link:    https://lore.kernel.org/r/ZOWtBTKkfcc8sKkY%40gmail.com
patch subject: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
config: arc-randconfig-001-20230824 (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/config)
compiler: arc-elf-gcc (GCC) 13.2.0
reproduce: (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202308242024.q4KF0YIN-lkp@intel.com/

All errors (new ones prefixed by >>):

>> mm/util.c:928:5: error: conflicting types for '__vm_enough_memory'; have 'int(struct mm_struct *, long int,  int)'
     928 | int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
         |     ^~~~~~~~~~~~~~~~~~
   In file included from mm/util.c:2:
   include/linux/mm.h:3199:12: note: previous declaration of '__vm_enough_memory' with type 'int(const struct mm_struct *, long int,  int)'
    3199 | extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin);
         |            ^~~~~~~~~~~~~~~~~~


vim +928 mm/util.c

39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  911  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  912  /*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  913   * Check that a process has enough memory to allocate a new virtual
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  914   * mapping. 0 means there is enough memory for the allocation to
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  915   * succeed and -ENOMEM implies there is not.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  916   *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  917   * We currently support three overcommit policies, which are set via the
ee65728e103bb7 Mike Rapoport   2022-06-27  918   * vm.overcommit_memory sysctl.  See Documentation/mm/overcommit-accounting.rst
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  919   *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  920   * Strict overcommit modes added 2002 Feb 26 by Alan Cox.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  921   * Additional code 2002 Jul 20 by Robert Love.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  922   *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  923   * cap_sys_admin is 1 if the process has admin privileges, 0 otherwise.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  924   *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  925   * Note this is a helper function intended to be used by LSMs which
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  926   * wish to use this logic.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  927   */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 @928  int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  929  {
8c7829b04c523c Johannes Weiner 2019-05-13  930  	long allowed;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  931  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  932  	vm_acct_memory(pages);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  933  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  934  	/*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  935  	 * Sometimes we want to use more memory than we have
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  936  	 */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  937  	if (sysctl_overcommit_memory == OVERCOMMIT_ALWAYS)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  938  		return 0;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  939  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  940  	if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) {
8c7829b04c523c Johannes Weiner 2019-05-13  941  		if (pages > totalram_pages() + total_swap_pages)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  942  			goto error;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  943  		return 0;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  944  	}
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  945  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  946  	allowed = vm_commit_limit();
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  947  	/*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  948  	 * Reserve some for root
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  949  	 */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  950  	if (!cap_sys_admin)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  951  		allowed -= sysctl_admin_reserve_kbytes >> (PAGE_SHIFT - 10);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  952  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  953  	/*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  954  	 * Don't let a single process grow so big a user can't recover
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  955  	 */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  956  	if (mm) {
8c7829b04c523c Johannes Weiner 2019-05-13  957  		long reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
8c7829b04c523c Johannes Weiner 2019-05-13  958  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  959  		allowed -= min_t(long, mm->total_vm / 32, reserve);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  960  	}
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  961  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  962  	if (percpu_counter_read_positive(&vm_committed_as) < allowed)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  963  		return 0;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  964  error:
6bdfc60cf0f977 Jakub Wilk      2023-02-10  965  	pr_warn_ratelimited("%s: pid: %d, comm: %s, not enough memory for the allocation\n",
44b414c8715c5d Kefeng Wang     2022-07-26  966  			    __func__, current->pid, current->comm);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  967  	vm_unacct_memory(pages);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  968  
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  969  	return -ENOMEM;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  970  }
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17  971  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
  2023-08-24 13:03 ` kernel test robot
@ 2023-09-13 22:02   ` Paul Moore
  0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2023-09-13 22:02 UTC (permalink / raw)
  To: kernel test robot
  Cc: Khadija Kamran, linux-kernel, Andrew Morton, Serge Hallyn,
	James Morris, linux-security-module, Stephen Smalley, Eric Paris,
	selinux, ztarkhani, alison.schofield, oe-kbuild-all,
	Linux Memory Management List

On Thu, Aug 24, 2023 at 9:04 AM kernel test robot <lkp@intel.com> wrote:
>
> Hi Khadija,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on akpm-mm/mm-everything]
> [also build test ERROR on pcmoore-selinux/next pcmoore-audit/next linus/master v6.5-rc7 next-20230824]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url:    https://github.com/intel-lab-lkp/linux/commits/Khadija-Kamran/lsm-constify-the-mm-parameter-in-security_vm_enough_memory_mm/20230823-145455
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
> patch link:    https://lore.kernel.org/r/ZOWtBTKkfcc8sKkY%40gmail.com
> patch subject: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
> config: arc-randconfig-001-20230824 (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/config)
> compiler: arc-elf-gcc (GCC) 13.2.0
> reproduce: (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202308242024.q4KF0YIN-lkp@intel.com/
>
> All errors (new ones prefixed by >>):
>
> >> mm/util.c:928:5: error: conflicting types for '__vm_enough_memory'; have 'int(struct mm_struct *, long int,  int)'
>      928 | int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
>          |     ^~~~~~~~~~~~~~~~~~
>    In file included from mm/util.c:2:
>    include/linux/mm.h:3199:12: note: previous declaration of '__vm_enough_memory' with type 'int(const struct mm_struct *, long int,  int)'
>     3199 | extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin);
>          |            ^~~~~~~~~~~~~~~~~~

It looks like you will also need to update the __vm_enough_memory()
definition to take a const mm_struct parameter.  I looked quickly at
the function just now and I don't think that will be a problem.

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-09-13 22:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-23  6:53 [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm() Khadija Kamran
2023-08-23 12:06 ` Matthew Wilcox
2023-09-13 22:01   ` Paul Moore
2023-08-24 13:03 ` kernel test robot
2023-09-13 22:02   ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).