[RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.

[RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.

[Tetsuo Handa]

This functionality will be used by TOMOYO security module.

In order to officially use an LSM module, that LSM module has to be
built into vmlinux. This limitation has been a big barrier for allowing
distribution kernel users to use LSM modules which the organization who
builds that distribution kernel cannot afford supporting [1]. Therefore,
I've been asking for ability to append LSM hooks from LKM-based LSMs so
that distribution kernel users can use LSMs which the organization who
builds that distribution kernel cannot afford supporting.

In order to unofficially use LSMs which are not built into vmlinux,
I've been maintaining AKARI as an LKM-based LSM which can run on kernels
between 2.6.0 and 6.6. But KP Singh's "Reduce overhead of LSMs with static
calls" proposal will make AKARI more difficult to run because it removes
the linked list. Therefore, reviving ability to officially append LSM
hooks from LKM-based LSMs became an urgent matter.

KP Singh suggested me to implement such LSMs as eBPF programs. But the
result is that eBPF is too restricted to emulate such LSMs [2]. Therefore,
I still need ability to append LSM hooks from LKM-based LSMs.

KP Singh commented

  I think what you can do is send patches for an API for LKM based LSMs
  and have it merged before my series, I will work with the code I have
  and make LKM based LSMs work. If this work gets merged, and your
  use-case is accepted (I think I can speak for at least Kees [if not
  others] too here) we will help you if you get stuck with MAX_LSM_COUNT
  or a dual static call and linked list based approach.

at [3] and I posted one at [4] but I didn't get any response.

Anyway, here is an updated version. This version focused on how to
implement an LSM module which calls LSM hooks in the LKM based LSMs
(mod_lsm). Since there are a lot of duplication between
security/security.c and security/mod_lsm.c , I tried to auto-genarate
typical functions using macros.

The result is that, although I succeeded to avoid bloating total lines
of source code, I feel that it might become less readable. Therefore,
I came to think that we don't need to implement an LSM module which calls
LSM hooks in the LKM based LSMs.

 b/include/linux/bpf_lsm.h       |    1
 b/include/linux/lsm_hook_args.h |  250 +++++++++++++++++++++++++
 b/include/linux/lsm_hook_defs.h |    3
 b/include/linux/lsm_hooks.h     |    2
 b/kernel/bpf/bpf_lsm.c          |    3
 b/security/Makefile             |    2
 b/security/bpf/hooks.c          |    1
 b/security/mod_lsm.c            |  321 ++++++++++++++++++++++++++++++++
 b/security/security.c           |    3
 include/linux/lsm_hook_defs.h   |  780 ++++++++++++++++++++++++++++++++++++++++++-------------------------------------
 include/linux/lsm_hooks.h       |    9
 security/security.c             |  752 ++--------------------------------------------------------------------------
 12 files changed, 1035 insertions(+), 1092 deletions(-)

Instead, directly embedding the code to call LSM hooks in the LKM based
LSMs into call_int_hook() and call_void_hook() macros will save a lot of
symbols compared to implementing functions for calling LSM hooks in the
LKM based LSMs. Since LKM-based LSMs was not officially supported as of
introduction of the lsm= parameter, forcing to call LKM-based LSMs after
calling built-in LSMs will not confuse userspace.

Unless someone has objection on not using an LSM module which calls
LSM hooks in the LKM based LSMs, I'd like to try something like below
in the next version.

 #define call_void_hook(FUNC, ...)				\
 	do {							\
 		struct security_hook_list *P;			\
 								\
 		hlist_for_each_entry(P, &security_hook_heads.FUNC, list) \
 			P->hook.FUNC(__VA_ARGS__);		\
+		if (mod_lsm_enabled) {				\
+			hlist_for_each_entry(P, &mod_lsm_hook_heads.FUNC, list) \
+				P->hook.FUNC(__VA_ARGS__);	\
+		}						\
 	} while (0)
 
 #define call_int_hook(FUNC, IRC, ...) ({			\
 	int RC = IRC;						\
 	do {							\
 		struct security_hook_list *P;			\
 								\
 		hlist_for_each_entry(P, &security_hook_heads.FUNC, list) { \
 			RC = P->hook.FUNC(__VA_ARGS__);		\
 			if (RC != 0)				\
 				break;				\
 		}						\
+		if (mod_lsm_enabled) {				\
+			hlist_for_each_entry(P, &mod_lsm_hook_heads.FUNC, list) { \
+				RC = P->hook.FUNC(__VA_ARGS__);	\
+				if (RC != 0)			\
+					break;			\
+			}					\
+		}						\
 	} while (0);						\
 	RC;							\
 })

Link: https://lkml.kernel.org/r/9b006dfe-450e-4d73-8117-9625d2586dad@I-love.SAKURA.ne.jp [1]
Link: https://lkml.kernel.org/r/c588ca5d-c343-4ea2-a1f1-4efe67ebb8e3@I-love.SAKURA.ne.jp [2]
Link: https://lkml.kernel.org/r/CACYkzJ7ght66802wQFKzokfJKMKDOobYgeaCpu5Gx=iX0EuJVg@mail.gmail.com [3]
Link: https://lkml.kernel.org/r/38b318a5-0a16-4cc2-878e-4efa632236f3@I-love.SAKURA.ne.jp [4]

[PATCH 1/4] LSM: Auto-undef LSM_HOOK macro.

[Tetsuo Handa]

Since all users are doing "#undef LSM_HOOK" immediately after
"#include <linux/lsm_hook_defs.h>" line, let lsm_hook_defs.h do it.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 include/linux/bpf_lsm.h       | 1 -
 include/linux/lsm_hook_defs.h | 3 ++-
 include/linux/lsm_hooks.h     | 2 --
 kernel/bpf/bpf_lsm.c          | 3 ---
 security/bpf/hooks.c          | 1 -
 security/security.c           | 3 ---
 6 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h
index 1de7ece5d36d..01b7a2913cb1 100644
--- a/include/linux/bpf_lsm.h
+++ b/include/linux/bpf_lsm.h
@@ -16,7 +16,6 @@
 #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
 	RET bpf_lsm_##NAME(__VA_ARGS__);
 #include <linux/lsm_hook_defs.h>
-#undef LSM_HOOK
 
 struct bpf_storage_blob {
 	struct bpf_local_storage __rcu *storage;
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index ff217a5ce552..3febbe4ef87c 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -23,7 +23,6 @@
  * struct security_hook_heads {
  *   #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
  *   #include <linux/lsm_hook_defs.h>
- *   #undef LSM_HOOK
  * };
  */
 LSM_HOOK(int, 0, binder_set_context_mgr, const struct cred *mgr)
@@ -419,3 +418,5 @@ LSM_HOOK(int, 0, uring_override_creds, const struct cred *new)
 LSM_HOOK(int, 0, uring_sqpoll, void)
 LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd)
 #endif /* CONFIG_IO_URING */
+
+#undef LSM_HOOK
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index dcb5e5b5eb13..4ba1aedc7901 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -33,13 +33,11 @@
 union security_list_options {
 	#define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);
 	#include "lsm_hook_defs.h"
-	#undef LSM_HOOK
 };
 
 struct security_hook_heads {
 	#define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
 	#include "lsm_hook_defs.h"
-	#undef LSM_HOOK
 } __randomize_layout;
 
 /*
diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index e14c822f8911..025d05c30f11 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -26,14 +26,11 @@ noinline RET bpf_lsm_##NAME(__VA_ARGS__)	\
 {						\
 	return DEFAULT;				\
 }
-
 #include <linux/lsm_hook_defs.h>
-#undef LSM_HOOK
 
 #define LSM_HOOK(RET, DEFAULT, NAME, ...) BTF_ID(func, bpf_lsm_##NAME)
 BTF_SET_START(bpf_lsm_hooks)
 #include <linux/lsm_hook_defs.h>
-#undef LSM_HOOK
 BTF_SET_END(bpf_lsm_hooks)
 
 /* List of LSM hooks that should operate on 'current' cgroup regardless
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index cfaf1d0e6a5f..93bd9b2cf8fc 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -10,7 +10,6 @@ static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = {
 	#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
 	LSM_HOOK_INIT(NAME, bpf_lsm_##NAME),
 	#include <linux/lsm_hook_defs.h>
-	#undef LSM_HOOK
 	LSM_HOOK_INIT(inode_free_security, bpf_inode_storage_free),
 	LSM_HOOK_INIT(task_free, bpf_task_storage_free),
 };
diff --git a/security/security.c b/security/security.c
index dcb3e7014f9b..d35d50b218c6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -407,7 +407,6 @@ int __init early_security_init(void)
 #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
 	INIT_HLIST_HEAD(&security_hook_heads.NAME);
 #include "linux/lsm_hook_defs.h"
-#undef LSM_HOOK
 
 	for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
 		if (!lsm->enabled)
@@ -749,9 +748,7 @@ static int lsm_superblock_alloc(struct super_block *sb)
 	static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT);
 #define LSM_HOOK(RET, DEFAULT, NAME, ...) \
 	DECLARE_LSM_RET_DEFAULT_##RET(DEFAULT, NAME)
-
 #include <linux/lsm_hook_defs.h>
-#undef LSM_HOOK
 
 /*
  * Hook list operation macros.
-- 
2.34.1

[PATCH 2/4] LSM: Add a header file containing only arguments of LSM callback functions.

[Tetsuo Handa]

This file is used by security/mod_lsm.c which is added by PATCH 4/5.
This file is mechanically generated by the following command.

awk 'BEGIN { print "/* SPDX-License-Identifier: GPL-2.0 */" } {
  if (substr($1, 1, 1) == "#" || substr($1, 1, 1) == "*") {
    next
  }
  LINE = LINE $0;
  if (index(LINE, ")") > 0) {
    gsub("*", " ", LINE);
    gsub("[ \t]+", " ", LINE);
    sPos = index(LINE, "(") + 1;
    N = split(substr(LINE, sPos, index(LINE, ")") - sPos), TOKENS, ",")
    if (N >= 4) {
      LINE="#define LSM_CALL_ARGS_" substr(TOKENS[3], match(TOKENS[3], "[A-Za-z]"));
      for (i = 4; i <= N; i++) {
        nWords = split(TOKENS[i], WORDS, " ");
        if (i == 4 && WORDS[nWords] == "void") {
            break;
        }
        LINE=LINE " " WORDS[nWords];
        if (i < N) {
          LINE=LINE ",";
        }
      }
      print LINE;
    }
    LINE = "";
  }
}' include/linux/lsm_hook_defs.h > include/linux/lsm_hook_args.h

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 include/linux/lsm_hook_args.h | 250 ++++++++++++++++++++++++++++++++++
 1 file changed, 250 insertions(+)
 create mode 100644 include/linux/lsm_hook_args.h

diff --git a/include/linux/lsm_hook_args.h b/include/linux/lsm_hook_args.h
new file mode 100644
index 000000000000..d2c4f9401725
--- /dev/null
+++ b/include/linux/lsm_hook_args.h
@@ -0,0 +1,250 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#define LSM_CALL_ARGS_binder_set_context_mgr mgr
+#define LSM_CALL_ARGS_binder_transaction from, to
+#define LSM_CALL_ARGS_binder_transfer_binder from, to
+#define LSM_CALL_ARGS_binder_transfer_file from, to, file
+#define LSM_CALL_ARGS_ptrace_access_check child, mode
+#define LSM_CALL_ARGS_ptrace_traceme parent
+#define LSM_CALL_ARGS_capget target, effective, inheritable, permitted
+#define LSM_CALL_ARGS_capset new, old, effective, inheritable, permitted
+#define LSM_CALL_ARGS_capable cred, ns, cap, opts
+#define LSM_CALL_ARGS_quotactl cmds, type, id, sb
+#define LSM_CALL_ARGS_quota_on dentry
+#define LSM_CALL_ARGS_syslog type
+#define LSM_CALL_ARGS_settime ts, tz
+#define LSM_CALL_ARGS_vm_enough_memory mm, pages
+#define LSM_CALL_ARGS_bprm_creds_for_exec bprm
+#define LSM_CALL_ARGS_bprm_creds_from_file bprm, file
+#define LSM_CALL_ARGS_bprm_check_security bprm
+#define LSM_CALL_ARGS_bprm_committing_creds bprm
+#define LSM_CALL_ARGS_bprm_committed_creds bprm
+#define LSM_CALL_ARGS_fs_context_submount fc, reference
+#define LSM_CALL_ARGS_fs_context_dup fc, src_sc
+#define LSM_CALL_ARGS_fs_context_parse_param fc, param
+#define LSM_CALL_ARGS_sb_alloc_security sb
+#define LSM_CALL_ARGS_sb_delete sb
+#define LSM_CALL_ARGS_sb_free_security sb
+#define LSM_CALL_ARGS_sb_free_mnt_opts mnt_opts
+#define LSM_CALL_ARGS_sb_eat_lsm_opts orig, mnt_opts
+#define LSM_CALL_ARGS_sb_mnt_opts_compat sb, mnt_opts
+#define LSM_CALL_ARGS_sb_remount sb, mnt_opts
+#define LSM_CALL_ARGS_sb_kern_mount sb
+#define LSM_CALL_ARGS_sb_show_options m, sb
+#define LSM_CALL_ARGS_sb_statfs dentry
+#define LSM_CALL_ARGS_sb_mount dev_name, path, type, flags, data
+#define LSM_CALL_ARGS_sb_umount mnt, flags
+#define LSM_CALL_ARGS_sb_pivotroot old_path, new_path
+#define LSM_CALL_ARGS_sb_set_mnt_opts sb, mnt_opts, kern_flags, set_kern_flags
+#define LSM_CALL_ARGS_sb_clone_mnt_opts oldsb, newsb, kern_flags, set_kern_flags
+#define LSM_CALL_ARGS_move_mount from_path, to_path
+#define LSM_CALL_ARGS_dentry_init_security dentry, mode, name, xattr_name, ctx, ctxlen
+#define LSM_CALL_ARGS_dentry_create_files_as dentry, mode, name, old, new
+#define LSM_CALL_ARGS_path_unlink dir, dentry
+#define LSM_CALL_ARGS_path_mkdir dir, dentry, mode
+#define LSM_CALL_ARGS_path_rmdir dir, dentry
+#define LSM_CALL_ARGS_path_mknod dir, dentry, mode, dev
+#define LSM_CALL_ARGS_path_truncate path
+#define LSM_CALL_ARGS_path_symlink dir, dentry, old_name
+#define LSM_CALL_ARGS_path_link old_dentry, new_dir, new_dentry
+#define LSM_CALL_ARGS_path_rename old_dir, old_dentry, new_dir, new_dentry, flags
+#define LSM_CALL_ARGS_path_chmod path, mode
+#define LSM_CALL_ARGS_path_chown path, uid, gid
+#define LSM_CALL_ARGS_path_chroot path
+#define LSM_CALL_ARGS_path_notify path, mask, obj_type
+#define LSM_CALL_ARGS_inode_alloc_security inode
+#define LSM_CALL_ARGS_inode_free_security inode
+#define LSM_CALL_ARGS_inode_init_security inode, dir, qstr, xattrs, xattr_count
+#define LSM_CALL_ARGS_inode_init_security_anon inode, name, context_inode
+#define LSM_CALL_ARGS_inode_create dir, dentry, mode
+#define LSM_CALL_ARGS_inode_link old_dentry, dir, new_dentry
+#define LSM_CALL_ARGS_inode_unlink dir, dentry
+#define LSM_CALL_ARGS_inode_symlink dir, dentry, old_name
+#define LSM_CALL_ARGS_inode_mkdir dir, dentry, mode
+#define LSM_CALL_ARGS_inode_rmdir dir, dentry
+#define LSM_CALL_ARGS_inode_mknod dir, dentry, mode, dev
+#define LSM_CALL_ARGS_inode_rename old_dir, old_dentry, new_dir, new_dentry
+#define LSM_CALL_ARGS_inode_readlink dentry
+#define LSM_CALL_ARGS_inode_follow_link dentry, inode, rcu
+#define LSM_CALL_ARGS_inode_permission inode, mask
+#define LSM_CALL_ARGS_inode_setattr dentry, attr
+#define LSM_CALL_ARGS_inode_getattr path
+#define LSM_CALL_ARGS_inode_setxattr idmap, dentry, name, value, size, flags
+#define LSM_CALL_ARGS_inode_post_setxattr dentry, name, value, size, flags
+#define LSM_CALL_ARGS_inode_getxattr dentry, name
+#define LSM_CALL_ARGS_inode_listxattr dentry
+#define LSM_CALL_ARGS_inode_removexattr idmap, dentry, name
+#define LSM_CALL_ARGS_inode_set_acl idmap, dentry, acl_name, kacl
+#define LSM_CALL_ARGS_inode_get_acl idmap, dentry, acl_name
+#define LSM_CALL_ARGS_inode_remove_acl idmap, dentry, acl_name
+#define LSM_CALL_ARGS_inode_need_killpriv dentry
+#define LSM_CALL_ARGS_inode_killpriv idmap, dentry
+#define LSM_CALL_ARGS_inode_getsecurity idmap, inode, name, buffer, alloc
+#define LSM_CALL_ARGS_inode_setsecurity inode, name, value, size, flags
+#define LSM_CALL_ARGS_inode_listsecurity inode, buffer, buffer_size
+#define LSM_CALL_ARGS_inode_getsecid inode, secid
+#define LSM_CALL_ARGS_inode_copy_up src, new
+#define LSM_CALL_ARGS_inode_copy_up_xattr name
+#define LSM_CALL_ARGS_kernfs_init_security kn_dir, kn
+#define LSM_CALL_ARGS_file_permission file, mask
+#define LSM_CALL_ARGS_file_alloc_security file
+#define LSM_CALL_ARGS_file_free_security file
+#define LSM_CALL_ARGS_file_ioctl file, cmd, arg
+#define LSM_CALL_ARGS_mmap_addr addr
+#define LSM_CALL_ARGS_mmap_file file, reqprot, prot, flags
+#define LSM_CALL_ARGS_file_mprotect vma, reqprot, prot
+#define LSM_CALL_ARGS_file_lock file, cmd
+#define LSM_CALL_ARGS_file_fcntl file, cmd, arg
+#define LSM_CALL_ARGS_file_set_fowner file
+#define LSM_CALL_ARGS_file_send_sigiotask tsk, fown, sig
+#define LSM_CALL_ARGS_file_receive file
+#define LSM_CALL_ARGS_file_open file
+#define LSM_CALL_ARGS_file_truncate file
+#define LSM_CALL_ARGS_task_alloc task, clone_flags
+#define LSM_CALL_ARGS_task_free task
+#define LSM_CALL_ARGS_cred_alloc_blank cred, gfp
+#define LSM_CALL_ARGS_cred_free cred
+#define LSM_CALL_ARGS_cred_prepare new, old, gfp
+#define LSM_CALL_ARGS_cred_transfer new, old
+#define LSM_CALL_ARGS_cred_getsecid c, secid
+#define LSM_CALL_ARGS_kernel_act_as new, secid
+#define LSM_CALL_ARGS_kernel_create_files_as new, inode
+#define LSM_CALL_ARGS_kernel_module_request kmod_name
+#define LSM_CALL_ARGS_kernel_load_data id, contents
+#define LSM_CALL_ARGS_kernel_post_load_data buf, size, id, description
+#define LSM_CALL_ARGS_kernel_read_file file, id, contents
+#define LSM_CALL_ARGS_kernel_post_read_file file, buf, size, id
+#define LSM_CALL_ARGS_task_fix_setuid new, old, flags
+#define LSM_CALL_ARGS_task_fix_setgid new, old, flags
+#define LSM_CALL_ARGS_task_fix_setgroups new, old
+#define LSM_CALL_ARGS_task_setpgid p, pgid
+#define LSM_CALL_ARGS_task_getpgid p
+#define LSM_CALL_ARGS_task_getsid p
+#define LSM_CALL_ARGS_current_getsecid_subj secid
+#define LSM_CALL_ARGS_task_getsecid_obj p, secid
+#define LSM_CALL_ARGS_task_setnice p, nice
+#define LSM_CALL_ARGS_task_setioprio p, ioprio
+#define LSM_CALL_ARGS_task_getioprio p
+#define LSM_CALL_ARGS_task_prlimit cred, tcred, flags
+#define LSM_CALL_ARGS_task_setrlimit p, resource, new_rlim
+#define LSM_CALL_ARGS_task_setscheduler p
+#define LSM_CALL_ARGS_task_getscheduler p
+#define LSM_CALL_ARGS_task_movememory p
+#define LSM_CALL_ARGS_task_kill p, info, sig, cred
+#define LSM_CALL_ARGS_task_prctl option, arg2, arg3, arg4, arg5
+#define LSM_CALL_ARGS_task_to_inode p, inode
+#define LSM_CALL_ARGS_userns_create cred
+#define LSM_CALL_ARGS_ipc_permission ipcp, flag
+#define LSM_CALL_ARGS_ipc_getsecid ipcp, secid
+#define LSM_CALL_ARGS_msg_msg_alloc_security msg
+#define LSM_CALL_ARGS_msg_msg_free_security msg
+#define LSM_CALL_ARGS_msg_queue_alloc_security perm
+#define LSM_CALL_ARGS_msg_queue_free_security perm
+#define LSM_CALL_ARGS_msg_queue_associate perm, msqflg
+#define LSM_CALL_ARGS_msg_queue_msgctl perm, cmd
+#define LSM_CALL_ARGS_msg_queue_msgsnd perm, msg, msqflg
+#define LSM_CALL_ARGS_msg_queue_msgrcv perm, msg, target, type, mode
+#define LSM_CALL_ARGS_shm_alloc_security perm
+#define LSM_CALL_ARGS_shm_free_security perm
+#define LSM_CALL_ARGS_shm_associate perm, shmflg
+#define LSM_CALL_ARGS_shm_shmctl perm, cmd
+#define LSM_CALL_ARGS_shm_shmat perm, shmaddr, shmflg
+#define LSM_CALL_ARGS_sem_alloc_security perm
+#define LSM_CALL_ARGS_sem_free_security perm
+#define LSM_CALL_ARGS_sem_associate perm, semflg
+#define LSM_CALL_ARGS_sem_semctl perm, cmd
+#define LSM_CALL_ARGS_sem_semop perm, sops, nsops, alter
+#define LSM_CALL_ARGS_netlink_send sk, skb
+#define LSM_CALL_ARGS_d_instantiate dentry, inode
+#define LSM_CALL_ARGS_getprocattr p, name, value
+#define LSM_CALL_ARGS_setprocattr name, value, size
+#define LSM_CALL_ARGS_ismaclabel name
+#define LSM_CALL_ARGS_secid_to_secctx secid, secdata, seclen
+#define LSM_CALL_ARGS_secctx_to_secid secdata, seclen, secid
+#define LSM_CALL_ARGS_release_secctx secdata, seclen
+#define LSM_CALL_ARGS_inode_invalidate_secctx inode
+#define LSM_CALL_ARGS_inode_notifysecctx inode, ctx, ctxlen
+#define LSM_CALL_ARGS_inode_setsecctx dentry, ctx, ctxlen
+#define LSM_CALL_ARGS_inode_getsecctx inode, ctx, ctxlen
+#define LSM_CALL_ARGS_post_notification w_cred, cred, n
+#define LSM_CALL_ARGS_watch_key key
+#define LSM_CALL_ARGS_unix_stream_connect sock, other, newsk
+#define LSM_CALL_ARGS_unix_may_send sock, other
+#define LSM_CALL_ARGS_socket_create family, type, protocol, kern
+#define LSM_CALL_ARGS_socket_post_create sock, family, type, protocol, kern
+#define LSM_CALL_ARGS_socket_socketpair socka, sockb
+#define LSM_CALL_ARGS_socket_bind sock, address, addrlen
+#define LSM_CALL_ARGS_socket_connect sock, address, addrlen
+#define LSM_CALL_ARGS_socket_listen sock, backlog
+#define LSM_CALL_ARGS_socket_accept sock, newsock
+#define LSM_CALL_ARGS_socket_sendmsg sock, msg, size
+#define LSM_CALL_ARGS_socket_recvmsg sock, msg, size, flags
+#define LSM_CALL_ARGS_socket_getsockname sock
+#define LSM_CALL_ARGS_socket_getpeername sock
+#define LSM_CALL_ARGS_socket_getsockopt sock, level, optname
+#define LSM_CALL_ARGS_socket_setsockopt sock, level, optname
+#define LSM_CALL_ARGS_socket_shutdown sock, how
+#define LSM_CALL_ARGS_socket_sock_rcv_skb sk, skb
+#define LSM_CALL_ARGS_socket_getpeersec_stream sock, optval, optlen, len
+#define LSM_CALL_ARGS_socket_getpeersec_dgram sock, skb, secid
+#define LSM_CALL_ARGS_sk_alloc_security sk, family, priority
+#define LSM_CALL_ARGS_sk_free_security sk
+#define LSM_CALL_ARGS_sk_clone_security sk, newsk
+#define LSM_CALL_ARGS_sk_getsecid sk, secid
+#define LSM_CALL_ARGS_sock_graft sk, parent
+#define LSM_CALL_ARGS_inet_conn_request sk, skb, req
+#define LSM_CALL_ARGS_inet_csk_clone newsk, req
+#define LSM_CALL_ARGS_inet_conn_established sk, skb
+#define LSM_CALL_ARGS_secmark_relabel_packet secid
+#define LSM_CALL_ARGS_secmark_refcount_inc
+#define LSM_CALL_ARGS_secmark_refcount_dec
+#define LSM_CALL_ARGS_req_classify_flow req, flic
+#define LSM_CALL_ARGS_tun_dev_alloc_security security
+#define LSM_CALL_ARGS_tun_dev_free_security security
+#define LSM_CALL_ARGS_tun_dev_create
+#define LSM_CALL_ARGS_tun_dev_attach_queue security
+#define LSM_CALL_ARGS_tun_dev_attach sk, security
+#define LSM_CALL_ARGS_tun_dev_open security
+#define LSM_CALL_ARGS_sctp_assoc_request asoc, skb
+#define LSM_CALL_ARGS_sctp_bind_connect sk, optname, address, addrlen
+#define LSM_CALL_ARGS_sctp_sk_clone asoc, sk, newsk
+#define LSM_CALL_ARGS_sctp_assoc_established asoc, skb
+#define LSM_CALL_ARGS_mptcp_add_subflow sk, ssk
+#define LSM_CALL_ARGS_ib_pkey_access sec, subnet_prefix, pkey
+#define LSM_CALL_ARGS_ib_endport_manage_subnet sec, dev_name, port_num
+#define LSM_CALL_ARGS_ib_alloc_security sec
+#define LSM_CALL_ARGS_ib_free_security sec
+#define LSM_CALL_ARGS_xfrm_policy_alloc_security ctxp, sec_ctx, gfp
+#define LSM_CALL_ARGS_xfrm_policy_clone_security old_ctx, new_ctx
+#define LSM_CALL_ARGS_xfrm_policy_free_security ctx
+#define LSM_CALL_ARGS_xfrm_policy_delete_security ctx
+#define LSM_CALL_ARGS_xfrm_state_alloc x, sec_ctx
+#define LSM_CALL_ARGS_xfrm_state_alloc_acquire x, polsec, secid
+#define LSM_CALL_ARGS_xfrm_state_free_security x
+#define LSM_CALL_ARGS_xfrm_state_delete_security x
+#define LSM_CALL_ARGS_xfrm_policy_lookup ctx, fl_secid
+#define LSM_CALL_ARGS_xfrm_state_pol_flow_match x, xp, flic
+#define LSM_CALL_ARGS_xfrm_decode_session skb, secid, ckall
+#define LSM_CALL_ARGS_key_alloc key, cred, flags
+#define LSM_CALL_ARGS_key_free key
+#define LSM_CALL_ARGS_key_permission key_ref, cred, need_perm
+#define LSM_CALL_ARGS_key_getsecurity key, buffer
+#define LSM_CALL_ARGS_audit_rule_init field, op, rulestr, lsmrule
+#define LSM_CALL_ARGS_audit_rule_known krule
+#define LSM_CALL_ARGS_audit_rule_match secid, field, op, lsmrule
+#define LSM_CALL_ARGS_audit_rule_free lsmrule
+#define LSM_CALL_ARGS_bpf cmd, attr, size
+#define LSM_CALL_ARGS_bpf_map map, fmode
+#define LSM_CALL_ARGS_bpf_prog prog
+#define LSM_CALL_ARGS_bpf_map_alloc_security map
+#define LSM_CALL_ARGS_bpf_map_free_security map
+#define LSM_CALL_ARGS_bpf_prog_alloc_security aux
+#define LSM_CALL_ARGS_bpf_prog_free_security aux
+#define LSM_CALL_ARGS_locked_down what
+#define LSM_CALL_ARGS_perf_event_open attr, type
+#define LSM_CALL_ARGS_perf_event_alloc event
+#define LSM_CALL_ARGS_perf_event_free event
+#define LSM_CALL_ARGS_perf_event_read event
+#define LSM_CALL_ARGS_perf_event_write event
+#define LSM_CALL_ARGS_uring_override_creds new
+#define LSM_CALL_ARGS_uring_sqpoll
+#define LSM_CALL_ARGS_uring_cmd ioucmd
-- 
2.34.1

[PATCH 3/4] LSM: Break LSM_HOOK() macro into 6 macros.

[Tetsuo Handa]

These macros are used for deduplicating typical functions in
security/security.c and security/mod_lsm.c (which is added by
the next patch).

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 include/linux/lsm_hook_defs.h | 780 ++++++++++++++++++----------------
 1 file changed, 424 insertions(+), 356 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 3febbe4ef87c..4fdb13373fe2 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -25,398 +25,466 @@
  *   #include <linux/lsm_hook_defs.h>
  * };
  */
-LSM_HOOK(int, 0, binder_set_context_mgr, const struct cred *mgr)
-LSM_HOOK(int, 0, binder_transaction, const struct cred *from,
-	 const struct cred *to)
-LSM_HOOK(int, 0, binder_transfer_binder, const struct cred *from,
-	 const struct cred *to)
-LSM_HOOK(int, 0, binder_transfer_file, const struct cred *from,
-	 const struct cred *to, const struct file *file)
-LSM_HOOK(int, 0, ptrace_access_check, struct task_struct *child,
-	 unsigned int mode)
-LSM_HOOK(int, 0, ptrace_traceme, struct task_struct *parent)
-LSM_HOOK(int, 0, capget, const struct task_struct *target, kernel_cap_t *effective,
-	 kernel_cap_t *inheritable, kernel_cap_t *permitted)
-LSM_HOOK(int, 0, capset, struct cred *new, const struct cred *old,
-	 const kernel_cap_t *effective, const kernel_cap_t *inheritable,
-	 const kernel_cap_t *permitted)
-LSM_HOOK(int, 0, capable, const struct cred *cred, struct user_namespace *ns,
-	 int cap, unsigned int opts)
-LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, const struct super_block *sb)
-LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
-LSM_HOOK(int, 0, syslog, int type)
-LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
-	 const struct timezone *tz)
-LSM_HOOK(int, 1, vm_enough_memory, struct mm_struct *mm, long pages)
-LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm)
-LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, const struct file *file)
-LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
-LSM_HOOK(void, LSM_RET_VOID, bprm_committing_creds, const struct linux_binprm *bprm)
-LSM_HOOK(void, LSM_RET_VOID, bprm_committed_creds, const struct linux_binprm *bprm)
-LSM_HOOK(int, 0, fs_context_submount, struct fs_context *fc, struct super_block *reference)
-LSM_HOOK(int, 0, fs_context_dup, struct fs_context *fc,
-	 struct fs_context *src_sc)
-LSM_HOOK(int, -ENOPARAM, fs_context_parse_param, struct fs_context *fc,
-	 struct fs_parameter *param)
-LSM_HOOK(int, 0, sb_alloc_security, struct super_block *sb)
-LSM_HOOK(void, LSM_RET_VOID, sb_delete, struct super_block *sb)
-LSM_HOOK(void, LSM_RET_VOID, sb_free_security, struct super_block *sb)
-LSM_HOOK(void, LSM_RET_VOID, sb_free_mnt_opts, void *mnt_opts)
-LSM_HOOK(int, 0, sb_eat_lsm_opts, char *orig, void **mnt_opts)
-LSM_HOOK(int, 0, sb_mnt_opts_compat, struct super_block *sb, void *mnt_opts)
-LSM_HOOK(int, 0, sb_remount, struct super_block *sb, void *mnt_opts)
-LSM_HOOK(int, 0, sb_kern_mount, const struct super_block *sb)
-LSM_HOOK(int, 0, sb_show_options, struct seq_file *m, struct super_block *sb)
-LSM_HOOK(int, 0, sb_statfs, struct dentry *dentry)
-LSM_HOOK(int, 0, sb_mount, const char *dev_name, const struct path *path,
-	 const char *type, unsigned long flags, void *data)
-LSM_HOOK(int, 0, sb_umount, struct vfsmount *mnt, int flags)
-LSM_HOOK(int, 0, sb_pivotroot, const struct path *old_path,
-	 const struct path *new_path)
-LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts,
-	 unsigned long kern_flags, unsigned long *set_kern_flags)
-LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb,
-	 struct super_block *newsb, unsigned long kern_flags,
-	 unsigned long *set_kern_flags)
-LSM_HOOK(int, 0, move_mount, const struct path *from_path,
-	 const struct path *to_path)
-LSM_HOOK(int, -EOPNOTSUPP, dentry_init_security, struct dentry *dentry,
-	 int mode, const struct qstr *name, const char **xattr_name,
-	 void **ctx, u32 *ctxlen)
-LSM_HOOK(int, 0, dentry_create_files_as, struct dentry *dentry, int mode,
-	 struct qstr *name, const struct cred *old, struct cred *new)
+
+/*
+ * The macro LSM_PLAIN_INT_HOOK can be used to automatically define a callback
+ * function that returns int and the loop can continue as long as the default
+ * return value is returned by callback functions in that loop.
+ * LSM_HOOK is used if this macro is not defined.
+ */
+#ifndef LSM_PLAIN_INT_HOOK
+#define LSM_PLAIN_INT_HOOK LSM_HOOK
+#endif
+
+/*
+ * The macro LSM_CUSTOM_INT_HOOK can be used to define a callback function that
+ * returns int and the loop can continue as long as the default return value is
+ * returned by callback functions in that loop, but that callback function has
+ * something to do before and/or after the loop.
+ * LSM_HOOK is used if this macro is not defined.
+ */
+#ifndef LSM_CUSTOM_INT_HOOK
+#define LSM_CUSTOM_INT_HOOK LSM_HOOK
+#endif
+
+/*
+ * The macro LSM_SPECIAL_INT_HOOK can be used to suppess automatically defining
+ * a callback function that returns int because that callback has something to
+ * do before and/or after calling callback functions in that loop.
+ * LSM_HOOK is used if this macro is not defined.
+ */
+#ifndef LSM_SPECIAL_INT_HOOK
+#define LSM_SPECIAL_INT_HOOK LSM_HOOK
+#endif
+
+/*
+ * The macro LSM_PLAIN_VOID_HOOK can be used to automatically define a callback
+ * function that does not return a value.
+ * LSM_HOOK is used if this macro is not defined.
+ */
+#ifndef LSM_PLAIN_VOID_HOOK
+#define LSM_PLAIN_VOID_HOOK LSM_HOOK
+#endif
+
+/*
+ * The macro LSM_CUSTOM_VOID_HOOK can be used to suppress automatically
+ * defining a callback function that does not return a value because that
+ * callback function has something to do before and/or after the loop.
+ * LSM_HOOK is used if this macro is not defined.
+ */
+#ifndef LSM_CUSTOM_VOID_HOOK
+#define LSM_CUSTOM_VOID_HOOK LSM_HOOK
+#endif
+
+/*
+ * The macro LSM_SPECIAL_VOID_HOOK can be used to suppess automatically defining
+ * a callback function that does not return a value because that callback has
+ * something to do before and/or after calling callback functions in that loop.
+ * LSM_HOOK is used if this macro is not defined.
+ */
+#ifndef LSM_SPECIAL_VOID_HOOK
+#define LSM_SPECIAL_VOID_HOOK LSM_HOOK
+#endif
+
+LSM_PLAIN_INT_HOOK(int, 0, binder_set_context_mgr, const struct cred *mgr)
+LSM_PLAIN_INT_HOOK(int, 0, binder_transaction, const struct cred *from,
+		   const struct cred *to)
+LSM_PLAIN_INT_HOOK(int, 0, binder_transfer_binder, const struct cred *from,
+		   const struct cred *to)
+LSM_PLAIN_INT_HOOK(int, 0, binder_transfer_file, const struct cred *from,
+		   const struct cred *to, const struct file *file)
+LSM_PLAIN_INT_HOOK(int, 0, ptrace_access_check, struct task_struct *child,
+		   unsigned int mode)
+LSM_PLAIN_INT_HOOK(int, 0, ptrace_traceme, struct task_struct *parent)
+LSM_PLAIN_INT_HOOK(int, 0, capget, const struct task_struct *target, kernel_cap_t *effective,
+		   kernel_cap_t *inheritable, kernel_cap_t *permitted)
+LSM_PLAIN_INT_HOOK(int, 0, capset, struct cred *new, const struct cred *old,
+		   const kernel_cap_t *effective, const kernel_cap_t *inheritable,
+		   const kernel_cap_t *permitted)
+LSM_PLAIN_INT_HOOK(int, 0, capable, const struct cred *cred, struct user_namespace *ns,
+		   int cap, unsigned int opts)
+LSM_PLAIN_INT_HOOK(int, 0, quotactl, int cmds, int type, int id, const struct super_block *sb)
+LSM_PLAIN_INT_HOOK(int, 0, quota_on, struct dentry *dentry)
+LSM_PLAIN_INT_HOOK(int, 0, syslog, int type)
+LSM_SPECIAL_INT_HOOK(int, 0, settime, const struct timespec64 *ts,
+		     const struct timezone *tz)
+LSM_SPECIAL_INT_HOOK(int, 1, vm_enough_memory, struct mm_struct *mm, long pages)
+LSM_PLAIN_INT_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm)
+LSM_PLAIN_INT_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, const struct file *file)
+LSM_PLAIN_INT_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, bprm_committing_creds, const struct linux_binprm *bprm)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, bprm_committed_creds, const struct linux_binprm *bprm)
+LSM_PLAIN_INT_HOOK(int, 0, fs_context_submount, struct fs_context *fc,
+		   struct super_block *reference)
+LSM_PLAIN_INT_HOOK(int, 0, fs_context_dup, struct fs_context *fc,
+		   struct fs_context *src_sc)
+LSM_SPECIAL_INT_HOOK(int, -ENOPARAM, fs_context_parse_param, struct fs_context *fc,
+		     struct fs_parameter *param)
+LSM_PLAIN_INT_HOOK(int, 0, sb_alloc_security, struct super_block *sb)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sb_delete, struct super_block *sb)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sb_free_security, struct super_block *sb)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sb_free_mnt_opts, void *mnt_opts)
+LSM_PLAIN_INT_HOOK(int, 0, sb_eat_lsm_opts, char *orig, void **mnt_opts)
+LSM_PLAIN_INT_HOOK(int, 0, sb_mnt_opts_compat, struct super_block *sb, void *mnt_opts)
+LSM_PLAIN_INT_HOOK(int, 0, sb_remount, struct super_block *sb, void *mnt_opts)
+LSM_PLAIN_INT_HOOK(int, 0, sb_kern_mount, const struct super_block *sb)
+LSM_PLAIN_INT_HOOK(int, 0, sb_show_options, struct seq_file *m, struct super_block *sb)
+LSM_PLAIN_INT_HOOK(int, 0, sb_statfs, struct dentry *dentry)
+LSM_PLAIN_INT_HOOK(int, 0, sb_mount, const char *dev_name, const struct path *path,
+		   const char *type, unsigned long flags, void *data)
+LSM_PLAIN_INT_HOOK(int, 0, sb_umount, struct vfsmount *mnt, int flags)
+LSM_PLAIN_INT_HOOK(int, 0, sb_pivotroot, const struct path *old_path,
+		   const struct path *new_path)
+LSM_CUSTOM_INT_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts,
+		    unsigned long kern_flags, unsigned long *set_kern_flags)
+LSM_PLAIN_INT_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb,
+		   struct super_block *newsb, unsigned long kern_flags,
+		   unsigned long *set_kern_flags)
+LSM_PLAIN_INT_HOOK(int, 0, move_mount, const struct path *from_path,
+		   const struct path *to_path)
+LSM_PLAIN_INT_HOOK(int, -EOPNOTSUPP, dentry_init_security, struct dentry *dentry,
+		   int mode, const struct qstr *name, const char **xattr_name,
+		   void **ctx, u32 *ctxlen)
+LSM_PLAIN_INT_HOOK(int, 0, dentry_create_files_as, struct dentry *dentry, int mode,
+		   struct qstr *name, const struct cred *old, struct cred *new)
 
 #ifdef CONFIG_SECURITY_PATH
-LSM_HOOK(int, 0, path_unlink, const struct path *dir, struct dentry *dentry)
-LSM_HOOK(int, 0, path_mkdir, const struct path *dir, struct dentry *dentry,
-	 umode_t mode)
-LSM_HOOK(int, 0, path_rmdir, const struct path *dir, struct dentry *dentry)
-LSM_HOOK(int, 0, path_mknod, const struct path *dir, struct dentry *dentry,
-	 umode_t mode, unsigned int dev)
-LSM_HOOK(int, 0, path_truncate, const struct path *path)
-LSM_HOOK(int, 0, path_symlink, const struct path *dir, struct dentry *dentry,
-	 const char *old_name)
-LSM_HOOK(int, 0, path_link, struct dentry *old_dentry,
-	 const struct path *new_dir, struct dentry *new_dentry)
-LSM_HOOK(int, 0, path_rename, const struct path *old_dir,
-	 struct dentry *old_dentry, const struct path *new_dir,
-	 struct dentry *new_dentry, unsigned int flags)
-LSM_HOOK(int, 0, path_chmod, const struct path *path, umode_t mode)
-LSM_HOOK(int, 0, path_chown, const struct path *path, kuid_t uid, kgid_t gid)
-LSM_HOOK(int, 0, path_chroot, const struct path *path)
+LSM_CUSTOM_INT_HOOK(int, 0, path_unlink, const struct path *dir, struct dentry *dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, path_mkdir, const struct path *dir, struct dentry *dentry,
+		    umode_t mode)
+LSM_CUSTOM_INT_HOOK(int, 0, path_rmdir, const struct path *dir, struct dentry *dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, path_mknod, const struct path *dir, struct dentry *dentry,
+		    umode_t mode, unsigned int dev)
+LSM_CUSTOM_INT_HOOK(int, 0, path_truncate, const struct path *path)
+LSM_CUSTOM_INT_HOOK(int, 0, path_symlink, const struct path *dir, struct dentry *dentry,
+		    const char *old_name)
+LSM_CUSTOM_INT_HOOK(int, 0, path_link, struct dentry *old_dentry,
+		    const struct path *new_dir, struct dentry *new_dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, path_rename, const struct path *old_dir,
+		    struct dentry *old_dentry, const struct path *new_dir,
+		    struct dentry *new_dentry, unsigned int flags)
+LSM_CUSTOM_INT_HOOK(int, 0, path_chmod, const struct path *path, umode_t mode)
+LSM_CUSTOM_INT_HOOK(int, 0, path_chown, const struct path *path, kuid_t uid, kgid_t gid)
+LSM_PLAIN_INT_HOOK(int, 0, path_chroot, const struct path *path)
 #endif /* CONFIG_SECURITY_PATH */
 
 /* Needed for inode based security check */
-LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask,
-	 unsigned int obj_type)
-LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode)
-LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode)
-LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode,
-	 struct inode *dir, const struct qstr *qstr, struct xattr *xattrs,
-	 int *xattr_count)
-LSM_HOOK(int, 0, inode_init_security_anon, struct inode *inode,
-	 const struct qstr *name, const struct inode *context_inode)
-LSM_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry,
-	 umode_t mode)
-LSM_HOOK(int, 0, inode_link, struct dentry *old_dentry, struct inode *dir,
-	 struct dentry *new_dentry)
-LSM_HOOK(int, 0, inode_unlink, struct inode *dir, struct dentry *dentry)
-LSM_HOOK(int, 0, inode_symlink, struct inode *dir, struct dentry *dentry,
-	 const char *old_name)
-LSM_HOOK(int, 0, inode_mkdir, struct inode *dir, struct dentry *dentry,
-	 umode_t mode)
-LSM_HOOK(int, 0, inode_rmdir, struct inode *dir, struct dentry *dentry)
-LSM_HOOK(int, 0, inode_mknod, struct inode *dir, struct dentry *dentry,
-	 umode_t mode, dev_t dev)
-LSM_HOOK(int, 0, inode_rename, struct inode *old_dir, struct dentry *old_dentry,
-	 struct inode *new_dir, struct dentry *new_dentry)
-LSM_HOOK(int, 0, inode_readlink, struct dentry *dentry)
-LSM_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,
-	 bool rcu)
-LSM_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
-LSM_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr)
-LSM_HOOK(int, 0, inode_getattr, const struct path *path)
-LSM_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,
-	 struct dentry *dentry, const char *name, const void *value,
-	 size_t size, int flags)
-LSM_HOOK(void, LSM_RET_VOID, inode_post_setxattr, struct dentry *dentry,
-	 const char *name, const void *value, size_t size, int flags)
-LSM_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name)
-LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry)
-LSM_HOOK(int, 0, inode_removexattr, struct mnt_idmap *idmap,
-	 struct dentry *dentry, const char *name)
-LSM_HOOK(int, 0, inode_set_acl, struct mnt_idmap *idmap,
-	 struct dentry *dentry, const char *acl_name, struct posix_acl *kacl)
-LSM_HOOK(int, 0, inode_get_acl, struct mnt_idmap *idmap,
-	 struct dentry *dentry, const char *acl_name)
-LSM_HOOK(int, 0, inode_remove_acl, struct mnt_idmap *idmap,
-	 struct dentry *dentry, const char *acl_name)
-LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry)
-LSM_HOOK(int, 0, inode_killpriv, struct mnt_idmap *idmap,
-	 struct dentry *dentry)
-LSM_HOOK(int, -EOPNOTSUPP, inode_getsecurity, struct mnt_idmap *idmap,
-	 struct inode *inode, const char *name, void **buffer, bool alloc)
-LSM_HOOK(int, -EOPNOTSUPP, inode_setsecurity, struct inode *inode,
-	 const char *name, const void *value, size_t size, int flags)
-LSM_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer,
-	 size_t buffer_size)
-LSM_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid)
-LSM_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new)
-LSM_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name)
-LSM_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,
-	 struct kernfs_node *kn)
-LSM_HOOK(int, 0, file_permission, struct file *file, int mask)
-LSM_HOOK(int, 0, file_alloc_security, struct file *file)
-LSM_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file)
-LSM_HOOK(int, 0, file_ioctl, struct file *file, unsigned int cmd,
-	 unsigned long arg)
-LSM_HOOK(int, 0, mmap_addr, unsigned long addr)
-LSM_HOOK(int, 0, mmap_file, struct file *file, unsigned long reqprot,
-	 unsigned long prot, unsigned long flags)
-LSM_HOOK(int, 0, file_mprotect, struct vm_area_struct *vma,
-	 unsigned long reqprot, unsigned long prot)
-LSM_HOOK(int, 0, file_lock, struct file *file, unsigned int cmd)
-LSM_HOOK(int, 0, file_fcntl, struct file *file, unsigned int cmd,
-	 unsigned long arg)
-LSM_HOOK(void, LSM_RET_VOID, file_set_fowner, struct file *file)
-LSM_HOOK(int, 0, file_send_sigiotask, struct task_struct *tsk,
-	 struct fown_struct *fown, int sig)
-LSM_HOOK(int, 0, file_receive, struct file *file)
-LSM_HOOK(int, 0, file_open, struct file *file)
-LSM_HOOK(int, 0, file_truncate, struct file *file)
-LSM_HOOK(int, 0, task_alloc, struct task_struct *task,
-	 unsigned long clone_flags)
-LSM_HOOK(void, LSM_RET_VOID, task_free, struct task_struct *task)
-LSM_HOOK(int, 0, cred_alloc_blank, struct cred *cred, gfp_t gfp)
-LSM_HOOK(void, LSM_RET_VOID, cred_free, struct cred *cred)
-LSM_HOOK(int, 0, cred_prepare, struct cred *new, const struct cred *old,
-	 gfp_t gfp)
-LSM_HOOK(void, LSM_RET_VOID, cred_transfer, struct cred *new,
-	 const struct cred *old)
-LSM_HOOK(void, LSM_RET_VOID, cred_getsecid, const struct cred *c, u32 *secid)
-LSM_HOOK(int, 0, kernel_act_as, struct cred *new, u32 secid)
-LSM_HOOK(int, 0, kernel_create_files_as, struct cred *new, struct inode *inode)
-LSM_HOOK(int, 0, kernel_module_request, char *kmod_name)
-LSM_HOOK(int, 0, kernel_load_data, enum kernel_load_data_id id, bool contents)
-LSM_HOOK(int, 0, kernel_post_load_data, char *buf, loff_t size,
-	 enum kernel_load_data_id id, char *description)
-LSM_HOOK(int, 0, kernel_read_file, struct file *file,
-	 enum kernel_read_file_id id, bool contents)
-LSM_HOOK(int, 0, kernel_post_read_file, struct file *file, char *buf,
-	 loff_t size, enum kernel_read_file_id id)
-LSM_HOOK(int, 0, task_fix_setuid, struct cred *new, const struct cred *old,
-	 int flags)
-LSM_HOOK(int, 0, task_fix_setgid, struct cred *new, const struct cred * old,
-	 int flags)
-LSM_HOOK(int, 0, task_fix_setgroups, struct cred *new, const struct cred * old)
-LSM_HOOK(int, 0, task_setpgid, struct task_struct *p, pid_t pgid)
-LSM_HOOK(int, 0, task_getpgid, struct task_struct *p)
-LSM_HOOK(int, 0, task_getsid, struct task_struct *p)
-LSM_HOOK(void, LSM_RET_VOID, current_getsecid_subj, u32 *secid)
-LSM_HOOK(void, LSM_RET_VOID, task_getsecid_obj,
-	 struct task_struct *p, u32 *secid)
-LSM_HOOK(int, 0, task_setnice, struct task_struct *p, int nice)
-LSM_HOOK(int, 0, task_setioprio, struct task_struct *p, int ioprio)
-LSM_HOOK(int, 0, task_getioprio, struct task_struct *p)
-LSM_HOOK(int, 0, task_prlimit, const struct cred *cred,
-	 const struct cred *tcred, unsigned int flags)
-LSM_HOOK(int, 0, task_setrlimit, struct task_struct *p, unsigned int resource,
-	 struct rlimit *new_rlim)
-LSM_HOOK(int, 0, task_setscheduler, struct task_struct *p)
-LSM_HOOK(int, 0, task_getscheduler, struct task_struct *p)
-LSM_HOOK(int, 0, task_movememory, struct task_struct *p)
-LSM_HOOK(int, 0, task_kill, struct task_struct *p, struct kernel_siginfo *info,
-	 int sig, const struct cred *cred)
-LSM_HOOK(int, -ENOSYS, task_prctl, int option, unsigned long arg2,
-	 unsigned long arg3, unsigned long arg4, unsigned long arg5)
-LSM_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p,
-	 struct inode *inode)
-LSM_HOOK(int, 0, userns_create, const struct cred *cred)
-LSM_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag)
-LSM_HOOK(void, LSM_RET_VOID, ipc_getsecid, struct kern_ipc_perm *ipcp,
-	 u32 *secid)
-LSM_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg)
-LSM_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg)
-LSM_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm)
-LSM_HOOK(void, LSM_RET_VOID, msg_queue_free_security,
-	 struct kern_ipc_perm *perm)
-LSM_HOOK(int, 0, msg_queue_associate, struct kern_ipc_perm *perm, int msqflg)
-LSM_HOOK(int, 0, msg_queue_msgctl, struct kern_ipc_perm *perm, int cmd)
-LSM_HOOK(int, 0, msg_queue_msgsnd, struct kern_ipc_perm *perm,
-	 struct msg_msg *msg, int msqflg)
-LSM_HOOK(int, 0, msg_queue_msgrcv, struct kern_ipc_perm *perm,
-	 struct msg_msg *msg, struct task_struct *target, long type, int mode)
-LSM_HOOK(int, 0, shm_alloc_security, struct kern_ipc_perm *perm)
-LSM_HOOK(void, LSM_RET_VOID, shm_free_security, struct kern_ipc_perm *perm)
-LSM_HOOK(int, 0, shm_associate, struct kern_ipc_perm *perm, int shmflg)
-LSM_HOOK(int, 0, shm_shmctl, struct kern_ipc_perm *perm, int cmd)
-LSM_HOOK(int, 0, shm_shmat, struct kern_ipc_perm *perm, char __user *shmaddr,
-	 int shmflg)
-LSM_HOOK(int, 0, sem_alloc_security, struct kern_ipc_perm *perm)
-LSM_HOOK(void, LSM_RET_VOID, sem_free_security, struct kern_ipc_perm *perm)
-LSM_HOOK(int, 0, sem_associate, struct kern_ipc_perm *perm, int semflg)
-LSM_HOOK(int, 0, sem_semctl, struct kern_ipc_perm *perm, int cmd)
-LSM_HOOK(int, 0, sem_semop, struct kern_ipc_perm *perm, struct sembuf *sops,
-	 unsigned nsops, int alter)
-LSM_HOOK(int, 0, netlink_send, struct sock *sk, struct sk_buff *skb)
-LSM_HOOK(void, LSM_RET_VOID, d_instantiate, struct dentry *dentry,
-	 struct inode *inode)
-LSM_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name,
-	 char **value)
-LSM_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size)
-LSM_HOOK(int, 0, ismaclabel, const char *name)
-LSM_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, char **secdata,
-	 u32 *seclen)
-LSM_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32 *secid)
-LSM_HOOK(void, LSM_RET_VOID, release_secctx, char *secdata, u32 seclen)
-LSM_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode)
-LSM_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen)
-LSM_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen)
-LSM_HOOK(int, -EOPNOTSUPP, inode_getsecctx, struct inode *inode, void **ctx,
-	 u32 *ctxlen)
+LSM_PLAIN_INT_HOOK(int, 0, path_notify, const struct path *path, u64 mask,
+		   unsigned int obj_type)
+LSM_PLAIN_INT_HOOK(int, 0, inode_alloc_security, struct inode *inode)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode)
+LSM_SPECIAL_INT_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode,
+		     struct inode *dir, const struct qstr *qstr, struct xattr *xattrs,
+		     int *xattr_count)
+LSM_PLAIN_INT_HOOK(int, 0, inode_init_security_anon, struct inode *inode,
+		   const struct qstr *name, const struct inode *context_inode)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_create, struct inode *dir, struct dentry *dentry,
+		    umode_t mode)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_link, struct dentry *old_dentry, struct inode *dir,
+		    struct dentry *new_dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_unlink, struct inode *dir, struct dentry *dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_symlink, struct inode *dir, struct dentry *dentry,
+		    const char *old_name)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_mkdir, struct inode *dir, struct dentry *dentry,
+		    umode_t mode)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_rmdir, struct inode *dir, struct dentry *dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_mknod, struct inode *dir, struct dentry *dentry,
+		    umode_t mode, dev_t dev)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_rename, struct inode *old_dir, struct dentry *old_dentry,
+		    struct inode *new_dir, struct dentry *new_dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_readlink, struct dentry *dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_follow_link, struct dentry *dentry, struct inode *inode,
+		    bool rcu)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_permission, struct inode *inode, int mask)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_setattr, struct dentry *dentry, struct iattr *attr)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_getattr, const struct path *path)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_setxattr, struct mnt_idmap *idmap,
+		    struct dentry *dentry, const char *name, const void *value,
+		    size_t size, int flags)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, inode_post_setxattr, struct dentry *dentry,
+		     const char *name, const void *value, size_t size, int flags)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_listxattr, struct dentry *dentry)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_removexattr, struct mnt_idmap *idmap,
+		    struct dentry *dentry, const char *name)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_set_acl, struct mnt_idmap *idmap,
+		    struct dentry *dentry, const char *acl_name, struct posix_acl *kacl)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_get_acl, struct mnt_idmap *idmap,
+		    struct dentry *dentry, const char *acl_name)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_remove_acl, struct mnt_idmap *idmap,
+		    struct dentry *dentry, const char *acl_name)
+LSM_PLAIN_INT_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry)
+LSM_PLAIN_INT_HOOK(int, 0, inode_killpriv, struct mnt_idmap *idmap,
+		   struct dentry *dentry)
+LSM_CUSTOM_INT_HOOK(int, -EOPNOTSUPP, inode_getsecurity, struct mnt_idmap *idmap,
+		    struct inode *inode, const char *name, void **buffer, bool alloc)
+LSM_CUSTOM_INT_HOOK(int, -EOPNOTSUPP, inode_setsecurity, struct inode *inode,
+		    const char *name, const void *value, size_t size, int flags)
+LSM_CUSTOM_INT_HOOK(int, 0, inode_listsecurity, struct inode *inode, char *buffer,
+		    size_t buffer_size)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, inode_getsecid, struct inode *inode, u32 *secid)
+LSM_PLAIN_INT_HOOK(int, 0, inode_copy_up, struct dentry *src, struct cred **new)
+LSM_CUSTOM_INT_HOOK(int, -EOPNOTSUPP, inode_copy_up_xattr, const char *name)
+LSM_PLAIN_INT_HOOK(int, 0, kernfs_init_security, struct kernfs_node *kn_dir,
+		   struct kernfs_node *kn)
+LSM_CUSTOM_INT_HOOK(int, 0, file_permission, struct file *file, int mask)
+LSM_PLAIN_INT_HOOK(int, 0, file_alloc_security, struct file *file)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file)
+LSM_PLAIN_INT_HOOK(int, 0, file_ioctl, struct file *file, unsigned int cmd,
+		   unsigned long arg)
+LSM_PLAIN_INT_HOOK(int, 0, mmap_addr, unsigned long addr)
+LSM_CUSTOM_INT_HOOK(int, 0, mmap_file, struct file *file, unsigned long reqprot,
+		    unsigned long prot, unsigned long flags)
+LSM_CUSTOM_INT_HOOK(int, 0, file_mprotect, struct vm_area_struct *vma,
+		    unsigned long reqprot, unsigned long prot)
+LSM_PLAIN_INT_HOOK(int, 0, file_lock, struct file *file, unsigned int cmd)
+LSM_PLAIN_INT_HOOK(int, 0, file_fcntl, struct file *file, unsigned int cmd,
+		   unsigned long arg)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, file_set_fowner, struct file *file)
+LSM_PLAIN_INT_HOOK(int, 0, file_send_sigiotask, struct task_struct *tsk,
+		   struct fown_struct *fown, int sig)
+LSM_PLAIN_INT_HOOK(int, 0, file_receive, struct file *file)
+LSM_CUSTOM_INT_HOOK(int, 0, file_open, struct file *file)
+LSM_PLAIN_INT_HOOK(int, 0, file_truncate, struct file *file)
+LSM_CUSTOM_INT_HOOK(int, 0, task_alloc, struct task_struct *task,
+		    unsigned long clone_flags)
+LSM_SPECIAL_VOID_HOOK(void, LSM_RET_VOID, task_free, struct task_struct *task)
+LSM_CUSTOM_INT_HOOK(int, 0, cred_alloc_blank, struct cred *cred, gfp_t gfp)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, cred_free, struct cred *cred)
+LSM_PLAIN_INT_HOOK(int, 0, cred_prepare, struct cred *new, const struct cred *old,
+		   gfp_t gfp)
+LSM_SPECIAL_VOID_HOOK(void, LSM_RET_VOID, cred_transfer, struct cred *new,
+		      const struct cred *old)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, cred_getsecid, const struct cred *c, u32 *secid)
+LSM_PLAIN_INT_HOOK(int, 0, kernel_act_as, struct cred *new, u32 secid)
+LSM_PLAIN_INT_HOOK(int, 0, kernel_create_files_as, struct cred *new, struct inode *inode)
+LSM_CUSTOM_INT_HOOK(int, 0, kernel_module_request, char *kmod_name)
+LSM_CUSTOM_INT_HOOK(int, 0, kernel_load_data, enum kernel_load_data_id id, bool contents)
+LSM_CUSTOM_INT_HOOK(int, 0, kernel_post_load_data, char *buf, loff_t size,
+		    enum kernel_load_data_id id, char *description)
+LSM_CUSTOM_INT_HOOK(int, 0, kernel_read_file, struct file *file,
+		    enum kernel_read_file_id id, bool contents)
+LSM_CUSTOM_INT_HOOK(int, 0, kernel_post_read_file, struct file *file, char *buf,
+		    loff_t size, enum kernel_read_file_id id)
+LSM_PLAIN_INT_HOOK(int, 0, task_fix_setuid, struct cred *new, const struct cred *old,
+		   int flags)
+LSM_PLAIN_INT_HOOK(int, 0, task_fix_setgid, struct cred *new, const struct cred *old,
+		   int flags)
+LSM_PLAIN_INT_HOOK(int, 0, task_fix_setgroups, struct cred *new, const struct cred *old)
+LSM_PLAIN_INT_HOOK(int, 0, task_setpgid, struct task_struct *p, pid_t pgid)
+LSM_PLAIN_INT_HOOK(int, 0, task_getpgid, struct task_struct *p)
+LSM_PLAIN_INT_HOOK(int, 0, task_getsid, struct task_struct *p)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, current_getsecid_subj, u32 *secid)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, task_getsecid_obj,
+		     struct task_struct *p, u32 *secid)
+LSM_PLAIN_INT_HOOK(int, 0, task_setnice, struct task_struct *p, int nice)
+LSM_PLAIN_INT_HOOK(int, 0, task_setioprio, struct task_struct *p, int ioprio)
+LSM_PLAIN_INT_HOOK(int, 0, task_getioprio, struct task_struct *p)
+LSM_PLAIN_INT_HOOK(int, 0, task_prlimit, const struct cred *cred,
+		   const struct cred *tcred, unsigned int flags)
+LSM_PLAIN_INT_HOOK(int, 0, task_setrlimit, struct task_struct *p, unsigned int resource,
+		   struct rlimit *new_rlim)
+LSM_PLAIN_INT_HOOK(int, 0, task_setscheduler, struct task_struct *p)
+LSM_PLAIN_INT_HOOK(int, 0, task_getscheduler, struct task_struct *p)
+LSM_PLAIN_INT_HOOK(int, 0, task_movememory, struct task_struct *p)
+LSM_PLAIN_INT_HOOK(int, 0, task_kill, struct task_struct *p, struct kernel_siginfo *info,
+		   int sig, const struct cred *cred)
+LSM_SPECIAL_INT_HOOK(int, -ENOSYS, task_prctl, int option, unsigned long arg2,
+		     unsigned long arg3, unsigned long arg4, unsigned long arg5)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, task_to_inode, struct task_struct *p,
+		    struct inode *inode)
+LSM_SPECIAL_INT_HOOK(int, 0, userns_create, const struct cred *cred)
+LSM_PLAIN_INT_HOOK(int, 0, ipc_permission, struct kern_ipc_perm *ipcp, short flag)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, ipc_getsecid, struct kern_ipc_perm *ipcp,
+		     u32 *secid)
+LSM_PLAIN_INT_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg)
+LSM_PLAIN_INT_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, msg_queue_free_security,
+		    struct kern_ipc_perm *perm)
+LSM_PLAIN_INT_HOOK(int, 0, msg_queue_associate, struct kern_ipc_perm *perm, int msqflg)
+LSM_PLAIN_INT_HOOK(int, 0, msg_queue_msgctl, struct kern_ipc_perm *perm, int cmd)
+LSM_PLAIN_INT_HOOK(int, 0, msg_queue_msgsnd, struct kern_ipc_perm *perm,
+		   struct msg_msg *msg, int msqflg)
+LSM_PLAIN_INT_HOOK(int, 0, msg_queue_msgrcv, struct kern_ipc_perm *perm,
+		   struct msg_msg *msg, struct task_struct *target, long type, int mode)
+LSM_PLAIN_INT_HOOK(int, 0, shm_alloc_security, struct kern_ipc_perm *perm)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, shm_free_security, struct kern_ipc_perm *perm)
+LSM_PLAIN_INT_HOOK(int, 0, shm_associate, struct kern_ipc_perm *perm, int shmflg)
+LSM_PLAIN_INT_HOOK(int, 0, shm_shmctl, struct kern_ipc_perm *perm, int cmd)
+LSM_PLAIN_INT_HOOK(int, 0, shm_shmat, struct kern_ipc_perm *perm, char __user *shmaddr,
+		   int shmflg)
+LSM_PLAIN_INT_HOOK(int, 0, sem_alloc_security, struct kern_ipc_perm *perm)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sem_free_security, struct kern_ipc_perm *perm)
+LSM_PLAIN_INT_HOOK(int, 0, sem_associate, struct kern_ipc_perm *perm, int semflg)
+LSM_PLAIN_INT_HOOK(int, 0, sem_semctl, struct kern_ipc_perm *perm, int cmd)
+LSM_PLAIN_INT_HOOK(int, 0, sem_semop, struct kern_ipc_perm *perm, struct sembuf *sops,
+		   unsigned int nsops, int alter)
+LSM_PLAIN_INT_HOOK(int, 0, netlink_send, struct sock *sk, struct sk_buff *skb)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, d_instantiate, struct dentry *dentry,
+		     struct inode *inode)
+LSM_SPECIAL_INT_HOOK(int, -EINVAL, getprocattr, struct task_struct *p, const char *name,
+		     char **value)
+LSM_SPECIAL_INT_HOOK(int, -EINVAL, setprocattr, const char *name, void *value, size_t size)
+LSM_PLAIN_INT_HOOK(int, 0, ismaclabel, const char *name)
+LSM_PLAIN_INT_HOOK(int, -EOPNOTSUPP, secid_to_secctx, u32 secid, char **secdata,
+		   u32 *seclen)
+LSM_CUSTOM_INT_HOOK(int, 0, secctx_to_secid, const char *secdata, u32 seclen, u32 *secid)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, release_secctx, char *secdata, u32 seclen)
+LSM_CUSTOM_VOID_HOOK(void, LSM_RET_VOID, inode_invalidate_secctx, struct inode *inode)
+LSM_PLAIN_INT_HOOK(int, 0, inode_notifysecctx, struct inode *inode, void *ctx, u32 ctxlen)
+LSM_PLAIN_INT_HOOK(int, 0, inode_setsecctx, struct dentry *dentry, void *ctx, u32 ctxlen)
+LSM_SPECIAL_INT_HOOK(int, -EOPNOTSUPP, inode_getsecctx, struct inode *inode, void **ctx,
+		     u32 *ctxlen)
 
 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
-LSM_HOOK(int, 0, post_notification, const struct cred *w_cred,
-	 const struct cred *cred, struct watch_notification *n)
+LSM_PLAIN_INT_HOOK(int, 0, post_notification, const struct cred *w_cred,
+		   const struct cred *cred, struct watch_notification *n)
 #endif /* CONFIG_SECURITY && CONFIG_WATCH_QUEUE */
 
 #if defined(CONFIG_SECURITY) && defined(CONFIG_KEY_NOTIFICATIONS)
-LSM_HOOK(int, 0, watch_key, struct key *key)
+LSM_PLAIN_INT_HOOK(int, 0, watch_key, struct key *key)
 #endif /* CONFIG_SECURITY && CONFIG_KEY_NOTIFICATIONS */
 
 #ifdef CONFIG_SECURITY_NETWORK
-LSM_HOOK(int, 0, unix_stream_connect, struct sock *sock, struct sock *other,
-	 struct sock *newsk)
-LSM_HOOK(int, 0, unix_may_send, struct socket *sock, struct socket *other)
-LSM_HOOK(int, 0, socket_create, int family, int type, int protocol, int kern)
-LSM_HOOK(int, 0, socket_post_create, struct socket *sock, int family, int type,
-	 int protocol, int kern)
-LSM_HOOK(int, 0, socket_socketpair, struct socket *socka, struct socket *sockb)
-LSM_HOOK(int, 0, socket_bind, struct socket *sock, struct sockaddr *address,
-	 int addrlen)
-LSM_HOOK(int, 0, socket_connect, struct socket *sock, struct sockaddr *address,
-	 int addrlen)
-LSM_HOOK(int, 0, socket_listen, struct socket *sock, int backlog)
-LSM_HOOK(int, 0, socket_accept, struct socket *sock, struct socket *newsock)
-LSM_HOOK(int, 0, socket_sendmsg, struct socket *sock, struct msghdr *msg,
-	 int size)
-LSM_HOOK(int, 0, socket_recvmsg, struct socket *sock, struct msghdr *msg,
-	 int size, int flags)
-LSM_HOOK(int, 0, socket_getsockname, struct socket *sock)
-LSM_HOOK(int, 0, socket_getpeername, struct socket *sock)
-LSM_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname)
-LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname)
-LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how)
-LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb)
-LSM_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock,
-	 sockptr_t optval, sockptr_t optlen, unsigned int len)
-LSM_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock,
-	 struct sk_buff *skb, u32 *secid)
-LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority)
-LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk)
-LSM_HOOK(void, LSM_RET_VOID, sk_clone_security, const struct sock *sk,
-	 struct sock *newsk)
-LSM_HOOK(void, LSM_RET_VOID, sk_getsecid, const struct sock *sk, u32 *secid)
-LSM_HOOK(void, LSM_RET_VOID, sock_graft, struct sock *sk, struct socket *parent)
-LSM_HOOK(int, 0, inet_conn_request, const struct sock *sk, struct sk_buff *skb,
-	 struct request_sock *req)
-LSM_HOOK(void, LSM_RET_VOID, inet_csk_clone, struct sock *newsk,
-	 const struct request_sock *req)
-LSM_HOOK(void, LSM_RET_VOID, inet_conn_established, struct sock *sk,
-	 struct sk_buff *skb)
-LSM_HOOK(int, 0, secmark_relabel_packet, u32 secid)
-LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_inc, void)
-LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_dec, void)
-LSM_HOOK(void, LSM_RET_VOID, req_classify_flow, const struct request_sock *req,
-	 struct flowi_common *flic)
-LSM_HOOK(int, 0, tun_dev_alloc_security, void **security)
-LSM_HOOK(void, LSM_RET_VOID, tun_dev_free_security, void *security)
-LSM_HOOK(int, 0, tun_dev_create, void)
-LSM_HOOK(int, 0, tun_dev_attach_queue, void *security)
-LSM_HOOK(int, 0, tun_dev_attach, struct sock *sk, void *security)
-LSM_HOOK(int, 0, tun_dev_open, void *security)
-LSM_HOOK(int, 0, sctp_assoc_request, struct sctp_association *asoc,
-	 struct sk_buff *skb)
-LSM_HOOK(int, 0, sctp_bind_connect, struct sock *sk, int optname,
-	 struct sockaddr *address, int addrlen)
-LSM_HOOK(void, LSM_RET_VOID, sctp_sk_clone, struct sctp_association *asoc,
-	 struct sock *sk, struct sock *newsk)
-LSM_HOOK(int, 0, sctp_assoc_established, struct sctp_association *asoc,
-	 struct sk_buff *skb)
-LSM_HOOK(int, 0, mptcp_add_subflow, struct sock *sk, struct sock *ssk)
+LSM_PLAIN_INT_HOOK(int, 0, unix_stream_connect, struct sock *sock, struct sock *other,
+		   struct sock *newsk)
+LSM_PLAIN_INT_HOOK(int, 0, unix_may_send, struct socket *sock, struct socket *other)
+LSM_PLAIN_INT_HOOK(int, 0, socket_create, int family, int type, int protocol, int kern)
+LSM_PLAIN_INT_HOOK(int, 0, socket_post_create, struct socket *sock, int family, int type,
+		   int protocol, int kern)
+LSM_PLAIN_INT_HOOK(int, 0, socket_socketpair, struct socket *socka, struct socket *sockb)
+LSM_PLAIN_INT_HOOK(int, 0, socket_bind, struct socket *sock, struct sockaddr *address,
+		   int addrlen)
+LSM_PLAIN_INT_HOOK(int, 0, socket_connect, struct socket *sock, struct sockaddr *address,
+		   int addrlen)
+LSM_PLAIN_INT_HOOK(int, 0, socket_listen, struct socket *sock, int backlog)
+LSM_PLAIN_INT_HOOK(int, 0, socket_accept, struct socket *sock, struct socket *newsock)
+LSM_PLAIN_INT_HOOK(int, 0, socket_sendmsg, struct socket *sock, struct msghdr *msg,
+		   int size)
+LSM_PLAIN_INT_HOOK(int, 0, socket_recvmsg, struct socket *sock, struct msghdr *msg,
+		   int size, int flags)
+LSM_PLAIN_INT_HOOK(int, 0, socket_getsockname, struct socket *sock)
+LSM_PLAIN_INT_HOOK(int, 0, socket_getpeername, struct socket *sock)
+LSM_PLAIN_INT_HOOK(int, 0, socket_getsockopt, struct socket *sock, int level, int optname)
+LSM_PLAIN_INT_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname)
+LSM_PLAIN_INT_HOOK(int, 0, socket_shutdown, struct socket *sock, int how)
+LSM_SPECIAL_INT_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb)
+LSM_SPECIAL_INT_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock,
+		     sockptr_t optval, sockptr_t optlen, unsigned int len)
+LSM_SPECIAL_INT_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock,
+		     struct sk_buff *skb, u32 *secid)
+LSM_SPECIAL_INT_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority)
+LSM_SPECIAL_VOID_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk)
+LSM_SPECIAL_VOID_HOOK(void, LSM_RET_VOID, sk_clone_security, const struct sock *sk,
+		      struct sock *newsk)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sk_getsecid, const struct sock *sk, u32 *secid)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sock_graft, struct sock *sk, struct socket *parent)
+LSM_PLAIN_INT_HOOK(int, 0, inet_conn_request, const struct sock *sk, struct sk_buff *skb,
+		   struct request_sock *req)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, inet_csk_clone, struct sock *newsk,
+		    const struct request_sock *req)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, inet_conn_established, struct sock *sk,
+		    struct sk_buff *skb)
+LSM_PLAIN_INT_HOOK(int, 0, secmark_relabel_packet, u32 secid)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, secmark_refcount_inc, void)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, secmark_refcount_dec, void)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, req_classify_flow, const struct request_sock *req,
+		    struct flowi_common *flic)
+LSM_PLAIN_INT_HOOK(int, 0, tun_dev_alloc_security, void **security)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, tun_dev_free_security, void *security)
+LSM_PLAIN_INT_HOOK(int, 0, tun_dev_create, void)
+LSM_PLAIN_INT_HOOK(int, 0, tun_dev_attach_queue, void *security)
+LSM_PLAIN_INT_HOOK(int, 0, tun_dev_attach, struct sock *sk, void *security)
+LSM_PLAIN_INT_HOOK(int, 0, tun_dev_open, void *security)
+LSM_PLAIN_INT_HOOK(int, 0, sctp_assoc_request, struct sctp_association *asoc,
+		   struct sk_buff *skb)
+LSM_PLAIN_INT_HOOK(int, 0, sctp_bind_connect, struct sock *sk, int optname,
+		   struct sockaddr *address, int addrlen)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sctp_sk_clone, struct sctp_association *asoc,
+		    struct sock *sk, struct sock *newsk)
+LSM_PLAIN_INT_HOOK(int, 0, sctp_assoc_established, struct sctp_association *asoc,
+		   struct sk_buff *skb)
+LSM_PLAIN_INT_HOOK(int, 0, mptcp_add_subflow, struct sock *sk, struct sock *ssk)
 #endif /* CONFIG_SECURITY_NETWORK */
 
 #ifdef CONFIG_SECURITY_INFINIBAND
-LSM_HOOK(int, 0, ib_pkey_access, void *sec, u64 subnet_prefix, u16 pkey)
-LSM_HOOK(int, 0, ib_endport_manage_subnet, void *sec, const char *dev_name,
-	 u8 port_num)
-LSM_HOOK(int, 0, ib_alloc_security, void **sec)
-LSM_HOOK(void, LSM_RET_VOID, ib_free_security, void *sec)
+LSM_PLAIN_INT_HOOK(int, 0, ib_pkey_access, void *sec, u64 subnet_prefix, u16 pkey)
+LSM_PLAIN_INT_HOOK(int, 0, ib_endport_manage_subnet, void *sec, const char *dev_name,
+		   u8 port_num)
+LSM_PLAIN_INT_HOOK(int, 0, ib_alloc_security, void **sec)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, ib_free_security, void *sec)
 #endif /* CONFIG_SECURITY_INFINIBAND */
 
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
-LSM_HOOK(int, 0, xfrm_policy_alloc_security, struct xfrm_sec_ctx **ctxp,
-	 struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp)
-LSM_HOOK(int, 0, xfrm_policy_clone_security, struct xfrm_sec_ctx *old_ctx,
-	 struct xfrm_sec_ctx **new_ctx)
-LSM_HOOK(void, LSM_RET_VOID, xfrm_policy_free_security,
-	 struct xfrm_sec_ctx *ctx)
-LSM_HOOK(int, 0, xfrm_policy_delete_security, struct xfrm_sec_ctx *ctx)
-LSM_HOOK(int, 0, xfrm_state_alloc, struct xfrm_state *x,
-	 struct xfrm_user_sec_ctx *sec_ctx)
-LSM_HOOK(int, 0, xfrm_state_alloc_acquire, struct xfrm_state *x,
-	 struct xfrm_sec_ctx *polsec, u32 secid)
-LSM_HOOK(void, LSM_RET_VOID, xfrm_state_free_security, struct xfrm_state *x)
-LSM_HOOK(int, 0, xfrm_state_delete_security, struct xfrm_state *x)
-LSM_HOOK(int, 0, xfrm_policy_lookup, struct xfrm_sec_ctx *ctx, u32 fl_secid)
-LSM_HOOK(int, 1, xfrm_state_pol_flow_match, struct xfrm_state *x,
-	 struct xfrm_policy *xp, const struct flowi_common *flic)
-LSM_HOOK(int, 0, xfrm_decode_session, struct sk_buff *skb, u32 *secid,
-	 int ckall)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_policy_alloc_security, struct xfrm_sec_ctx **ctxp,
+		   struct xfrm_user_sec_ctx *sec_ctx, gfp_t gfp)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_policy_clone_security, struct xfrm_sec_ctx *old_ctx,
+		   struct xfrm_sec_ctx **new_ctx)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, xfrm_policy_free_security,
+		    struct xfrm_sec_ctx *ctx)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_policy_delete_security, struct xfrm_sec_ctx *ctx)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_state_alloc, struct xfrm_state *x,
+		   struct xfrm_user_sec_ctx *sec_ctx)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_state_alloc_acquire, struct xfrm_state *x,
+		   struct xfrm_sec_ctx *polsec, u32 secid)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, xfrm_state_free_security, struct xfrm_state *x)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_state_delete_security, struct xfrm_state *x)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_policy_lookup, struct xfrm_sec_ctx *ctx, u32 fl_secid)
+LSM_SPECIAL_INT_HOOK(int, 1, xfrm_state_pol_flow_match, struct xfrm_state *x,
+		     struct xfrm_policy *xp, const struct flowi_common *flic)
+LSM_PLAIN_INT_HOOK(int, 0, xfrm_decode_session, struct sk_buff *skb, u32 *secid,
+		   int ckall)
 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
 
 /* key management security hooks */
 #ifdef CONFIG_KEYS
-LSM_HOOK(int, 0, key_alloc, struct key *key, const struct cred *cred,
-	 unsigned long flags)
-LSM_HOOK(void, LSM_RET_VOID, key_free, struct key *key)
-LSM_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,
-	 enum key_need_perm need_perm)
-LSM_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer)
+LSM_PLAIN_INT_HOOK(int, 0, key_alloc, struct key *key, const struct cred *cred,
+		   unsigned long flags)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, key_free, struct key *key)
+LSM_PLAIN_INT_HOOK(int, 0, key_permission, key_ref_t key_ref, const struct cred *cred,
+		   enum key_need_perm need_perm)
+LSM_CUSTOM_INT_HOOK(int, 0, key_getsecurity, struct key *key, char **buffer)
 #endif /* CONFIG_KEYS */
 
 #ifdef CONFIG_AUDIT
-LSM_HOOK(int, 0, audit_rule_init, u32 field, u32 op, char *rulestr,
-	 void **lsmrule)
-LSM_HOOK(int, 0, audit_rule_known, struct audit_krule *krule)
-LSM_HOOK(int, 0, audit_rule_match, u32 secid, u32 field, u32 op, void *lsmrule)
-LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule)
+LSM_PLAIN_INT_HOOK(int, 0, audit_rule_init, u32 field, u32 op, char *rulestr,
+		   void **lsmrule)
+LSM_PLAIN_INT_HOOK(int, 0, audit_rule_known, struct audit_krule *krule)
+LSM_PLAIN_INT_HOOK(int, 0, audit_rule_match, u32 secid, u32 field, u32 op, void *lsmrule)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule)
 #endif /* CONFIG_AUDIT */
 
 #ifdef CONFIG_BPF_SYSCALL
-LSM_HOOK(int, 0, bpf, int cmd, union bpf_attr *attr, unsigned int size)
-LSM_HOOK(int, 0, bpf_map, struct bpf_map *map, fmode_t fmode)
-LSM_HOOK(int, 0, bpf_prog, struct bpf_prog *prog)
-LSM_HOOK(int, 0, bpf_map_alloc_security, struct bpf_map *map)
-LSM_HOOK(void, LSM_RET_VOID, bpf_map_free_security, struct bpf_map *map)
-LSM_HOOK(int, 0, bpf_prog_alloc_security, struct bpf_prog_aux *aux)
-LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux)
+LSM_PLAIN_INT_HOOK(int, 0, bpf, int cmd, union bpf_attr *attr, unsigned int size)
+LSM_PLAIN_INT_HOOK(int, 0, bpf_map, struct bpf_map *map, fmode_t fmode)
+LSM_PLAIN_INT_HOOK(int, 0, bpf_prog, struct bpf_prog *prog)
+LSM_PLAIN_INT_HOOK(int, 0, bpf_map_alloc_security, struct bpf_map *map)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, bpf_map_free_security, struct bpf_map *map)
+LSM_PLAIN_INT_HOOK(int, 0, bpf_prog_alloc_security, struct bpf_prog_aux *aux)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux)
 #endif /* CONFIG_BPF_SYSCALL */
 
-LSM_HOOK(int, 0, locked_down, enum lockdown_reason what)
+LSM_PLAIN_INT_HOOK(int, 0, locked_down, enum lockdown_reason what)
 
 #ifdef CONFIG_PERF_EVENTS
-LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type)
-LSM_HOOK(int, 0, perf_event_alloc, struct perf_event *event)
-LSM_HOOK(void, LSM_RET_VOID, perf_event_free, struct perf_event *event)
-LSM_HOOK(int, 0, perf_event_read, struct perf_event *event)
-LSM_HOOK(int, 0, perf_event_write, struct perf_event *event)
+LSM_PLAIN_INT_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type)
+LSM_PLAIN_INT_HOOK(int, 0, perf_event_alloc, struct perf_event *event)
+LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, perf_event_free, struct perf_event *event)
+LSM_PLAIN_INT_HOOK(int, 0, perf_event_read, struct perf_event *event)
+LSM_PLAIN_INT_HOOK(int, 0, perf_event_write, struct perf_event *event)
 #endif /* CONFIG_PERF_EVENTS */
 
 #ifdef CONFIG_IO_URING
-LSM_HOOK(int, 0, uring_override_creds, const struct cred *new)
-LSM_HOOK(int, 0, uring_sqpoll, void)
-LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd)
+LSM_PLAIN_INT_HOOK(int, 0, uring_override_creds, const struct cred *new)
+LSM_PLAIN_INT_HOOK(int, 0, uring_sqpoll, void)
+LSM_PLAIN_INT_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd)
 #endif /* CONFIG_IO_URING */
 
+#undef LSM_SPECIAL_INT_HOOK
+#undef LSM_CUSTOM_INT_HOOK
+#undef LSM_PLAIN_INT_HOOK
+#undef LSM_SPECIAL_VOID_HOOK
+#undef LSM_CUSTOM_VOID_HOOK
+#undef LSM_PLAIN_VOID_HOOK
 #undef LSM_HOOK
-- 
2.34.1

[PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.

[Tetsuo Handa]

TOMOYO security module will use this functionality.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 include/linux/lsm_hooks.h |   9 +
 security/Makefile         |   2 +-
 security/mod_lsm.c        | 321 ++++++++++++++++
 security/security.c       | 752 ++------------------------------------
 4 files changed, 359 insertions(+), 725 deletions(-)
 create mode 100644 security/mod_lsm.c

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 4ba1aedc7901..2166ff6541aa 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -137,4 +137,13 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
 
 extern int lsm_inode_alloc(struct inode *inode);
 
+/* Definition of all modular callbacks. */
+struct security_hook_mappings {
+#define LSM_HOOK(RET, DEFAULT, NAME, ...)	\
+	RET (*NAME)(__VA_ARGS__);
+#include <linux/lsm_hook_defs.h>
+} /* __randomize_layout is useless here, for this is a "const __initdata" struct. */;
+
+extern int mod_lsm_add_hooks(const struct security_hook_mappings *maps);
+
 #endif /* ! __LINUX_LSM_HOOKS_H */
diff --git a/security/Makefile b/security/Makefile
index 18121f8f85cd..a611350e9da4 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -10,7 +10,7 @@ obj-y					+= commoncap.o
 obj-$(CONFIG_MMU)			+= min_addr.o
 
 # Object file lists
-obj-$(CONFIG_SECURITY)			+= security.o
+obj-$(CONFIG_SECURITY)			+= security.o mod_lsm.o
 obj-$(CONFIG_SECURITYFS)		+= inode.o
 obj-$(CONFIG_SECURITY_SELINUX)		+= selinux/
 obj-$(CONFIG_SECURITY_SMACK)		+= smack/
diff --git a/security/mod_lsm.c b/security/mod_lsm.c
new file mode 100644
index 000000000000..074a73326fc7
--- /dev/null
+++ b/security/mod_lsm.c
@@ -0,0 +1,321 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+#include <linux/lsm_hooks.h>
+
+extern int mod_lsm_add_hooks(const struct security_hook_mappings *maps);
+
+/* List of registered modular callbacks. */
+static struct {
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME;
+#include <linux/lsm_hook_defs.h>
+} mod_lsm_dynamic_hooks;
+
+#define LSM_RET_DEFAULT(NAME) (NAME##_default)
+#define DECLARE_LSM_RET_DEFAULT_void(DEFAULT, NAME)
+#define DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME) \
+	static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT);
+
+#define call_void_hook(FUNC, ...)				\
+	do {							\
+		struct security_hook_list *P;			\
+								\
+		hlist_for_each_entry(P, &mod_lsm_dynamic_hooks.FUNC, list) \
+			P->hook.FUNC(__VA_ARGS__);		\
+	} while (0)
+
+#define call_int_hook(FUNC, IRC, ...) ({			\
+	int RC = IRC;						\
+	do {							\
+		struct security_hook_list *P;			\
+								\
+		hlist_for_each_entry(P, &mod_lsm_dynamic_hooks.FUNC, list) { \
+			RC = P->hook.FUNC(__VA_ARGS__);		\
+			if (RC != 0)				\
+				break;				\
+		}						\
+	} while (0);						\
+	RC;							\
+})
+
+#include <linux/lsm_hook_args.h>
+#define LSM_PLAIN_INT_HOOK(RET, DEFAULT, NAME, ...)			\
+	static int mod_lsm_##NAME(__VA_ARGS__)				\
+	{								\
+		struct security_hook_list *P;				\
+									\
+		hlist_for_each_entry(P, &mod_lsm_dynamic_hooks.NAME, list) { \
+			int RC = P->hook.NAME(LSM_CALL_ARGS_##NAME);	\
+									\
+			if (RC != DEFAULT)				\
+				return RC;				\
+		}							\
+		return DEFAULT;						\
+	}
+#define LSM_CUSTOM_INT_HOOK LSM_PLAIN_INT_HOOK
+#define LSM_SPECIAL_INT_HOOK(RET, DEFAULT, NAME, ...) DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME)
+#define LSM_PLAIN_VOID_HOOK(RET, DEFAULT, NAME, ...)			\
+	static void mod_lsm_##NAME(__VA_ARGS__)				\
+	{								\
+		struct security_hook_list *P;				\
+									\
+		hlist_for_each_entry(P, &mod_lsm_dynamic_hooks.NAME, list) \
+			P->hook.NAME(LSM_CALL_ARGS_##NAME);		\
+	}
+#define LSM_CUSTOM_VOID_HOOK(RET, DEFAULT, NAME, ...)
+#define LSM_SPECIAL_VOID_HOOK(RET, DEFAULT, NAME, ...) DECLARE_LSM_RET_DEFAULT_void(DEFAULT, NAME)
+#include <linux/lsm_hook_defs.h>
+
+static int mod_lsm_settime(const struct timespec64 *ts, const struct timezone *tz)
+{
+	return call_int_hook(settime, 0, ts, tz);
+}
+
+static int mod_lsm_vm_enough_memory(struct mm_struct *mm, long pages)
+{
+	struct security_hook_list *hp;
+	int cap_sys_admin = 1;
+	int rc;
+
+	hlist_for_each_entry(hp, &mod_lsm_dynamic_hooks.vm_enough_memory, list) {
+		rc = hp->hook.vm_enough_memory(mm, pages);
+		if (rc <= 0) {
+			cap_sys_admin = 0;
+			break;
+		}
+	}
+	return cap_sys_admin;
+}
+
+static int mod_lsm_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param)
+{
+	struct security_hook_list *hp;
+	int trc;
+	int rc = -ENOPARAM;
+
+	hlist_for_each_entry(hp, &mod_lsm_dynamic_hooks.fs_context_parse_param, list) {
+		trc = hp->hook.fs_context_parse_param(fc, param);
+		if (trc == 0)
+			rc = 0;
+		else if (trc != -ENOPARAM)
+			return trc;
+	}
+	return rc;
+}
+
+static int mod_lsm_inode_init_security(struct inode *inode, struct inode *dir,
+				       const struct qstr *qstr, struct xattr *xattrs,
+				       int *xattr_count)
+{
+	struct security_hook_list *hp;
+	int ret = -EOPNOTSUPP;
+
+	hlist_for_each_entry(hp, &mod_lsm_dynamic_hooks.inode_init_security, list) {
+		ret = hp->hook.inode_init_security(inode, dir, qstr, xattrs, xattr_count);
+		if (ret && ret != -EOPNOTSUPP)
+			return ret;
+	}
+	return ret;
+}
+
+static void mod_lsm_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value,
+					size_t size, int flags)
+{
+	call_void_hook(inode_post_setxattr, dentry, name, value, size, flags);
+}
+
+static void mod_lsm_task_free(struct task_struct *task)
+{
+	call_void_hook(task_free, task);
+}
+
+static void mod_lsm_cred_free(struct cred *cred)
+{
+	call_void_hook(cred_free, cred);
+}
+
+static void mod_lsm_cred_transfer(struct cred *new, const struct cred *old)
+{
+	call_void_hook(cred_transfer, new, old);
+}
+
+static void mod_lsm_cred_getsecid(const struct cred *c, u32 *secid)
+{
+	call_void_hook(cred_getsecid, c, secid);
+}
+
+static void mod_lsm_current_getsecid_subj(u32 *secid)
+{
+	call_void_hook(current_getsecid_subj, secid);
+}
+
+static void mod_lsm_task_getsecid_obj(struct task_struct *p, u32 *secid)
+{
+	call_void_hook(task_getsecid_obj, p, secid);
+}
+
+static int mod_lsm_task_prctl(int option, unsigned long arg2, unsigned long arg3,
+			      unsigned long arg4, unsigned long arg5)
+{
+	int thisrc;
+	int rc = LSM_RET_DEFAULT(task_prctl);
+	struct security_hook_list *hp;
+
+	hlist_for_each_entry(hp, &mod_lsm_dynamic_hooks.task_prctl, list) {
+		thisrc = hp->hook.task_prctl(option, arg2, arg3, arg4, arg5);
+		if (thisrc != LSM_RET_DEFAULT(task_prctl)) {
+			rc = thisrc;
+			if (thisrc != 0)
+				break;
+		}
+	}
+	return rc;
+}
+
+static int mod_lsm_userns_create(const struct cred *cred)
+{
+	return call_int_hook(userns_create, 0, cred);
+}
+
+static void mod_lsm_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
+{
+	call_void_hook(ipc_getsecid, ipcp, secid);
+}
+
+
+static void mod_lsm_d_instantiate(struct dentry *dentry, struct inode *inode)
+{
+	call_void_hook(d_instantiate, dentry, inode);
+}
+
+static int mod_lsm_getprocattr(struct task_struct *p, const char *name, char **value)
+{
+	/* Can't work because "lsm" argument is not available. */
+	return LSM_RET_DEFAULT(getprocattr);
+}
+
+static int mod_lsm_setprocattr(const char *name, void *value, size_t size)
+{
+	/* Can't work because "lsm" argument is not available. */
+	return LSM_RET_DEFAULT(setprocattr);
+}
+
+static void mod_lsm_release_secctx(char *secdata, u32 seclen)
+{
+	call_void_hook(release_secctx, secdata, seclen);
+}
+
+static void mod_lsm_inode_invalidate_secctx(struct inode *inode)
+{
+	call_void_hook(inode_invalidate_secctx, inode);
+}
+
+static int mod_lsm_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
+{
+	return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen);
+}
+
+#ifdef CONFIG_SECURITY_NETWORK
+static int mod_lsm_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
+{
+	return call_int_hook(socket_sock_rcv_skb, 0, sk, skb);
+}
+
+static int mod_lsm_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
+					    sockptr_t optlen, unsigned int len)
+{
+	return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, optval, optlen, len);
+}
+
+static int mod_lsm_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
+{
+	return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, skb, secid);
+}
+
+static int mod_lsm_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
+{
+	return call_int_hook(sk_alloc_security, 0, sk, family, priority);
+}
+
+static void mod_lsm_sk_free_security(struct sock *sk)
+{
+	call_void_hook(sk_free_security, sk);
+}
+
+static void mod_lsm_sk_clone_security(const struct sock *sk, struct sock *newsk)
+{
+	call_void_hook(sk_clone_security, sk, newsk);
+}
+#endif
+
+#ifdef CONFIG_SECURITY_NETWORK_XFRM
+static int mod_lsm_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp,
+					     const struct flowi_common *flic)
+{
+	struct security_hook_list *hp;
+	int rc = LSM_RET_DEFAULT(xfrm_state_pol_flow_match);
+
+	hlist_for_each_entry(hp, &mod_lsm_dynamic_hooks.xfrm_state_pol_flow_match, list) {
+		rc = hp->hook.xfrm_state_pol_flow_match(x, xp, flic);
+		break;
+	}
+	return rc;
+}
+#endif
+
+/* Initialize all built-in callbacks here. */
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) LSM_HOOK_INIT(NAME, mod_lsm_##NAME),
+static struct security_hook_list mod_lsm_builtin_hooks[] __ro_after_init = {
+#include <linux/lsm_hook_defs.h>
+};
+
+static int mod_lsm_enabled __ro_after_init = 1;
+static struct lsm_blob_sizes mod_lsm_blob_sizes __ro_after_init = { };
+
+static int __init mod_lsm_init(void)
+{
+	/* Initialize modular callbacks list. */
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) INIT_HLIST_HEAD(&mod_lsm_dynamic_hooks.NAME);
+#include <linux/lsm_hook_defs.h>
+	/* Register built-in callbacks. */
+	security_add_hooks(mod_lsm_builtin_hooks, ARRAY_SIZE(mod_lsm_builtin_hooks), "mod_lsm");
+	return 0;
+}
+
+DEFINE_LSM(mod_lsm) = {
+	.name = "mod_lsm",
+	.enabled = &mod_lsm_enabled,
+	.flags = 0,
+	.blobs = &mod_lsm_blob_sizes,
+	.init = mod_lsm_init,
+};
+
+/* The only exported function for registering modular callbacks. */
+int mod_lsm_add_hooks(const struct security_hook_mappings *maps)
+{
+	struct security_hook_list *entry;
+	int count = 0;
+
+	if (!mod_lsm_enabled) {
+		pr_info_once("Loadable LSM support is not enabled.\n");
+		return -EOPNOTSUPP;
+	}
+
+	/* Count how meny callbacks are implemented. */
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) do { if (maps->NAME) count++; } while (0);
+#include <linux/lsm_hook_defs.h>
+	if (!count)
+		return -EINVAL;
+	/* Allocate memory for registering implemented callbacks. */
+	entry = kmalloc_array(count, sizeof(struct security_hook_list), GFP_KERNEL);
+	if (!entry)
+		return -ENOMEM;
+	/* Registering imdividual callbacks. */
+	count = 0;
+#define LSM_HOOK(RET, DEFAULT, NAME, ...) do { if (maps->NAME) {	\
+			entry[count].hook.NAME = maps->NAME;		\
+			hlist_add_tail_rcu(&entry[count].list, &mod_lsm_dynamic_hooks.NAME); \
+			count++;					\
+		} } while (0);
+#include <linux/lsm_hook_defs.h>
+	return 0;
+}
+EXPORT_SYMBOL_GPL(mod_lsm_add_hooks);
diff --git a/security/security.c b/security/security.c
index d35d50b218c6..b455bfa62afc 100644
--- a/security/security.c
+++ b/security/security.c
@@ -746,9 +746,6 @@ static int lsm_superblock_alloc(struct super_block *sb)
 #define DECLARE_LSM_RET_DEFAULT_void(DEFAULT, NAME)
 #define DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME) \
 	static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT);
-#define LSM_HOOK(RET, DEFAULT, NAME, ...) \
-	DECLARE_LSM_RET_DEFAULT_##RET(DEFAULT, NAME)
-#include <linux/lsm_hook_defs.h>
 
 /*
  * Hook list operation macros.
@@ -782,6 +779,34 @@ static int lsm_superblock_alloc(struct super_block *sb)
 	RC;							\
 })
 
+#include <linux/lsm_hook_args.h>
+#define LSM_PLAIN_INT_HOOK(RET, DEFAULT, NAME, ...)			\
+	int security_##NAME(__VA_ARGS__)				\
+	{								\
+		struct security_hook_list *P;				\
+									\
+		hlist_for_each_entry(P, &security_hook_heads.NAME, list) { \
+			int RC = P->hook.NAME(LSM_CALL_ARGS_##NAME);	\
+									\
+			if (RC != DEFAULT)				\
+				return RC;				\
+		}							\
+		return DEFAULT;						\
+	}
+#define LSM_CUSTOM_INT_HOOK(RET, DEFAULT, NAME, ...) DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME)
+#define LSM_SPECIAL_INT_HOOK(RET, DEFAULT, NAME, ...) DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME)
+#define LSM_PLAIN_VOID_HOOK(RET, DEFAULT, NAME, ...)			\
+	void security_##NAME(__VA_ARGS__)				\
+	{								\
+		struct security_hook_list *P;				\
+									\
+		hlist_for_each_entry(P, &security_hook_heads.NAME, list) \
+			P->hook.NAME(LSM_CALL_ARGS_##NAME);		\
+	}
+#define LSM_CUSTOM_VOID_HOOK(RET, DEFAULT, NAME, ...)
+#define LSM_SPECIAL_VOID_HOOK(RET, DEFAULT, NAME, ...)
+#include <linux/lsm_hook_defs.h>
+
 /* Security operations */
 
 /**
@@ -792,10 +817,6 @@ static int lsm_superblock_alloc(struct super_block *sb)
  *
  * Return: Return 0 if permission is granted.
  */
-int security_binder_set_context_mgr(const struct cred *mgr)
-{
-	return call_int_hook(binder_set_context_mgr, 0, mgr);
-}
 
 /**
  * security_binder_transaction() - Check if a binder transaction is allowed
@@ -806,11 +827,6 @@ int security_binder_set_context_mgr(const struct cred *mgr)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_binder_transaction(const struct cred *from,
-				const struct cred *to)
-{
-	return call_int_hook(binder_transaction, 0, from, to);
-}
 
 /**
  * security_binder_transfer_binder() - Check if a binder transfer is allowed
@@ -821,11 +837,6 @@ int security_binder_transaction(const struct cred *from,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_binder_transfer_binder(const struct cred *from,
-				    const struct cred *to)
-{
-	return call_int_hook(binder_transfer_binder, 0, from, to);
-}
 
 /**
  * security_binder_transfer_file() - Check if a binder file xfer is allowed
@@ -837,11 +848,6 @@ int security_binder_transfer_binder(const struct cred *from,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_binder_transfer_file(const struct cred *from,
-				  const struct cred *to, const struct file *file)
-{
-	return call_int_hook(binder_transfer_file, 0, from, to, file);
-}
 
 /**
  * security_ptrace_access_check() - Check if tracing is allowed
@@ -857,10 +863,6 @@ int security_binder_transfer_file(const struct cred *from,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
-{
-	return call_int_hook(ptrace_access_check, 0, child, mode);
-}
 
 /**
  * security_ptrace_traceme() - Check if tracing is allowed
@@ -872,10 +874,6 @@ int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_ptrace_traceme(struct task_struct *parent)
-{
-	return call_int_hook(ptrace_traceme, 0, parent);
-}
 
 /**
  * security_capget() - Get the capability sets for a process
@@ -891,14 +889,6 @@ int security_ptrace_traceme(struct task_struct *parent)
  *
  * Return: Returns 0 if the capability sets were successfully obtained.
  */
-int security_capget(const struct task_struct *target,
-		    kernel_cap_t *effective,
-		    kernel_cap_t *inheritable,
-		    kernel_cap_t *permitted)
-{
-	return call_int_hook(capget, 0, target,
-			     effective, inheritable, permitted);
-}
 
 /**
  * security_capset() - Set the capability sets for a process
@@ -913,14 +903,6 @@ int security_capget(const struct task_struct *target,
  *
  * Return: Returns 0 and update @new if permission is granted.
  */
-int security_capset(struct cred *new, const struct cred *old,
-		    const kernel_cap_t *effective,
-		    const kernel_cap_t *inheritable,
-		    const kernel_cap_t *permitted)
-{
-	return call_int_hook(capset, 0, new, old,
-			     effective, inheritable, permitted);
-}
 
 /**
  * security_capable() - Check if a process has the necessary capability
@@ -935,13 +917,6 @@ int security_capset(struct cred *new, const struct cred *old,
  *
  * Return: Returns 0 if the capability is granted.
  */
-int security_capable(const struct cred *cred,
-		     struct user_namespace *ns,
-		     int cap,
-		     unsigned int opts)
-{
-	return call_int_hook(capable, 0, cred, ns, cap, opts);
-}
 
 /**
  * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
@@ -954,10 +929,6 @@ int security_capable(const struct cred *cred,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
-{
-	return call_int_hook(quotactl, 0, cmds, type, id, sb);
-}
 
 /**
  * security_quota_on() - Check if QUOTAON is allowed for a dentry
@@ -967,10 +938,6 @@ int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_quota_on(struct dentry *dentry)
-{
-	return call_int_hook(quota_on, 0, dentry);
-}
 
 /**
  * security_syslog() - Check if accessing the kernel message ring is allowed
@@ -982,10 +949,6 @@ int security_quota_on(struct dentry *dentry)
  *
  * Return: Return 0 if permission is granted.
  */
-int security_syslog(int type)
-{
-	return call_int_hook(syslog, 0, type);
-}
 
 /**
  * security_settime64() - Check if changing the system time is allowed
@@ -1052,10 +1015,6 @@ int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
  *
  * Return: Returns 0 if the hook is successful and permission is granted.
  */
-int security_bprm_creds_for_exec(struct linux_binprm *bprm)
-{
-	return call_int_hook(bprm_creds_for_exec, 0, bprm);
-}
 
 /**
  * security_bprm_creds_from_file() - Update linux_binprm creds based on file
@@ -1076,10 +1035,6 @@ int security_bprm_creds_for_exec(struct linux_binprm *bprm)
  *
  * Return: Returns 0 if the hook is successful and permission is granted.
  */
-int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file)
-{
-	return call_int_hook(bprm_creds_from_file, 0, bprm, file);
-}
 
 /**
  * security_bprm_check() - Mediate binary handler search
@@ -1115,10 +1070,6 @@ int security_bprm_check(struct linux_binprm *bprm)
  * open file descriptors to which access will no longer be granted when the
  * attributes are changed.  This is called immediately before commit_creds().
  */
-void security_bprm_committing_creds(const struct linux_binprm *bprm)
-{
-	call_void_hook(bprm_committing_creds, bprm);
-}
 
 /**
  * security_bprm_committed_creds() - Tidy up after cred install during exec()
@@ -1131,10 +1082,6 @@ void security_bprm_committing_creds(const struct linux_binprm *bprm)
  * process such as clearing out non-inheritable signal state.  This is called
  * immediately after commit_creds().
  */
-void security_bprm_committed_creds(const struct linux_binprm *bprm)
-{
-	call_void_hook(bprm_committed_creds, bprm);
-}
 
 /**
  * security_fs_context_submount() - Initialise fc->security
@@ -1145,10 +1092,6 @@ void security_bprm_committed_creds(const struct linux_binprm *bprm)
  *
  * Return: Returns 0 on success or negative error code on failure.
  */
-int security_fs_context_submount(struct fs_context *fc, struct super_block *reference)
-{
-	return call_int_hook(fs_context_submount, 0, fc, reference);
-}
 
 /**
  * security_fs_context_dup() - Duplicate a fs_context LSM blob
@@ -1161,10 +1104,6 @@ int security_fs_context_submount(struct fs_context *fc, struct super_block *refe
  *
  * Return: Returns 0 on success or a negative error code on failure.
  */
-int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc)
-{
-	return call_int_hook(fs_context_dup, 0, fc, src_fc);
-}
 
 /**
  * security_fs_context_parse_param() - Configure a filesystem context
@@ -1225,10 +1164,6 @@ int security_sb_alloc(struct super_block *sb)
  * Release objects tied to a superblock (e.g. inodes).  @sb contains the
  * super_block structure being released.
  */
-void security_sb_delete(struct super_block *sb)
-{
-	call_void_hook(sb_delete, sb);
-}
 
 /**
  * security_sb_free() - Free a super_block LSM blob
@@ -1268,10 +1203,6 @@ EXPORT_SYMBOL(security_free_mnt_opts);
  *
  * Return: Returns 0 on success, negative values on failure.
  */
-int security_sb_eat_lsm_opts(char *options, void **mnt_opts)
-{
-	return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts);
-}
 EXPORT_SYMBOL(security_sb_eat_lsm_opts);
 
 /**
@@ -1284,11 +1215,6 @@ EXPORT_SYMBOL(security_sb_eat_lsm_opts);
  *
  * Return: Returns 0 if options are compatible.
  */
-int security_sb_mnt_opts_compat(struct super_block *sb,
-				void *mnt_opts)
-{
-	return call_int_hook(sb_mnt_opts_compat, 0, sb, mnt_opts);
-}
 EXPORT_SYMBOL(security_sb_mnt_opts_compat);
 
 /**
@@ -1301,11 +1227,6 @@ EXPORT_SYMBOL(security_sb_mnt_opts_compat);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sb_remount(struct super_block *sb,
-			void *mnt_opts)
-{
-	return call_int_hook(sb_remount, 0, sb, mnt_opts);
-}
 EXPORT_SYMBOL(security_sb_remount);
 
 /**
@@ -1316,10 +1237,6 @@ EXPORT_SYMBOL(security_sb_remount);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sb_kern_mount(const struct super_block *sb)
-{
-	return call_int_hook(sb_kern_mount, 0, sb);
-}
 
 /**
  * security_sb_show_options() - Output the mount options for a superblock
@@ -1330,10 +1247,6 @@ int security_sb_kern_mount(const struct super_block *sb)
  *
  * Return: Returns 0 on success, negative values on failure.
  */
-int security_sb_show_options(struct seq_file *m, struct super_block *sb)
-{
-	return call_int_hook(sb_show_options, 0, m, sb);
-}
 
 /**
  * security_sb_statfs() - Check if accessing fs stats is allowed
@@ -1344,10 +1257,6 @@ int security_sb_show_options(struct seq_file *m, struct super_block *sb)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sb_statfs(struct dentry *dentry)
-{
-	return call_int_hook(sb_statfs, 0, dentry);
-}
 
 /**
  * security_sb_mount() - Check permission for mounting a filesystem
@@ -1366,11 +1275,6 @@ int security_sb_statfs(struct dentry *dentry)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sb_mount(const char *dev_name, const struct path *path,
-		      const char *type, unsigned long flags, void *data)
-{
-	return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
-}
 
 /**
  * security_sb_umount() - Check permission for unmounting a filesystem
@@ -1381,10 +1285,6 @@ int security_sb_mount(const char *dev_name, const struct path *path,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sb_umount(struct vfsmount *mnt, int flags)
-{
-	return call_int_hook(sb_umount, 0, mnt, flags);
-}
 
 /**
  * security_sb_pivotroot() - Check permissions for pivoting the rootfs
@@ -1395,11 +1295,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sb_pivotroot(const struct path *old_path,
-			  const struct path *new_path)
-{
-	return call_int_hook(sb_pivotroot, 0, old_path, new_path);
-}
 
 /**
  * security_sb_set_mnt_opts() - Set the mount options for a filesystem
@@ -1434,14 +1329,6 @@ EXPORT_SYMBOL(security_sb_set_mnt_opts);
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_sb_clone_mnt_opts(const struct super_block *oldsb,
-			       struct super_block *newsb,
-			       unsigned long kern_flags,
-			       unsigned long *set_kern_flags)
-{
-	return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb,
-			     kern_flags, set_kern_flags);
-}
 EXPORT_SYMBOL(security_sb_clone_mnt_opts);
 
 /**
@@ -1453,11 +1340,6 @@ EXPORT_SYMBOL(security_sb_clone_mnt_opts);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_move_mount(const struct path *from_path,
-			const struct path *to_path)
-{
-	return call_int_hook(move_mount, 0, from_path, to_path);
-}
 
 /**
  * security_path_notify() - Check if setting a watch is allowed
@@ -1470,11 +1352,6 @@ int security_move_mount(const struct path *from_path,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_path_notify(const struct path *path, u64 mask,
-			 unsigned int obj_type)
-{
-	return call_int_hook(path_notify, 0, path, mask, obj_type);
-}
 
 /**
  * security_inode_alloc() - Allocate an inode LSM blob
@@ -1545,26 +1422,6 @@ void security_inode_free(struct inode *inode)
  *
  * Return: Returns 0 on success, negative values on failure.
  */
-int security_dentry_init_security(struct dentry *dentry, int mode,
-				  const struct qstr *name,
-				  const char **xattr_name, void **ctx,
-				  u32 *ctxlen)
-{
-	struct security_hook_list *hp;
-	int rc;
-
-	/*
-	 * Only one module will provide a security context.
-	 */
-	hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security,
-			     list) {
-		rc = hp->hook.dentry_init_security(dentry, mode, name,
-						   xattr_name, ctx, ctxlen);
-		if (rc != LSM_RET_DEFAULT(dentry_init_security))
-			return rc;
-	}
-	return LSM_RET_DEFAULT(dentry_init_security);
-}
 EXPORT_SYMBOL(security_dentry_init_security);
 
 /**
@@ -1582,13 +1439,6 @@ EXPORT_SYMBOL(security_dentry_init_security);
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_dentry_create_files_as(struct dentry *dentry, int mode,
-				    struct qstr *name,
-				    const struct cred *old, struct cred *new)
-{
-	return call_int_hook(dentry_create_files_as, 0, dentry, mode,
-			     name, old, new);
-}
 EXPORT_SYMBOL(security_dentry_create_files_as);
 
 /**
@@ -1683,13 +1533,6 @@ EXPORT_SYMBOL(security_inode_init_security);
  * Return: Returns 0 on success, -EACCES if the security module denies the
  * creation of this inode, or another -errno upon other errors.
  */
-int security_inode_init_security_anon(struct inode *inode,
-				      const struct qstr *name,
-				      const struct inode *context_inode)
-{
-	return call_int_hook(inode_init_security_anon, 0, inode, name,
-			     context_inode);
-}
 
 #ifdef CONFIG_SECURITY_PATH
 /**
@@ -1887,10 +1730,6 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_path_chroot(const struct path *path)
-{
-	return call_int_hook(path_chroot, 0, path);
-}
 #endif /* CONFIG_SECURITY_PATH */
 
 /**
@@ -2360,10 +2199,6 @@ int security_inode_removexattr(struct mnt_idmap *idmap,
  *         security_inode_killpriv() does not need to be called, return >0 if
  *         security_inode_killpriv() does need to be called.
  */
-int security_inode_need_killpriv(struct dentry *dentry)
-{
-	return call_int_hook(inode_need_killpriv, 0, dentry);
-}
 
 /**
  * security_inode_killpriv() - The setuid bit is removed, update LSM state
@@ -2376,11 +2211,6 @@ int security_inode_need_killpriv(struct dentry *dentry)
  * Return: Return 0 on success.  If error is returned, then the operation
  *         causing setuid bit removal is failed.
  */
-int security_inode_killpriv(struct mnt_idmap *idmap,
-			    struct dentry *dentry)
-{
-	return call_int_hook(inode_killpriv, 0, idmap, dentry);
-}
 
 /**
  * security_inode_getsecurity() - Get the xattr security label of an inode
@@ -2484,10 +2314,6 @@ EXPORT_SYMBOL(security_inode_listsecurity);
  * Get the secid associated with the node.  In case of failure, @secid will be
  * set to zero.
  */
-void security_inode_getsecid(struct inode *inode, u32 *secid)
-{
-	call_void_hook(inode_getsecid, inode, secid);
-}
 
 /**
  * security_inode_copy_up() - Create new creds for an overlayfs copy-up op
@@ -2501,10 +2327,6 @@ void security_inode_getsecid(struct inode *inode, u32 *secid)
  *
  * Return: Returns 0 on success or a negative error code on error.
  */
-int security_inode_copy_up(struct dentry *src, struct cred **new)
-{
-	return call_int_hook(inode_copy_up, 0, src, new);
-}
 EXPORT_SYMBOL(security_inode_copy_up);
 
 /**
@@ -2550,11 +2372,6 @@ EXPORT_SYMBOL(security_inode_copy_up_xattr);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_kernfs_init_security(struct kernfs_node *kn_dir,
-				  struct kernfs_node *kn)
-{
-	return call_int_hook(kernfs_init_security, 0, kn_dir, kn);
-}
 
 /**
  * security_file_permission() - Check file permissions
@@ -2639,10 +2456,6 @@ void security_file_free(struct file *file)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
-{
-	return call_int_hook(file_ioctl, 0, file, cmd, arg);
-}
 EXPORT_SYMBOL_GPL(security_file_ioctl);
 
 static inline unsigned long mmap_prot(struct file *file, unsigned long prot)
@@ -2709,10 +2522,6 @@ int security_mmap_file(struct file *file, unsigned long prot,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_mmap_addr(unsigned long addr)
-{
-	return call_int_hook(mmap_addr, 0, addr);
-}
 
 /**
  * security_file_mprotect() - Check if changing memory protections is allowed
@@ -2745,10 +2554,6 @@ int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_file_lock(struct file *file, unsigned int cmd)
-{
-	return call_int_hook(file_lock, 0, file, cmd);
-}
 
 /**
  * security_file_fcntl() - Check if fcntl() op is allowed
@@ -2764,10 +2569,6 @@ int security_file_lock(struct file *file, unsigned int cmd)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
-{
-	return call_int_hook(file_fcntl, 0, file, cmd, arg);
-}
 
 /**
  * security_file_set_fowner() - Set the file owner info in the LSM blob
@@ -2778,10 +2579,6 @@ int security_file_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
  *
  * Return: Returns 0 on success.
  */
-void security_file_set_fowner(struct file *file)
-{
-	call_void_hook(file_set_fowner, file);
-}
 
 /**
  * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
@@ -2797,11 +2594,6 @@ void security_file_set_fowner(struct file *file)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_file_send_sigiotask(struct task_struct *tsk,
-				 struct fown_struct *fown, int sig)
-{
-	return call_int_hook(file_send_sigiotask, 0, tsk, fown, sig);
-}
 
 /**
  * security_file_receive() - Check is receiving a file via IPC is allowed
@@ -2812,10 +2604,6 @@ int security_file_send_sigiotask(struct task_struct *tsk,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_file_receive(struct file *file)
-{
-	return call_int_hook(file_receive, 0, file);
-}
 
 /**
  * security_file_open() - Save open() time state for late use by the LSM
@@ -2847,10 +2635,6 @@ int security_file_open(struct file *file)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_file_truncate(struct file *file)
-{
-	return call_int_hook(file_truncate, 0, file);
-}
 
 /**
  * security_task_alloc() - Allocate a task's LSM blob
@@ -2992,10 +2776,6 @@ EXPORT_SYMBOL(security_cred_getsecid);
  *
  * Return: Returns 0 if successful.
  */
-int security_kernel_act_as(struct cred *new, u32 secid)
-{
-	return call_int_hook(kernel_act_as, 0, new, secid);
-}
 
 /**
  * security_kernel_create_files_as() - Set file creation context using an inode
@@ -3008,10 +2788,6 @@ int security_kernel_act_as(struct cred *new, u32 secid)
  *
  * Return: Returns 0 if successful.
  */
-int security_kernel_create_files_as(struct cred *new, struct inode *inode)
-{
-	return call_int_hook(kernel_create_files_as, 0, new, inode);
-}
 
 /**
  * security_kernel_module_request() - Check is loading a module is allowed
@@ -3141,11 +2917,6 @@ EXPORT_SYMBOL_GPL(security_kernel_post_load_data);
  *
  * Return: Returns 0 on success.
  */
-int security_task_fix_setuid(struct cred *new, const struct cred *old,
-			     int flags)
-{
-	return call_int_hook(task_fix_setuid, 0, new, old, flags);
-}
 
 /**
  * security_task_fix_setgid() - Update LSM with new group id attributes
@@ -3161,11 +2932,6 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old,
  *
  * Return: Returns 0 on success.
  */
-int security_task_fix_setgid(struct cred *new, const struct cred *old,
-			     int flags)
-{
-	return call_int_hook(task_fix_setgid, 0, new, old, flags);
-}
 
 /**
  * security_task_fix_setgroups() - Update LSM with new supplementary groups
@@ -3179,10 +2945,6 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old,
  *
  * Return: Returns 0 on success.
  */
-int security_task_fix_setgroups(struct cred *new, const struct cred *old)
-{
-	return call_int_hook(task_fix_setgroups, 0, new, old);
-}
 
 /**
  * security_task_setpgid() - Check if setting the pgid is allowed
@@ -3194,10 +2956,6 @@ int security_task_fix_setgroups(struct cred *new, const struct cred *old)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_setpgid(struct task_struct *p, pid_t pgid)
-{
-	return call_int_hook(task_setpgid, 0, p, pgid);
-}
 
 /**
  * security_task_getpgid() - Check if getting the pgid is allowed
@@ -3208,10 +2966,6 @@ int security_task_setpgid(struct task_struct *p, pid_t pgid)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_getpgid(struct task_struct *p)
-{
-	return call_int_hook(task_getpgid, 0, p);
-}
 
 /**
  * security_task_getsid() - Check if getting the session id is allowed
@@ -3221,10 +2975,6 @@ int security_task_getpgid(struct task_struct *p)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_getsid(struct task_struct *p)
-{
-	return call_int_hook(task_getsid, 0, p);
-}
 
 /**
  * security_current_getsecid_subj() - Get the current task's subjective secid
@@ -3264,10 +3014,6 @@ EXPORT_SYMBOL(security_task_getsecid_obj);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_setnice(struct task_struct *p, int nice)
-{
-	return call_int_hook(task_setnice, 0, p, nice);
-}
 
 /**
  * security_task_setioprio() - Check if setting a task's ioprio is allowed
@@ -3278,10 +3024,6 @@ int security_task_setnice(struct task_struct *p, int nice)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_setioprio(struct task_struct *p, int ioprio)
-{
-	return call_int_hook(task_setioprio, 0, p, ioprio);
-}
 
 /**
  * security_task_getioprio() - Check if getting a task's ioprio is allowed
@@ -3291,10 +3033,6 @@ int security_task_setioprio(struct task_struct *p, int ioprio)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_getioprio(struct task_struct *p)
-{
-	return call_int_hook(task_getioprio, 0, p);
-}
 
 /**
  * security_task_prlimit() - Check if get/setting resources limits is allowed
@@ -3307,11 +3045,6 @@ int security_task_getioprio(struct task_struct *p)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
-			  unsigned int flags)
-{
-	return call_int_hook(task_prlimit, 0, cred, tcred, flags);
-}
 
 /**
  * security_task_setrlimit() - Check if setting a new rlimit value is allowed
@@ -3325,11 +3058,6 @@ int security_task_prlimit(const struct cred *cred, const struct cred *tcred,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_setrlimit(struct task_struct *p, unsigned int resource,
-			    struct rlimit *new_rlim)
-{
-	return call_int_hook(task_setrlimit, 0, p, resource, new_rlim);
-}
 
 /**
  * security_task_setscheduler() - Check if setting sched policy/param is allowed
@@ -3340,10 +3068,6 @@ int security_task_setrlimit(struct task_struct *p, unsigned int resource,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_setscheduler(struct task_struct *p)
-{
-	return call_int_hook(task_setscheduler, 0, p);
-}
 
 /**
  * security_task_getscheduler() - Check if getting scheduling info is allowed
@@ -3353,10 +3077,6 @@ int security_task_setscheduler(struct task_struct *p)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_getscheduler(struct task_struct *p)
-{
-	return call_int_hook(task_getscheduler, 0, p);
-}
 
 /**
  * security_task_movememory() - Check if moving memory is allowed
@@ -3366,10 +3086,6 @@ int security_task_getscheduler(struct task_struct *p)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_movememory(struct task_struct *p)
-{
-	return call_int_hook(task_movememory, 0, p);
-}
 
 /**
  * security_task_kill() - Check if sending a signal is allowed
@@ -3386,11 +3102,6 @@ int security_task_movememory(struct task_struct *p)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_task_kill(struct task_struct *p, struct kernel_siginfo *info,
-		       int sig, const struct cred *cred)
-{
-	return call_int_hook(task_kill, 0, p, info, sig, cred);
-}
 
 /**
  * security_task_prctl() - Check if a prctl op is allowed
@@ -3432,10 +3143,6 @@ int security_task_prctl(int option, unsigned long arg2, unsigned long arg3,
  * Set the security attributes for an inode based on an associated task's
  * security attributes, e.g. for /proc/pid inodes.
  */
-void security_task_to_inode(struct task_struct *p, struct inode *inode)
-{
-	call_void_hook(task_to_inode, p, inode);
-}
 
 /**
  * security_create_user_ns() - Check if creating a new userns is allowed
@@ -3459,10 +3166,6 @@ int security_create_user_ns(const struct cred *cred)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
-{
-	return call_int_hook(ipc_permission, 0, ipcp, flag);
-}
 
 /**
  * security_ipc_getsecid() - Get the sysv ipc object's secid
@@ -3557,10 +3260,6 @@ void security_msg_queue_free(struct kern_ipc_perm *msq)
  *
  * Return: Return 0 if permission is granted.
  */
-int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
-{
-	return call_int_hook(msg_queue_associate, 0, msq, msqflg);
-}
 
 /**
  * security_msg_queue_msgctl() - Check if a msg queue operation is allowed
@@ -3572,10 +3271,6 @@ int security_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
-{
-	return call_int_hook(msg_queue_msgctl, 0, msq, cmd);
-}
 
 /**
  * security_msg_queue_msgsnd() - Check if sending a sysv ipc message is allowed
@@ -3588,11 +3283,6 @@ int security_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
-			      struct msg_msg *msg, int msqflg)
-{
-	return call_int_hook(msg_queue_msgsnd, 0, msq, msg, msqflg);
-}
 
 /**
  * security_msg_queue_msgrcv() - Check if receiving a sysv ipc msg is allowed
@@ -3609,11 +3299,6 @@ int security_msg_queue_msgsnd(struct kern_ipc_perm *msq,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_msg_queue_msgrcv(struct kern_ipc_perm *msq, struct msg_msg *msg,
-			      struct task_struct *target, long type, int mode)
-{
-	return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode);
-}
 
 /**
  * security_shm_alloc() - Allocate a sysv shm LSM blob
@@ -3661,10 +3346,6 @@ void security_shm_free(struct kern_ipc_perm *shp)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_shm_associate(struct kern_ipc_perm *shp, int shmflg)
-{
-	return call_int_hook(shm_associate, 0, shp, shmflg);
-}
 
 /**
  * security_shm_shmctl() - Check if a sysv shm operation is allowed
@@ -3676,10 +3357,6 @@ int security_shm_associate(struct kern_ipc_perm *shp, int shmflg)
  *
  * Return: Return 0 if permission is granted.
  */
-int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
-{
-	return call_int_hook(shm_shmctl, 0, shp, cmd);
-}
 
 /**
  * security_shm_shmat() - Check if a sysv shm attach operation is allowed
@@ -3693,11 +3370,6 @@ int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_shm_shmat(struct kern_ipc_perm *shp,
-		       char __user *shmaddr, int shmflg)
-{
-	return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg);
-}
 
 /**
  * security_sem_alloc() - Allocate a sysv semaphore LSM blob
@@ -3744,10 +3416,6 @@ void security_sem_free(struct kern_ipc_perm *sma)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
-{
-	return call_int_hook(sem_associate, 0, sma, semflg);
-}
 
 /**
  * security_sem_semctl() - Check if a sysv semaphore operation is allowed
@@ -3759,10 +3427,6 @@ int security_sem_associate(struct kern_ipc_perm *sma, int semflg)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
-{
-	return call_int_hook(sem_semctl, 0, sma, cmd);
-}
 
 /**
  * security_sem_semop() - Check if a sysv semaphore operation is allowed
@@ -3776,11 +3440,6 @@ int security_sem_semctl(struct kern_ipc_perm *sma, int cmd)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sem_semop(struct kern_ipc_perm *sma, struct sembuf *sops,
-		       unsigned nsops, int alter)
-{
-	return call_int_hook(sem_semop, 0, sma, sops, nsops, alter);
-}
 
 /**
  * security_d_instantiate() - Populate an inode's LSM state based on a dentry
@@ -3859,10 +3518,6 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
  * Return: Returns 0 if the information was successfully saved and message is
  *         allowed to be transmitted.
  */
-int security_netlink_send(struct sock *sk, struct sk_buff *skb)
-{
-	return call_int_hook(netlink_send, 0, sk, skb);
-}
 
 /**
  * security_ismaclabel() - Check is the named attribute is a MAC label
@@ -3872,10 +3527,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb)
  *
  * Return: Returns 1 if name is a MAC attribute otherwise returns 0.
  */
-int security_ismaclabel(const char *name)
-{
-	return call_int_hook(ismaclabel, 0, name);
-}
 EXPORT_SYMBOL(security_ismaclabel);
 
 /**
@@ -3891,23 +3542,6 @@ EXPORT_SYMBOL(security_ismaclabel);
  *
  * Return: Return 0 on success, error on failure.
  */
-int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
-{
-	struct security_hook_list *hp;
-	int rc;
-
-	/*
-	 * Currently, only one LSM can implement secid_to_secctx (i.e this
-	 * LSM hook is not "stackable").
-	 */
-	hlist_for_each_entry(hp, &security_hook_heads.secid_to_secctx, list) {
-		rc = hp->hook.secid_to_secctx(secid, secdata, seclen);
-		if (rc != LSM_RET_DEFAULT(secid_to_secctx))
-			return rc;
-	}
-
-	return LSM_RET_DEFAULT(secid_to_secctx);
-}
 EXPORT_SYMBOL(security_secid_to_secctx);
 
 /**
@@ -3968,10 +3602,6 @@ EXPORT_SYMBOL(security_inode_invalidate_secctx);
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
-{
-	return call_int_hook(inode_notifysecctx, 0, inode, ctx, ctxlen);
-}
 EXPORT_SYMBOL(security_inode_notifysecctx);
 
 /**
@@ -3990,10 +3620,6 @@ EXPORT_SYMBOL(security_inode_notifysecctx);
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
-{
-	return call_int_hook(inode_setsecctx, 0, dentry, ctx, ctxlen);
-}
 EXPORT_SYMBOL(security_inode_setsecctx);
 
 /**
@@ -4024,12 +3650,6 @@ EXPORT_SYMBOL(security_inode_getsecctx);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_post_notification(const struct cred *w_cred,
-			       const struct cred *cred,
-			       struct watch_notification *n)
-{
-	return call_int_hook(post_notification, 0, w_cred, cred, n);
-}
 #endif /* CONFIG_WATCH_QUEUE */
 
 #ifdef CONFIG_KEY_NOTIFICATIONS
@@ -4042,10 +3662,6 @@ int security_post_notification(const struct cred *w_cred,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_watch_key(struct key *key)
-{
-	return call_int_hook(watch_key, 0, key);
-}
 #endif /* CONFIG_KEY_NOTIFICATIONS */
 
 #ifdef CONFIG_SECURITY_NETWORK
@@ -4070,11 +3686,6 @@ int security_watch_key(struct key *key)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_unix_stream_connect(struct sock *sock, struct sock *other,
-				 struct sock *newsk)
-{
-	return call_int_hook(unix_stream_connect, 0, sock, other, newsk);
-}
 EXPORT_SYMBOL(security_unix_stream_connect);
 
 /**
@@ -4097,10 +3708,6 @@ EXPORT_SYMBOL(security_unix_stream_connect);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_unix_may_send(struct socket *sock,  struct socket *other)
-{
-	return call_int_hook(unix_may_send, 0, sock, other);
-}
 EXPORT_SYMBOL(security_unix_may_send);
 
 /**
@@ -4114,10 +3721,6 @@ EXPORT_SYMBOL(security_unix_may_send);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_create(int family, int type, int protocol, int kern)
-{
-	return call_int_hook(socket_create, 0, family, type, protocol, kern);
-}
 
 /**
  * security_socket_post_create() - Initialize a newly created socket
@@ -4137,12 +3740,6 @@ int security_socket_create(int family, int type, int protocol, int kern)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_post_create(struct socket *sock, int family,
-				int type, int protocol, int kern)
-{
-	return call_int_hook(socket_post_create, 0, sock, family, type,
-			     protocol, kern);
-}
 
 /**
  * security_socket_socketpair() - Check if creating a socketpair is allowed
@@ -4154,10 +3751,6 @@ int security_socket_post_create(struct socket *sock, int family,
  * Return: Returns 0 if permission is granted and the connection was
  *         established.
  */
-int security_socket_socketpair(struct socket *socka, struct socket *sockb)
-{
-	return call_int_hook(socket_socketpair, 0, socka, sockb);
-}
 EXPORT_SYMBOL(security_socket_socketpair);
 
 /**
@@ -4172,11 +3765,6 @@ EXPORT_SYMBOL(security_socket_socketpair);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_bind(struct socket *sock,
-			 struct sockaddr *address, int addrlen)
-{
-	return call_int_hook(socket_bind, 0, sock, address, addrlen);
-}
 
 /**
  * security_socket_connect() - Check if a socket connect operation is allowed
@@ -4189,11 +3777,6 @@ int security_socket_bind(struct socket *sock,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_connect(struct socket *sock,
-			    struct sockaddr *address, int addrlen)
-{
-	return call_int_hook(socket_connect, 0, sock, address, addrlen);
-}
 
 /**
  * security_socket_listen() - Check if a socket is allowed to listen
@@ -4204,10 +3787,6 @@ int security_socket_connect(struct socket *sock,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_listen(struct socket *sock, int backlog)
-{
-	return call_int_hook(socket_listen, 0, sock, backlog);
-}
 
 /**
  * security_socket_accept() - Check if a socket is allowed to accept connections
@@ -4220,10 +3799,6 @@ int security_socket_listen(struct socket *sock, int backlog)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_accept(struct socket *sock, struct socket *newsock)
-{
-	return call_int_hook(socket_accept, 0, sock, newsock);
-}
 
 /**
  * security_socket_sendmsg() - Check is sending a message is allowed
@@ -4235,10 +3810,6 @@ int security_socket_accept(struct socket *sock, struct socket *newsock)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
-{
-	return call_int_hook(socket_sendmsg, 0, sock, msg, size);
-}
 
 /**
  * security_socket_recvmsg() - Check if receiving a message is allowed
@@ -4251,11 +3822,6 @@ int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
-			    int size, int flags)
-{
-	return call_int_hook(socket_recvmsg, 0, sock, msg, size, flags);
-}
 
 /**
  * security_socket_getsockname() - Check if reading the socket addr is allowed
@@ -4266,10 +3832,6 @@ int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_getsockname(struct socket *sock)
-{
-	return call_int_hook(socket_getsockname, 0, sock);
-}
 
 /**
  * security_socket_getpeername() - Check if reading the peer's addr is allowed
@@ -4279,10 +3841,6 @@ int security_socket_getsockname(struct socket *sock)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_getpeername(struct socket *sock)
-{
-	return call_int_hook(socket_getpeername, 0, sock);
-}
 
 /**
  * security_socket_getsockopt() - Check if reading a socket option is allowed
@@ -4295,10 +3853,6 @@ int security_socket_getpeername(struct socket *sock)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_getsockopt(struct socket *sock, int level, int optname)
-{
-	return call_int_hook(socket_getsockopt, 0, sock, level, optname);
-}
 
 /**
  * security_socket_setsockopt() - Check if setting a socket option is allowed
@@ -4310,10 +3864,6 @@ int security_socket_getsockopt(struct socket *sock, int level, int optname)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_setsockopt(struct socket *sock, int level, int optname)
-{
-	return call_int_hook(socket_setsockopt, 0, sock, level, optname);
-}
 
 /**
  * security_socket_shutdown() - Checks if shutting down the socket is allowed
@@ -4325,10 +3875,6 @@ int security_socket_setsockopt(struct socket *sock, int level, int optname)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_socket_shutdown(struct socket *sock, int how)
-{
-	return call_int_hook(socket_shutdown, 0, sock, how);
-}
 
 /**
  * security_sock_rcv_skb() - Check if an incoming network packet is allowed
@@ -4452,11 +3998,6 @@ EXPORT_SYMBOL(security_sk_classify_flow);
  *
  * Sets @flic's secid to @req's secid.
  */
-void security_req_classify_flow(const struct request_sock *req,
-				struct flowi_common *flic)
-{
-	call_void_hook(req_classify_flow, req, flic);
-}
 EXPORT_SYMBOL(security_req_classify_flow);
 
 /**
@@ -4467,10 +4008,6 @@ EXPORT_SYMBOL(security_req_classify_flow);
  * Sets @parent's inode secid to @sk's secid and update @sk with any necessary
  * LSM state from @parent.
  */
-void security_sock_graft(struct sock *sk, struct socket *parent)
-{
-	call_void_hook(sock_graft, sk, parent);
-}
 EXPORT_SYMBOL(security_sock_graft);
 
 /**
@@ -4483,11 +4020,6 @@ EXPORT_SYMBOL(security_sock_graft);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_inet_conn_request(const struct sock *sk,
-			       struct sk_buff *skb, struct request_sock *req)
-{
-	return call_int_hook(inet_conn_request, 0, sk, skb, req);
-}
 EXPORT_SYMBOL(security_inet_conn_request);
 
 /**
@@ -4497,11 +4029,6 @@ EXPORT_SYMBOL(security_inet_conn_request);
  *
  * Set that LSM state of @sock using the LSM state from @req.
  */
-void security_inet_csk_clone(struct sock *newsk,
-			     const struct request_sock *req)
-{
-	call_void_hook(inet_csk_clone, newsk, req);
-}
 
 /**
  * security_inet_conn_established() - Update sock's LSM state with connection
@@ -4510,11 +4037,6 @@ void security_inet_csk_clone(struct sock *newsk,
  *
  * Update @sock's LSM state to represent a new connection from @skb.
  */
-void security_inet_conn_established(struct sock *sk,
-				    struct sk_buff *skb)
-{
-	call_void_hook(inet_conn_established, sk, skb);
-}
 EXPORT_SYMBOL(security_inet_conn_established);
 
 /**
@@ -4525,10 +4047,6 @@ EXPORT_SYMBOL(security_inet_conn_established);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_secmark_relabel_packet(u32 secid)
-{
-	return call_int_hook(secmark_relabel_packet, 0, secid);
-}
 EXPORT_SYMBOL(security_secmark_relabel_packet);
 
 /**
@@ -4536,10 +4054,6 @@ EXPORT_SYMBOL(security_secmark_relabel_packet);
  *
  * Tells the LSM to increment the number of secmark labeling rules loaded.
  */
-void security_secmark_refcount_inc(void)
-{
-	call_void_hook(secmark_refcount_inc);
-}
 EXPORT_SYMBOL(security_secmark_refcount_inc);
 
 /**
@@ -4547,10 +4061,6 @@ EXPORT_SYMBOL(security_secmark_refcount_inc);
  *
  * Tells the LSM to decrement the number of secmark labeling rules loaded.
  */
-void security_secmark_refcount_dec(void)
-{
-	call_void_hook(secmark_refcount_dec);
-}
 EXPORT_SYMBOL(security_secmark_refcount_dec);
 
 /**
@@ -4562,10 +4072,6 @@ EXPORT_SYMBOL(security_secmark_refcount_dec);
  *
  * Return: Returns a zero on success, negative values on failure.
  */
-int security_tun_dev_alloc_security(void **security)
-{
-	return call_int_hook(tun_dev_alloc_security, 0, security);
-}
 EXPORT_SYMBOL(security_tun_dev_alloc_security);
 
 /**
@@ -4574,10 +4080,6 @@ EXPORT_SYMBOL(security_tun_dev_alloc_security);
  *
  * This hook allows a module to free the security structure for a TUN device.
  */
-void security_tun_dev_free_security(void *security)
-{
-	call_void_hook(tun_dev_free_security, security);
-}
 EXPORT_SYMBOL(security_tun_dev_free_security);
 
 /**
@@ -4587,10 +4089,6 @@ EXPORT_SYMBOL(security_tun_dev_free_security);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_tun_dev_create(void)
-{
-	return call_int_hook(tun_dev_create, 0);
-}
 EXPORT_SYMBOL(security_tun_dev_create);
 
 /**
@@ -4601,10 +4099,6 @@ EXPORT_SYMBOL(security_tun_dev_create);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_tun_dev_attach_queue(void *security)
-{
-	return call_int_hook(tun_dev_attach_queue, 0, security);
-}
 EXPORT_SYMBOL(security_tun_dev_attach_queue);
 
 /**
@@ -4617,10 +4111,6 @@ EXPORT_SYMBOL(security_tun_dev_attach_queue);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_tun_dev_attach(struct sock *sk, void *security)
-{
-	return call_int_hook(tun_dev_attach, 0, sk, security);
-}
 EXPORT_SYMBOL(security_tun_dev_attach);
 
 /**
@@ -4632,10 +4122,6 @@ EXPORT_SYMBOL(security_tun_dev_attach);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_tun_dev_open(void *security)
-{
-	return call_int_hook(tun_dev_open, 0, security);
-}
 EXPORT_SYMBOL(security_tun_dev_open);
 
 /**
@@ -4647,11 +4133,6 @@ EXPORT_SYMBOL(security_tun_dev_open);
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_sctp_assoc_request(struct sctp_association *asoc,
-				struct sk_buff *skb)
-{
-	return call_int_hook(sctp_assoc_request, 0, asoc, skb);
-}
 EXPORT_SYMBOL(security_sctp_assoc_request);
 
 /**
@@ -4668,12 +4149,6 @@ EXPORT_SYMBOL(security_sctp_assoc_request);
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_sctp_bind_connect(struct sock *sk, int optname,
-			       struct sockaddr *address, int addrlen)
-{
-	return call_int_hook(sctp_bind_connect, 0, sk, optname,
-			     address, addrlen);
-}
 EXPORT_SYMBOL(security_sctp_bind_connect);
 
 /**
@@ -4686,11 +4161,6 @@ EXPORT_SYMBOL(security_sctp_bind_connect);
  * socket) or when a socket is 'peeled off' e.g userspace calls
  * sctp_peeloff(3).
  */
-void security_sctp_sk_clone(struct sctp_association *asoc, struct sock *sk,
-			    struct sock *newsk)
-{
-	call_void_hook(sctp_sk_clone, asoc, sk, newsk);
-}
 EXPORT_SYMBOL(security_sctp_sk_clone);
 
 /**
@@ -4703,11 +4173,6 @@ EXPORT_SYMBOL(security_sctp_sk_clone);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_sctp_assoc_established(struct sctp_association *asoc,
-				    struct sk_buff *skb)
-{
-	return call_int_hook(sctp_assoc_established, 0, asoc, skb);
-}
 EXPORT_SYMBOL(security_sctp_assoc_established);
 
 /**
@@ -4722,10 +4187,6 @@ EXPORT_SYMBOL(security_sctp_assoc_established);
  *
  * Return: Returns 0 on success or a negative error code on failure.
  */
-int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
-{
-	return call_int_hook(mptcp_add_subflow, 0, sk, ssk);
-}
 
 #endif	/* CONFIG_SECURITY_NETWORK */
 
@@ -4740,10 +4201,6 @@ int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_ib_pkey_access(void *sec, u64 subnet_prefix, u16 pkey)
-{
-	return call_int_hook(ib_pkey_access, 0, sec, subnet_prefix, pkey);
-}
 EXPORT_SYMBOL(security_ib_pkey_access);
 
 /**
@@ -4756,12 +4213,6 @@ EXPORT_SYMBOL(security_ib_pkey_access);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_ib_endport_manage_subnet(void *sec,
-				      const char *dev_name, u8 port_num)
-{
-	return call_int_hook(ib_endport_manage_subnet, 0, sec,
-			     dev_name, port_num);
-}
 EXPORT_SYMBOL(security_ib_endport_manage_subnet);
 
 /**
@@ -4772,10 +4223,6 @@ EXPORT_SYMBOL(security_ib_endport_manage_subnet);
  *
  * Return: Returns 0 on success, non-zero on failure.
  */
-int security_ib_alloc_security(void **sec)
-{
-	return call_int_hook(ib_alloc_security, 0, sec);
-}
 EXPORT_SYMBOL(security_ib_alloc_security);
 
 /**
@@ -4784,10 +4231,6 @@ EXPORT_SYMBOL(security_ib_alloc_security);
  *
  * Deallocate an Infiniband security structure.
  */
-void security_ib_free_security(void *sec)
-{
-	call_void_hook(ib_free_security, sec);
-}
 EXPORT_SYMBOL(security_ib_free_security);
 #endif	/* CONFIG_SECURITY_INFINIBAND */
 
@@ -4803,12 +4246,6 @@ EXPORT_SYMBOL(security_ib_free_security);
  *
  * Return:  Return 0 if operation was successful.
  */
-int security_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
-			       struct xfrm_user_sec_ctx *sec_ctx,
-			       gfp_t gfp)
-{
-	return call_int_hook(xfrm_policy_alloc_security, 0, ctxp, sec_ctx, gfp);
-}
 EXPORT_SYMBOL(security_xfrm_policy_alloc);
 
 /**
@@ -4821,11 +4258,6 @@ EXPORT_SYMBOL(security_xfrm_policy_alloc);
  *
  * Return: Return 0 if operation was successful.
  */
-int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
-			       struct xfrm_sec_ctx **new_ctxp)
-{
-	return call_int_hook(xfrm_policy_clone_security, 0, old_ctx, new_ctxp);
-}
 
 /**
  * security_xfrm_policy_free() - Free a xfrm security context
@@ -4833,10 +4265,6 @@ int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
  *
  * Free LSM resources associated with @ctx.
  */
-void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
-{
-	call_void_hook(xfrm_policy_free_security, ctx);
-}
 EXPORT_SYMBOL(security_xfrm_policy_free);
 
 /**
@@ -4847,10 +4275,6 @@ EXPORT_SYMBOL(security_xfrm_policy_free);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
-{
-	return call_int_hook(xfrm_policy_delete_security, 0, ctx);
-}
 
 /**
  * security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
@@ -4863,11 +4287,6 @@ int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
  *
  * Return: Return 0 if operation was successful.
  */
-int security_xfrm_state_alloc(struct xfrm_state *x,
-			      struct xfrm_user_sec_ctx *sec_ctx)
-{
-	return call_int_hook(xfrm_state_alloc, 0, x, sec_ctx);
-}
 EXPORT_SYMBOL(security_xfrm_state_alloc);
 
 /**
@@ -4882,11 +4301,6 @@ EXPORT_SYMBOL(security_xfrm_state_alloc);
  *
  * Return: Returns 0 if operation was successful.
  */
-int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
-				      struct xfrm_sec_ctx *polsec, u32 secid)
-{
-	return call_int_hook(xfrm_state_alloc_acquire, 0, x, polsec, secid);
-}
 
 /**
  * security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
@@ -4896,10 +4310,6 @@ int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_xfrm_state_delete(struct xfrm_state *x)
-{
-	return call_int_hook(xfrm_state_delete_security, 0, x);
-}
 EXPORT_SYMBOL(security_xfrm_state_delete);
 
 /**
@@ -4908,10 +4318,6 @@ EXPORT_SYMBOL(security_xfrm_state_delete);
  *
  * Deallocate x->security.
  */
-void security_xfrm_state_free(struct xfrm_state *x)
-{
-	call_void_hook(xfrm_state_free_security, x);
-}
 
 /**
  * security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
@@ -4925,10 +4331,6 @@ void security_xfrm_state_free(struct xfrm_state *x)
  * Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
  *         other errors.
  */
-int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
-{
-	return call_int_hook(xfrm_policy_lookup, 0, ctx, fl_secid);
-}
 
 /**
  * security_xfrm_state_pol_flow_match() - Check for a xfrm match
@@ -4973,10 +4375,6 @@ int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
  *
  * Return: Return 0 if all xfrms used have the same secid.
  */
-int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
-{
-	return call_int_hook(xfrm_decode_session, 0, skb, secid, 1);
-}
 
 void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
 {
@@ -5000,11 +4398,6 @@ EXPORT_SYMBOL(security_skb_classify_flow);
  *
  * Return: Return 0 if permission is granted, -ve error otherwise.
  */
-int security_key_alloc(struct key *key, const struct cred *cred,
-		       unsigned long flags)
-{
-	return call_int_hook(key_alloc, 0, key, cred, flags);
-}
 
 /**
  * security_key_free() - Free a kernel key LSM blob
@@ -5012,10 +4405,6 @@ int security_key_alloc(struct key *key, const struct cred *cred,
  *
  * Notification of destruction; free security data.
  */
-void security_key_free(struct key *key)
-{
-	call_void_hook(key_free, key);
-}
 
 /**
  * security_key_permission() - Check if a kernel key operation is allowed
@@ -5027,11 +4416,6 @@ void security_key_free(struct key *key)
  *
  * Return: Return 0 if permission is granted, -ve error otherwise.
  */
-int security_key_permission(key_ref_t key_ref, const struct cred *cred,
-			    enum key_need_perm need_perm)
-{
-	return call_int_hook(key_permission, 0, key_ref, cred, need_perm);
-}
 
 /**
  * security_key_getsecurity() - Get the key's security label
@@ -5066,10 +4450,6 @@ int security_key_getsecurity(struct key *key, char **buffer)
  * Return: Return 0 if @lsmrule has been successfully set, -EINVAL in case of
  *         an invalid rule.
  */
-int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
-{
-	return call_int_hook(audit_rule_init, 0, field, op, rulestr, lsmrule);
-}
 
 /**
  * security_audit_rule_known() - Check if an audit rule contains LSM fields
@@ -5080,10 +4460,6 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
  *
  * Return: Returns 1 in case of relation found, 0 otherwise.
  */
-int security_audit_rule_known(struct audit_krule *krule)
-{
-	return call_int_hook(audit_rule_known, 0, krule);
-}
 
 /**
  * security_audit_rule_free() - Free an LSM audit rule struct
@@ -5092,10 +4468,6 @@ int security_audit_rule_known(struct audit_krule *krule)
  * Deallocate the LSM audit rule structure previously allocated by
  * audit_rule_init().
  */
-void security_audit_rule_free(void *lsmrule)
-{
-	call_void_hook(audit_rule_free, lsmrule);
-}
 
 /**
  * security_audit_rule_match() - Check if a label matches an audit rule
@@ -5110,10 +4482,6 @@ void security_audit_rule_free(void *lsmrule)
  * Return: Returns 1 if secid matches the rule, 0 if it does not, -ERRNO on
  *         failure.
  */
-int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
-{
-	return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
-}
 #endif /* CONFIG_AUDIT */
 
 #ifdef CONFIG_BPF_SYSCALL
@@ -5129,10 +4497,6 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_bpf(int cmd, union bpf_attr *attr, unsigned int size)
-{
-	return call_int_hook(bpf, 0, cmd, attr, size);
-}
 
 /**
  * security_bpf_map() - Check if access to a bpf map is allowed
@@ -5144,10 +4508,6 @@ int security_bpf(int cmd, union bpf_attr *attr, unsigned int size)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_bpf_map(struct bpf_map *map, fmode_t fmode)
-{
-	return call_int_hook(bpf_map, 0, map, fmode);
-}
 
 /**
  * security_bpf_prog() - Check if access to a bpf program is allowed
@@ -5158,10 +4518,6 @@ int security_bpf_map(struct bpf_map *map, fmode_t fmode)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_bpf_prog(struct bpf_prog *prog)
-{
-	return call_int_hook(bpf_prog, 0, prog);
-}
 
 /**
  * security_bpf_map_alloc() - Allocate a bpf map LSM blob
@@ -5171,10 +4527,6 @@ int security_bpf_prog(struct bpf_prog *prog)
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_bpf_map_alloc(struct bpf_map *map)
-{
-	return call_int_hook(bpf_map_alloc_security, 0, map);
-}
 
 /**
  * security_bpf_prog_alloc() - Allocate a bpf program LSM blob
@@ -5184,10 +4536,6 @@ int security_bpf_map_alloc(struct bpf_map *map)
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
-{
-	return call_int_hook(bpf_prog_alloc_security, 0, aux);
-}
 
 /**
  * security_bpf_map_free() - Free a bpf map's LSM blob
@@ -5195,10 +4543,6 @@ int security_bpf_prog_alloc(struct bpf_prog_aux *aux)
  *
  * Clean up the security information stored inside bpf map.
  */
-void security_bpf_map_free(struct bpf_map *map)
-{
-	call_void_hook(bpf_map_free_security, map);
-}
 
 /**
  * security_bpf_prog_free() - Free a bpf program's LSM blob
@@ -5206,10 +4550,6 @@ void security_bpf_map_free(struct bpf_map *map)
  *
  * Clean up the security information stored inside bpf prog.
  */
-void security_bpf_prog_free(struct bpf_prog_aux *aux)
-{
-	call_void_hook(bpf_prog_free_security, aux);
-}
 #endif /* CONFIG_BPF_SYSCALL */
 
 /**
@@ -5221,10 +4561,6 @@ void security_bpf_prog_free(struct bpf_prog_aux *aux)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_locked_down(enum lockdown_reason what)
-{
-	return call_int_hook(locked_down, 0, what);
-}
 EXPORT_SYMBOL(security_locked_down);
 
 #ifdef CONFIG_PERF_EVENTS
@@ -5237,10 +4573,6 @@ EXPORT_SYMBOL(security_locked_down);
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_perf_event_open(struct perf_event_attr *attr, int type)
-{
-	return call_int_hook(perf_event_open, 0, attr, type);
-}
 
 /**
  * security_perf_event_alloc() - Allocate a perf event LSM blob
@@ -5250,10 +4582,6 @@ int security_perf_event_open(struct perf_event_attr *attr, int type)
  *
  * Return: Returns 0 on success, error on failure.
  */
-int security_perf_event_alloc(struct perf_event *event)
-{
-	return call_int_hook(perf_event_alloc, 0, event);
-}
 
 /**
  * security_perf_event_free() - Free a perf event LSM blob
@@ -5261,10 +4589,6 @@ int security_perf_event_alloc(struct perf_event *event)
  *
  * Release (free) perf_event security info.
  */
-void security_perf_event_free(struct perf_event *event)
-{
-	call_void_hook(perf_event_free, event);
-}
 
 /**
  * security_perf_event_read() - Check if reading a perf event label is allowed
@@ -5274,10 +4598,6 @@ void security_perf_event_free(struct perf_event *event)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_perf_event_read(struct perf_event *event)
-{
-	return call_int_hook(perf_event_read, 0, event);
-}
 
 /**
  * security_perf_event_write() - Check if writing a perf event label is allowed
@@ -5287,10 +4607,6 @@ int security_perf_event_read(struct perf_event *event)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_perf_event_write(struct perf_event *event)
-{
-	return call_int_hook(perf_event_write, 0, event);
-}
 #endif /* CONFIG_PERF_EVENTS */
 
 #ifdef CONFIG_IO_URING
@@ -5303,10 +4619,6 @@ int security_perf_event_write(struct perf_event *event)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_uring_override_creds(const struct cred *new)
-{
-	return call_int_hook(uring_override_creds, 0, new);
-}
 
 /**
  * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
@@ -5316,10 +4628,6 @@ int security_uring_override_creds(const struct cred *new)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_uring_sqpoll(void)
-{
-	return call_int_hook(uring_sqpoll, 0);
-}
 
 /**
  * security_uring_cmd() - Check if a io_uring passthrough command is allowed
@@ -5329,8 +4637,4 @@ int security_uring_sqpoll(void)
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_uring_cmd(struct io_uring_cmd *ioucmd)
-{
-	return call_int_hook(uring_cmd, 0, ioucmd);
-}
 #endif /* CONFIG_IO_URING */
-- 
2.34.1

Re: [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.

[kernel test robot]

Hi Tetsuo,

kernel test robot noticed the following build warnings:

[auto build test WARNING on bpf/master]
[also build test WARNING on pcmoore-audit/next pcmoore-selinux/next linus/master v6.7-rc2]
[cannot apply to bpf-next/master next-20231120]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Tetsuo-Handa/LSM-Auto-undef-LSM_HOOK-macro/20231120-214522
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master
patch link:    https://lore.kernel.org/r/34be5cd8-1fdd-4323-82a3-40f2e7d35db3%40I-love.SAKURA.ne.jp
patch subject: [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
config: arm64-randconfig-002-20231121 (https://download.01.org/0day-ci/archive/20231121/202311210652.jzysT4DZ-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231121/202311210652.jzysT4DZ-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202311210652.jzysT4DZ-lkp@intel.com/

All warnings (new ones prefixed by >>):

>> security/security.c:822: warning: Incorrect use of kernel-doc format:  * security_binder_transaction() - Check if a binder transaction is allowed
>> security/security.c:832: warning: Incorrect use of kernel-doc format:  * security_binder_transfer_binder() - Check if a binder transfer is allowed
>> security/security.c:842: warning: Incorrect use of kernel-doc format:  * security_binder_transfer_file() - Check if a binder file xfer is allowed
>> security/security.c:853: warning: Incorrect use of kernel-doc format:  * security_ptrace_access_check() - Check if tracing is allowed
>> security/security.c:868: warning: Incorrect use of kernel-doc format:  * security_ptrace_traceme() - Check if tracing is allowed
>> security/security.c:879: warning: Incorrect use of kernel-doc format:  * security_capget() - Get the capability sets for a process
>> security/security.c:894: warning: Incorrect use of kernel-doc format:  * security_capset() - Set the capability sets for a process
>> security/security.c:908: warning: Incorrect use of kernel-doc format:  * security_capable() - Check if a process has the necessary capability
>> security/security.c:922: warning: Incorrect use of kernel-doc format:  * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
>> security/security.c:934: warning: Incorrect use of kernel-doc format:  * security_quota_on() - Check if QUOTAON is allowed for a dentry
>> security/security.c:943: warning: Incorrect use of kernel-doc format:  * security_syslog() - Check if accessing the kernel message ring is allowed
>> security/security.c:954: warning: Incorrect use of kernel-doc format:  * security_settime64() - Check if changing the system time is allowed
>> security/security.c:964: warning: Function parameter or member 'ts' not described in 'security_settime64'
>> security/security.c:964: warning: Function parameter or member 'tz' not described in 'security_settime64'
>> security/security.c:964: warning: expecting prototype for security_binder_set_context_mgr(). Prototype was for security_settime64() instead
>> security/security.c:1020: warning: Incorrect use of kernel-doc format:  * security_bprm_creds_from_file() - Update linux_binprm creds based on file
>> security/security.c:1040: warning: Incorrect use of kernel-doc format:  * security_bprm_check() - Mediate binary handler search
>> security/security.c:1052: warning: expecting prototype for security_bprm_creds_for_exec(). Prototype was for security_bprm_check() instead
>> security/security.c:1075: warning: Incorrect use of kernel-doc format:  * security_bprm_committed_creds() - Tidy up after cred install during exec()
>> security/security.c:1087: warning: Incorrect use of kernel-doc format:  * security_fs_context_submount() - Initialise fc->security
   security/security.c:1097: warning: Incorrect use of kernel-doc format:  * security_fs_context_dup() - Duplicate a fs_context LSM blob
   security/security.c:1109: warning: Incorrect use of kernel-doc format:  * security_fs_context_parse_param() - Configure a filesystem context
   security/security.c:1122: warning: Function parameter or member 'fc' not described in 'security_fs_context_parse_param'
   security/security.c:1122: warning: Function parameter or member 'param' not described in 'security_fs_context_parse_param'
   security/security.c:1122: warning: expecting prototype for security_bprm_committing_creds(). Prototype was for security_fs_context_parse_param() instead
   security/security.c:1169: warning: Incorrect use of kernel-doc format:  * security_sb_free() - Free a super_block LSM blob
   security/security.c:1176: warning: expecting prototype for security_sb_delete(). Prototype was for security_sb_free() instead
   security/security.c:1206: warning: Function parameter or member 'security_sb_eat_lsm_opts' not described in 'EXPORT_SYMBOL'
   security/security.c:1206: warning: expecting prototype for security_sb_eat_lsm_opts(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1218: warning: Function parameter or member 'security_sb_mnt_opts_compat' not described in 'EXPORT_SYMBOL'
   security/security.c:1218: warning: expecting prototype for security_sb_mnt_opts_compat(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1230: warning: Function parameter or member 'security_sb_remount' not described in 'EXPORT_SYMBOL'
   security/security.c:1230: warning: expecting prototype for security_sb_remount(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1242: warning: Incorrect use of kernel-doc format:  * security_sb_show_options() - Output the mount options for a superblock
   security/security.c:1252: warning: Incorrect use of kernel-doc format:  * security_sb_statfs() - Check if accessing fs stats is allowed
   security/security.c:1262: warning: Incorrect use of kernel-doc format:  * security_sb_mount() - Check permission for mounting a filesystem
   security/security.c:1280: warning: Incorrect use of kernel-doc format:  * security_sb_umount() - Check permission for unmounting a filesystem
   security/security.c:1290: warning: Incorrect use of kernel-doc format:  * security_sb_pivotroot() - Check permissions for pivoting the rootfs
   security/security.c:1300: warning: Incorrect use of kernel-doc format:  * security_sb_set_mnt_opts() - Set the mount options for a filesystem
   security/security.c:1314: warning: Function parameter or member 'mnt_opts' not described in 'security_sb_set_mnt_opts'
   security/security.c:1314: warning: Function parameter or member 'kern_flags' not described in 'security_sb_set_mnt_opts'
   security/security.c:1314: warning: Function parameter or member 'set_kern_flags' not described in 'security_sb_set_mnt_opts'
   security/security.c:1314: warning: expecting prototype for security_sb_kern_mount(). Prototype was for security_sb_set_mnt_opts() instead
   security/security.c:1332: warning: Function parameter or member 'security_sb_clone_mnt_opts' not described in 'EXPORT_SYMBOL'
   security/security.c:1332: warning: expecting prototype for security_sb_clone_mnt_opts(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1345: warning: Incorrect use of kernel-doc format:  * security_path_notify() - Check if setting a watch is allowed
   security/security.c:1357: warning: Incorrect use of kernel-doc format:  * security_inode_alloc() - Allocate an inode LSM blob
   security/security.c:1367: warning: Function parameter or member 'inode' not described in 'security_inode_alloc'
   security/security.c:1367: warning: expecting prototype for security_move_mount(). Prototype was for security_inode_alloc() instead
   security/security.c:1425: warning: Function parameter or member 'security_dentry_init_security' not described in 'EXPORT_SYMBOL'
   security/security.c:1425: warning: expecting prototype for security_dentry_init_security(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1442: warning: Function parameter or member 'security_dentry_create_files_as' not described in 'EXPORT_SYMBOL'
   security/security.c:1442: warning: expecting prototype for security_dentry_create_files_as(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:1539: warning: Incorrect use of kernel-doc format:  * security_path_mknod() - Check if creating a special file is allowed
   security/security.c:1552: warning: Function parameter or member 'dir' not described in 'security_path_mknod'
   security/security.c:1552: warning: Function parameter or member 'dentry' not described in 'security_path_mknod'
   security/security.c:1552: warning: Function parameter or member 'mode' not described in 'security_path_mknod'
   security/security.c:1552: warning: Function parameter or member 'dev' not described in 'security_path_mknod'
   security/security.c:1552: warning: expecting prototype for security_inode_init_security_anon(). Prototype was for security_path_mknod() instead
   security/security.c:1736: warning: Incorrect use of kernel-doc format:  * security_inode_create() - Check if creating a file is allowed
   security/security.c:1747: warning: Function parameter or member 'dir' not described in 'security_inode_create'
   security/security.c:1747: warning: Function parameter or member 'dentry' not described in 'security_inode_create'
   security/security.c:1747: warning: Function parameter or member 'mode' not described in 'security_inode_create'
   security/security.c:1747: warning: expecting prototype for security_path_chroot(). Prototype was for security_inode_create() instead
   security/security.c:2204: warning: Incorrect use of kernel-doc format:  * security_inode_killpriv() - The setuid bit is removed, update LSM state
   security/security.c:2216: warning: Incorrect use of kernel-doc format:  * security_inode_getsecurity() - Get the xattr security label of an inode
   security/security.c:2234: warning: Function parameter or member 'idmap' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'inode' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'name' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'buffer' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: Function parameter or member 'alloc' not described in 'security_inode_getsecurity'
   security/security.c:2234: warning: expecting prototype for security_inode_need_killpriv(). Prototype was for security_inode_getsecurity() instead
   security/security.c:2319: warning: Incorrect use of kernel-doc format:  * security_inode_copy_up() - Create new creds for an overlayfs copy-up op
   security/security.c:2330: warning: Function parameter or member 'security_inode_copy_up' not described in 'EXPORT_SYMBOL'
   security/security.c:2330: warning: expecting prototype for security_inode_getsecid(). Prototype was for EXPORT_SYMBOL() instead
   security/security.c:2377: warning: Incorrect use of kernel-doc format:  * security_file_permission() - Check file permissions
   security/security.c:2396: warning: Function parameter or member 'file' not described in 'security_file_permission'
   security/security.c:2396: warning: Function parameter or member 'mask' not described in 'security_file_permission'
   security/security.c:2396: warning: expecting prototype for security_kernfs_init_security(). Prototype was for security_file_permission() instead
   security/security.c:2459: warning: Function parameter or member 'security_file_ioctl' not described in 'EXPORT_SYMBOL_GPL'
   security/security.c:2459: warning: expecting prototype for security_file_ioctl(). Prototype was for EXPORT_SYMBOL_GPL() instead
   security/security.c:2527: warning: Incorrect use of kernel-doc format:  * security_file_mprotect() - Check if changing memory protections is allowed
   security/security.c:2538: warning: Function parameter or member 'vma' not described in 'security_file_mprotect'
   security/security.c:2538: warning: Function parameter or member 'reqprot' not described in 'security_file_mprotect'
   security/security.c:2538: warning: Function parameter or member 'prot' not described in 'security_file_mprotect'
   security/security.c:2538: warning: expecting prototype for security_mmap_addr(). Prototype was for security_file_mprotect() instead
   security/security.c:2559: warning: Incorrect use of kernel-doc format:  * security_file_fcntl() - Check if fcntl() op is allowed
   security/security.c:2574: warning: Incorrect use of kernel-doc format:  * security_file_set_fowner() - Set the file owner info in the LSM blob
   security/security.c:2584: warning: Incorrect use of kernel-doc format:  * security_file_send_sigiotask() - Check if sending SIGIO/SIGURG is allowed
   security/security.c:2599: warning: Incorrect use of kernel-doc format:  * security_file_receive() - Check is receiving a file via IPC is allowed
   security/security.c:2609: warning: Incorrect use of kernel-doc format:  * security_file_open() - Save open() time state for late use by the LSM
   security/security.c:2618: warning: expecting prototype for security_file_lock(). Prototype was for security_file_open() instead
   security/security.c:2640: warning: Incorrect use of kernel-doc format:  * security_task_alloc() - Allocate a task's LSM blob
   security/security.c:2649: warning: Function parameter or member 'task' not described in 'security_task_alloc'
   security/security.c:2649: warning: Function parameter or member 'clone_flags' not described in 'security_task_alloc'
   security/security.c:2649: warning: expecting prototype for security_file_truncate(). Prototype was for security_task_alloc() instead
   security/security.c:2781: warning: Incorrect use of kernel-doc format:  * security_kernel_create_files_as() - Set file creation context using an inode
   security/security.c:2793: warning: Incorrect use of kernel-doc format:  * security_kernel_module_request() - Check is loading a module is allowed
   security/security.c:2802: warning: Function parameter or member 'kmod_name' not described in 'security_kernel_module_request'
   security/security.c:2802: warning: expecting prototype for security_kernel_act_as(). Prototype was for security_kernel_module_request() instead
   security/security.c:2922: warning: Incorrect use of kernel-doc format:  * security_task_fix_setgid() - Update LSM with new group id attributes
   security/security.c:2937: warning: Incorrect use of kernel-doc format:  * security_task_fix_setgroups() - Update LSM with new supplementary groups
   security/security.c:2950: warning: Incorrect use of kernel-doc format:  * security_task_setpgid() - Check if setting the pgid is allowed
   security/security.c:2961: warning: Incorrect use of kernel-doc format:  * security_task_getpgid() - Check if getting the pgid is allowed
   security/security.c:2971: warning: Incorrect use of kernel-doc format:  * security_task_getsid() - Check if getting the session id is allowed
   security/security.c:2980: warning: Incorrect use of kernel-doc format:  * security_current_getsecid_subj() - Get the current task's subjective secid
   security/security.c:2987: warning: Function parameter or member 'secid' not described in 'security_current_getsecid_subj'
   security/security.c:2987: warning: expecting prototype for security_task_fix_setuid(). Prototype was for security_current_getsecid_subj() instead
   security/security.c:3019: warning: Incorrect use of kernel-doc format:  * security_task_setioprio() - Check if setting a task's ioprio is allowed
   security/security.c:3029: warning: Incorrect use of kernel-doc format:  * security_task_getioprio() - Check if getting a task's ioprio is allowed
   security/security.c:3038: warning: Incorrect use of kernel-doc format:  * security_task_prlimit() - Check if get/setting resources limits is allowed
   security/security.c:3050: warning: Incorrect use of kernel-doc format:  * security_task_setrlimit() - Check if setting a new rlimit value is allowed
   security/security.c:3063: warning: Incorrect use of kernel-doc format:  * security_task_setscheduler() - Check if setting sched policy/param is allowed
   security/security.c:3073: warning: Incorrect use of kernel-doc format:  * security_task_getscheduler() - Check if getting scheduling info is allowed
   security/security.c:3082: warning: Incorrect use of kernel-doc format:  * security_task_movememory() - Check if moving memory is allowed
   security/security.c:3091: warning: Incorrect use of kernel-doc format:  * security_task_kill() - Check if sending a signal is allowed
   security/security.c:3107: warning: Incorrect use of kernel-doc format:  * security_task_prctl() - Check if a prctl op is allowed
   security/security.c:3122: warning: Function parameter or member 'option' not described in 'security_task_prctl'
   security/security.c:3122: warning: Function parameter or member 'arg2' not described in 'security_task_prctl'
   security/security.c:3122: warning: Function parameter or member 'arg3' not described in 'security_task_prctl'


vim +822 security/security.c

20510f2f4e2dab James Morris      2007-10-16   811  
1427ddbe5cc1a3 Paul Moore        2023-02-16   812  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16   813   * security_binder_set_context_mgr() - Check if becoming binder ctx mgr is ok
1427ddbe5cc1a3 Paul Moore        2023-02-16   814   * @mgr: task credentials of current binder process
1427ddbe5cc1a3 Paul Moore        2023-02-16   815   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   816   * Check whether @mgr is allowed to be the binder context manager.
1427ddbe5cc1a3 Paul Moore        2023-02-16   817   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   818   * Return: Return 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   819   */
79af73079d753b Stephen Smalley   2015-01-21   820  
1427ddbe5cc1a3 Paul Moore        2023-02-16   821  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16  @822   * security_binder_transaction() - Check if a binder transaction is allowed
1427ddbe5cc1a3 Paul Moore        2023-02-16   823   * @from: sending process
1427ddbe5cc1a3 Paul Moore        2023-02-16   824   * @to: receiving process
1427ddbe5cc1a3 Paul Moore        2023-02-16   825   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   826   * Check whether @from is allowed to invoke a binder transaction call to @to.
1427ddbe5cc1a3 Paul Moore        2023-02-16   827   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   828   * Return: Returns 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   829   */
79af73079d753b Stephen Smalley   2015-01-21   830  
1427ddbe5cc1a3 Paul Moore        2023-02-16   831  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16  @832   * security_binder_transfer_binder() - Check if a binder transfer is allowed
1427ddbe5cc1a3 Paul Moore        2023-02-16   833   * @from: sending process
1427ddbe5cc1a3 Paul Moore        2023-02-16   834   * @to: receiving process
1427ddbe5cc1a3 Paul Moore        2023-02-16   835   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   836   * Check whether @from is allowed to transfer a binder reference to @to.
1427ddbe5cc1a3 Paul Moore        2023-02-16   837   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   838   * Return: Returns 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   839   */
79af73079d753b Stephen Smalley   2015-01-21   840  
1427ddbe5cc1a3 Paul Moore        2023-02-16   841  /**
1427ddbe5cc1a3 Paul Moore        2023-02-16  @842   * security_binder_transfer_file() - Check if a binder file xfer is allowed
1427ddbe5cc1a3 Paul Moore        2023-02-16   843   * @from: sending process
1427ddbe5cc1a3 Paul Moore        2023-02-16   844   * @to: receiving process
1427ddbe5cc1a3 Paul Moore        2023-02-16   845   * @file: file being transferred
1427ddbe5cc1a3 Paul Moore        2023-02-16   846   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   847   * Check whether @from is allowed to transfer @file to @to.
1427ddbe5cc1a3 Paul Moore        2023-02-16   848   *
1427ddbe5cc1a3 Paul Moore        2023-02-16   849   * Return: Returns 0 if permission is granted.
1427ddbe5cc1a3 Paul Moore        2023-02-16   850   */
79af73079d753b Stephen Smalley   2015-01-21   851  
e261301c851aee Paul Moore        2023-02-16   852  /**
e261301c851aee Paul Moore        2023-02-16  @853   * security_ptrace_access_check() - Check if tracing is allowed
e261301c851aee Paul Moore        2023-02-16   854   * @child: target process
e261301c851aee Paul Moore        2023-02-16   855   * @mode: PTRACE_MODE flags
e261301c851aee Paul Moore        2023-02-16   856   *
e261301c851aee Paul Moore        2023-02-16   857   * Check permission before allowing the current process to trace the @child
e261301c851aee Paul Moore        2023-02-16   858   * process.  Security modules may also want to perform a process tracing check
e261301c851aee Paul Moore        2023-02-16   859   * during an execve in the set_security or apply_creds hooks of tracing check
e261301c851aee Paul Moore        2023-02-16   860   * during an execve in the bprm_set_creds hook of binprm_security_ops if the
e261301c851aee Paul Moore        2023-02-16   861   * process is being traced and its security attributes would be changed by the
e261301c851aee Paul Moore        2023-02-16   862   * execve.
e261301c851aee Paul Moore        2023-02-16   863   *
e261301c851aee Paul Moore        2023-02-16   864   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   865   */
5cd9c58fbe9ec9 David Howells     2008-08-14   866  
e261301c851aee Paul Moore        2023-02-16   867  /**
e261301c851aee Paul Moore        2023-02-16  @868   * security_ptrace_traceme() - Check if tracing is allowed
e261301c851aee Paul Moore        2023-02-16   869   * @parent: tracing process
e261301c851aee Paul Moore        2023-02-16   870   *
e261301c851aee Paul Moore        2023-02-16   871   * Check that the @parent process has sufficient permission to trace the
e261301c851aee Paul Moore        2023-02-16   872   * current process before allowing the current process to present itself to the
e261301c851aee Paul Moore        2023-02-16   873   * @parent process for tracing.
e261301c851aee Paul Moore        2023-02-16   874   *
e261301c851aee Paul Moore        2023-02-16   875   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   876   */
20510f2f4e2dab James Morris      2007-10-16   877  
e261301c851aee Paul Moore        2023-02-16   878  /**
e261301c851aee Paul Moore        2023-02-16  @879   * security_capget() - Get the capability sets for a process
e261301c851aee Paul Moore        2023-02-16   880   * @target: target process
e261301c851aee Paul Moore        2023-02-16   881   * @effective: effective capability set
e261301c851aee Paul Moore        2023-02-16   882   * @inheritable: inheritable capability set
e261301c851aee Paul Moore        2023-02-16   883   * @permitted: permitted capability set
e261301c851aee Paul Moore        2023-02-16   884   *
e261301c851aee Paul Moore        2023-02-16   885   * Get the @effective, @inheritable, and @permitted capability sets for the
e261301c851aee Paul Moore        2023-02-16   886   * @target process.  The hook may also perform permission checking to determine
e261301c851aee Paul Moore        2023-02-16   887   * if the current process is allowed to see the capability sets of the @target
e261301c851aee Paul Moore        2023-02-16   888   * process.
e261301c851aee Paul Moore        2023-02-16   889   *
e261301c851aee Paul Moore        2023-02-16   890   * Return: Returns 0 if the capability sets were successfully obtained.
e261301c851aee Paul Moore        2023-02-16   891   */
20510f2f4e2dab James Morris      2007-10-16   892  
e261301c851aee Paul Moore        2023-02-16   893  /**
e261301c851aee Paul Moore        2023-02-16  @894   * security_capset() - Set the capability sets for a process
e261301c851aee Paul Moore        2023-02-16   895   * @new: new credentials for the target process
e261301c851aee Paul Moore        2023-02-16   896   * @old: current credentials of the target process
e261301c851aee Paul Moore        2023-02-16   897   * @effective: effective capability set
e261301c851aee Paul Moore        2023-02-16   898   * @inheritable: inheritable capability set
e261301c851aee Paul Moore        2023-02-16   899   * @permitted: permitted capability set
e261301c851aee Paul Moore        2023-02-16   900   *
e261301c851aee Paul Moore        2023-02-16   901   * Set the @effective, @inheritable, and @permitted capability sets for the
e261301c851aee Paul Moore        2023-02-16   902   * current process.
e261301c851aee Paul Moore        2023-02-16   903   *
e261301c851aee Paul Moore        2023-02-16   904   * Return: Returns 0 and update @new if permission is granted.
e261301c851aee Paul Moore        2023-02-16   905   */
20510f2f4e2dab James Morris      2007-10-16   906  
e261301c851aee Paul Moore        2023-02-16   907  /**
e261301c851aee Paul Moore        2023-02-16  @908   * security_capable() - Check if a process has the necessary capability
e261301c851aee Paul Moore        2023-02-16   909   * @cred: credentials to examine
e261301c851aee Paul Moore        2023-02-16   910   * @ns: user namespace
e261301c851aee Paul Moore        2023-02-16   911   * @cap: capability requested
e261301c851aee Paul Moore        2023-02-16   912   * @opts: capability check options
e261301c851aee Paul Moore        2023-02-16   913   *
e261301c851aee Paul Moore        2023-02-16   914   * Check whether the @tsk process has the @cap capability in the indicated
e261301c851aee Paul Moore        2023-02-16   915   * credentials.  @cap contains the capability <include/linux/capability.h>.
e261301c851aee Paul Moore        2023-02-16   916   * @opts contains options for the capable check <include/linux/security.h>.
e261301c851aee Paul Moore        2023-02-16   917   *
e261301c851aee Paul Moore        2023-02-16   918   * Return: Returns 0 if the capability is granted.
e261301c851aee Paul Moore        2023-02-16   919   */
20510f2f4e2dab James Morris      2007-10-16   920  
e261301c851aee Paul Moore        2023-02-16   921  /**
e261301c851aee Paul Moore        2023-02-16  @922   * security_quotactl() - Check if a quotactl() syscall is allowed for this fs
e261301c851aee Paul Moore        2023-02-16   923   * @cmds: commands
e261301c851aee Paul Moore        2023-02-16   924   * @type: type
e261301c851aee Paul Moore        2023-02-16   925   * @id: id
e261301c851aee Paul Moore        2023-02-16   926   * @sb: filesystem
e261301c851aee Paul Moore        2023-02-16   927   *
e261301c851aee Paul Moore        2023-02-16   928   * Check whether the quotactl syscall is allowed for this @sb.
e261301c851aee Paul Moore        2023-02-16   929   *
e261301c851aee Paul Moore        2023-02-16   930   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   931   */
20510f2f4e2dab James Morris      2007-10-16   932  
e261301c851aee Paul Moore        2023-02-16   933  /**
e261301c851aee Paul Moore        2023-02-16  @934   * security_quota_on() - Check if QUOTAON is allowed for a dentry
e261301c851aee Paul Moore        2023-02-16   935   * @dentry: dentry
e261301c851aee Paul Moore        2023-02-16   936   *
e261301c851aee Paul Moore        2023-02-16   937   * Check whether QUOTAON is allowed for @dentry.
e261301c851aee Paul Moore        2023-02-16   938   *
e261301c851aee Paul Moore        2023-02-16   939   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   940   */
20510f2f4e2dab James Morris      2007-10-16   941  
e261301c851aee Paul Moore        2023-02-16   942  /**
e261301c851aee Paul Moore        2023-02-16  @943   * security_syslog() - Check if accessing the kernel message ring is allowed
e261301c851aee Paul Moore        2023-02-16   944   * @type: SYSLOG_ACTION_* type
e261301c851aee Paul Moore        2023-02-16   945   *
e261301c851aee Paul Moore        2023-02-16   946   * Check permission before accessing the kernel message ring or changing
e261301c851aee Paul Moore        2023-02-16   947   * logging to the console.  See the syslog(2) manual page for an explanation of
e261301c851aee Paul Moore        2023-02-16   948   * the @type values.
e261301c851aee Paul Moore        2023-02-16   949   *
e261301c851aee Paul Moore        2023-02-16   950   * Return: Return 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   951   */
20510f2f4e2dab James Morris      2007-10-16   952  
e261301c851aee Paul Moore        2023-02-16   953  /**
e261301c851aee Paul Moore        2023-02-16  @954   * security_settime64() - Check if changing the system time is allowed
e261301c851aee Paul Moore        2023-02-16   955   * @ts: new time
e261301c851aee Paul Moore        2023-02-16   956   * @tz: timezone
e261301c851aee Paul Moore        2023-02-16   957   *
e261301c851aee Paul Moore        2023-02-16   958   * Check permission to change the system time, struct timespec64 is defined in
e261301c851aee Paul Moore        2023-02-16   959   * <include/linux/time64.h> and timezone is defined in <include/linux/time.h>.
e261301c851aee Paul Moore        2023-02-16   960   *
e261301c851aee Paul Moore        2023-02-16   961   * Return: Returns 0 if permission is granted.
e261301c851aee Paul Moore        2023-02-16   962   */
457db29bfcfd1d Baolin Wang       2016-04-08   963  int security_settime64(const struct timespec64 *ts, const struct timezone *tz)
20510f2f4e2dab James Morris      2007-10-16  @964  {
f25fce3e8f1f15 Casey Schaufler   2015-05-02   965  	return call_int_hook(settime, 0, ts, tz);
20510f2f4e2dab James Morris      2007-10-16   966  }
20510f2f4e2dab James Morris      2007-10-16   967  
e261301c851aee Paul Moore        2023-02-16   968  /**
e261301c851aee Paul Moore        2023-02-16   969   * security_vm_enough_memory_mm() - Check if allocating a new mem map is allowed
e261301c851aee Paul Moore        2023-02-16   970   * @mm: mm struct
e261301c851aee Paul Moore        2023-02-16   971   * @pages: number of pages
e261301c851aee Paul Moore        2023-02-16   972   *
e261301c851aee Paul Moore        2023-02-16   973   * Check permissions for allocating a new virtual mapping.  If all LSMs return
e261301c851aee Paul Moore        2023-02-16   974   * a positive value, __vm_enough_memory() will be called with cap_sys_admin
e261301c851aee Paul Moore        2023-02-16   975   * set. If at least one LSM returns 0 or negative, __vm_enough_memory() will be
e261301c851aee Paul Moore        2023-02-16   976   * called with cap_sys_admin cleared.
e261301c851aee Paul Moore        2023-02-16   977   *
e261301c851aee Paul Moore        2023-02-16   978   * Return: Returns 0 if permission is granted by the LSM infrastructure to the
e261301c851aee Paul Moore        2023-02-16   979   *         caller.
e261301c851aee Paul Moore        2023-02-16   980   */
20510f2f4e2dab James Morris      2007-10-16   981  int security_vm_enough_memory_mm(struct mm_struct *mm, long pages)
20510f2f4e2dab James Morris      2007-10-16   982  {
b1d9e6b0646d0e Casey Schaufler   2015-05-02   983  	struct security_hook_list *hp;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   984  	int cap_sys_admin = 1;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   985  	int rc;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   986  
b1d9e6b0646d0e Casey Schaufler   2015-05-02   987  	/*
b1d9e6b0646d0e Casey Schaufler   2015-05-02   988  	 * The module will respond with a positive value if
b1d9e6b0646d0e Casey Schaufler   2015-05-02   989  	 * it thinks the __vm_enough_memory() call should be
b1d9e6b0646d0e Casey Schaufler   2015-05-02   990  	 * made with the cap_sys_admin set. If all of the modules
b1d9e6b0646d0e Casey Schaufler   2015-05-02   991  	 * agree that it should be set it will. If any module
b1d9e6b0646d0e Casey Schaufler   2015-05-02   992  	 * thinks it should not be set it won't.
b1d9e6b0646d0e Casey Schaufler   2015-05-02   993  	 */
df0ce17331e250 Sargun Dhillon    2018-03-29   994  	hlist_for_each_entry(hp, &security_hook_heads.vm_enough_memory, list) {
b1d9e6b0646d0e Casey Schaufler   2015-05-02   995  		rc = hp->hook.vm_enough_memory(mm, pages);
b1d9e6b0646d0e Casey Schaufler   2015-05-02   996  		if (rc <= 0) {
b1d9e6b0646d0e Casey Schaufler   2015-05-02   997  			cap_sys_admin = 0;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   998  			break;
b1d9e6b0646d0e Casey Schaufler   2015-05-02   999  		}
b1d9e6b0646d0e Casey Schaufler   2015-05-02  1000  	}
b1d9e6b0646d0e Casey Schaufler   2015-05-02  1001  	return __vm_enough_memory(mm, pages, cap_sys_admin);
20510f2f4e2dab James Morris      2007-10-16  1002  }
20510f2f4e2dab James Morris      2007-10-16  1003  
1661372c912d19 Paul Moore        2023-02-07  1004  /**
1661372c912d19 Paul Moore        2023-02-07  1005   * security_bprm_creds_for_exec() - Prepare the credentials for exec()
1661372c912d19 Paul Moore        2023-02-07  1006   * @bprm: binary program information
1661372c912d19 Paul Moore        2023-02-07  1007   *
1661372c912d19 Paul Moore        2023-02-07  1008   * If the setup in prepare_exec_creds did not setup @bprm->cred->security
1661372c912d19 Paul Moore        2023-02-07  1009   * properly for executing @bprm->file, update the LSM's portion of
1661372c912d19 Paul Moore        2023-02-07  1010   * @bprm->cred->security to be what commit_creds needs to install for the new
1661372c912d19 Paul Moore        2023-02-07  1011   * program.  This hook may also optionally check permissions (e.g. for
1661372c912d19 Paul Moore        2023-02-07  1012   * transitions between security domains).  The hook must set @bprm->secureexec
1661372c912d19 Paul Moore        2023-02-07  1013   * to 1 if AT_SECURE should be set to request libc enable secure mode.  @bprm
1661372c912d19 Paul Moore        2023-02-07  1014   * contains the linux_binprm structure.
1661372c912d19 Paul Moore        2023-02-07  1015   *
1661372c912d19 Paul Moore        2023-02-07  1016   * Return: Returns 0 if the hook is successful and permission is granted.
1661372c912d19 Paul Moore        2023-02-07  1017   */
b8bff599261c93 Eric W. Biederman 2020-03-22  1018  
1661372c912d19 Paul Moore        2023-02-07  1019  /**
1661372c912d19 Paul Moore        2023-02-07 @1020   * security_bprm_creds_from_file() - Update linux_binprm creds based on file
1661372c912d19 Paul Moore        2023-02-07  1021   * @bprm: binary program information
1661372c912d19 Paul Moore        2023-02-07  1022   * @file: associated file
1661372c912d19 Paul Moore        2023-02-07  1023   *
1661372c912d19 Paul Moore        2023-02-07  1024   * If @file is setpcap, suid, sgid or otherwise marked to change privilege upon
1661372c912d19 Paul Moore        2023-02-07  1025   * exec, update @bprm->cred to reflect that change. This is called after
1661372c912d19 Paul Moore        2023-02-07  1026   * finding the binary that will be executed without an interpreter.  This
1661372c912d19 Paul Moore        2023-02-07  1027   * ensures that the credentials will not be derived from a script that the
1661372c912d19 Paul Moore        2023-02-07  1028   * binary will need to reopen, which when reopend may end up being a completely
1661372c912d19 Paul Moore        2023-02-07  1029   * different file.  This hook may also optionally check permissions (e.g. for
1661372c912d19 Paul Moore        2023-02-07  1030   * transitions between security domains).  The hook must set @bprm->secureexec
1661372c912d19 Paul Moore        2023-02-07  1031   * to 1 if AT_SECURE should be set to request libc enable secure mode.  The
1661372c912d19 Paul Moore        2023-02-07  1032   * hook must add to @bprm->per_clear any personality flags that should be
1661372c912d19 Paul Moore        2023-02-07  1033   * cleared from current->personality.  @bprm contains the linux_binprm
1661372c912d19 Paul Moore        2023-02-07  1034   * structure.
1661372c912d19 Paul Moore        2023-02-07  1035   *
1661372c912d19 Paul Moore        2023-02-07  1036   * Return: Returns 0 if the hook is successful and permission is granted.
1661372c912d19 Paul Moore        2023-02-07  1037   */
20510f2f4e2dab James Morris      2007-10-16  1038  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.

[kernel test robot]

Hi Tetsuo,

kernel test robot noticed the following build errors:

[auto build test ERROR on bpf/master]
[also build test ERROR on pcmoore-audit/next pcmoore-selinux/next linus/master v6.7-rc2]
[cannot apply to bpf-next/master next-20231120]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Tetsuo-Handa/LSM-Auto-undef-LSM_HOOK-macro/20231120-214522
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master
patch link:    https://lore.kernel.org/r/34be5cd8-1fdd-4323-82a3-40f2e7d35db3%40I-love.SAKURA.ne.jp
patch subject: [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
config: csky-randconfig-002-20231121 (https://download.01.org/0day-ci/archive/20231121/202311210651.Bs3e5XsM-lkp@intel.com/config)
compiler: csky-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231121/202311210651.Bs3e5XsM-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202311210651.Bs3e5XsM-lkp@intel.com/

All errors (new ones prefixed by >>):

   csky-linux-ld: kernel/bpf/syscall.o: in function `__bpf_prog_put_rcu':
>> syscall.c:(.text+0x844): undefined reference to `security_bpf_prog_free'
>> csky-linux-ld: syscall.c:(.text+0x87c): undefined reference to `security_bpf_prog_free'
   csky-linux-ld: kernel/bpf/syscall.o: in function `__bpf_prog_put_noref':
   syscall.c:(.text+0x13a4): undefined reference to `security_bpf_prog_free'
   csky-linux-ld: syscall.c:(.text+0x13fc): undefined reference to `security_bpf_prog_free'
   csky-linux-ld: kernel/bpf/syscall.o: in function `bpf_map_free_deferred':
>> syscall.c:(.text+0x3c0e): undefined reference to `security_bpf_map_free'
   csky-linux-ld: kernel/bpf/syscall.o: in function `map_check_btf':
   syscall.c:(.text+0x3ccc): undefined reference to `security_bpf_map_free'
   csky-linux-ld: kernel/bpf/syscall.o: in function `map_create':
>> syscall.c:(.text+0x448a): undefined reference to `security_bpf_map_alloc'
>> csky-linux-ld: syscall.c:(.text+0x4590): undefined reference to `security_bpf_map_alloc'
>> csky-linux-ld: syscall.c:(.text+0x46d0): undefined reference to `security_bpf_map_free'
   csky-linux-ld: syscall.c:(.text+0x4724): undefined reference to `security_bpf_map_free'
   csky-linux-ld: kernel/bpf/syscall.o: in function `bpf_prog_load':
>> syscall.c:(.text+0x4836): undefined reference to `security_bpf_prog_alloc'
>> csky-linux-ld: syscall.c:(.text+0x48c4): undefined reference to `security_bpf_prog_alloc'
   csky-linux-ld: syscall.c:(.text+0x497e): undefined reference to `security_bpf_prog_free'
   csky-linux-ld: syscall.c:(.text+0x49f0): undefined reference to `security_bpf_prog_free'
   mm/zsmalloc.o: in function `__zs_compact':
   zsmalloc.c:(.text+0x2142): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   zsmalloc.c:(.text+0x214a): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   mm/zsmalloc.o: in function `zs_compact':
   zsmalloc.c:(.text+0x218a): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   zsmalloc.c:(.text+0x21ca): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   zsmalloc.c:(.text+0x21d8): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   mm/zsmalloc.o: in function `zs_shrinker_scan':
   zsmalloc.c:(.text+0x21e4): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   mm/zsmalloc.o: in function `zs_page_migrate':
   zsmalloc.c:(.text+0x2234): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   zsmalloc.c:(.text+0x224c): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   zsmalloc.c:(.text+0x2278): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   zsmalloc.c:(.text+0x22a2): relocation truncated to fit: R_CKCORE_PCREL_IMM16BY4 against `__jump_table'
   zsmalloc.c:(.text+0x22b0): additional relocation overflows omitted from the output

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.

[Paul Moore]

On Mon, Nov 20, 2023 at 8:28 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> This functionality will be used by TOMOYO security module.
>
> In order to officially use an LSM module, that LSM module has to be
> built into vmlinux. This limitation has been a big barrier for allowing
> distribution kernel users to use LSM modules which the organization who
> builds that distribution kernel cannot afford supporting [1]. Therefore,
> I've been asking for ability to append LSM hooks from LKM-based LSMs so
> that distribution kernel users can use LSMs which the organization who
> builds that distribution kernel cannot afford supporting.

It doesn't really matter for this discussion, but based on my days
working for a Linux distro company I would be very surprised if a
commercial distro would support a system running unapproved
third-party kernel modules.

We've talked a lot about this core problem and I maintain that it is
still a disto problem and not something I'm really concerned about
upstream.

-- 
paul-moore.com

Re: [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.

[kernel test robot]

Hi Tetsuo,

kernel test robot noticed the following build errors:

[auto build test ERROR on bpf/master]
[also build test ERROR on pcmoore-audit/next pcmoore-selinux/next linus/master v6.7-rc2]
[cannot apply to bpf-next/master next-20231120]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Tetsuo-Handa/LSM-Auto-undef-LSM_HOOK-macro/20231120-214522
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master
patch link:    https://lore.kernel.org/r/34be5cd8-1fdd-4323-82a3-40f2e7d35db3%40I-love.SAKURA.ne.jp
patch subject: [PATCH 4/4] LSM: Add a LSM module which handles dynamically appendable LSM hooks.
config: arc-randconfig-002-20231121 (https://download.01.org/0day-ci/archive/20231121/202311210740.Mxc4WM7v-lkp@intel.com/config)
compiler: arc-elf-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231121/202311210740.Mxc4WM7v-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202311210740.Mxc4WM7v-lkp@intel.com/

All error/warnings (new ones prefixed by >>):

>> security/security.c:784:13: warning: no previous prototype for 'security_bprm_check_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:114:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     114 | LSM_PLAIN_INT_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_sb_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:123:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     123 | LSM_PLAIN_INT_HOOK(int, 0, sb_alloc_security, struct super_block *sb)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_sb_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:125:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     125 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sb_free_security, struct super_block *sb)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_sb_free_mnt_opts' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:126:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     126 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sb_free_mnt_opts, void *mnt_opts)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_inode_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:174:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     174 | LSM_PLAIN_INT_HOOK(int, 0, inode_alloc_security, struct inode *inode)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_inode_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:175:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     175 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_file_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:231:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     231 | LSM_PLAIN_INT_HOOK(int, 0, file_alloc_security, struct file *file)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_file_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:232:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     232 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, file_free_security, struct file *file)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_cred_prepare' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:254:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     254 | LSM_PLAIN_INT_HOOK(int, 0, cred_prepare, struct cred *new, const struct cred *old,
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_msg_msg_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:300:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     300 | LSM_PLAIN_INT_HOOK(int, 0, msg_msg_alloc_security, struct msg_msg *msg)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_msg_msg_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:301:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     301 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, msg_msg_free_security, struct msg_msg *msg)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_msg_queue_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:302:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     302 | LSM_PLAIN_INT_HOOK(int, 0, msg_queue_alloc_security, struct kern_ipc_perm *perm)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_msg_queue_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:303:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     303 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, msg_queue_free_security,
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_shm_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:311:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     311 | LSM_PLAIN_INT_HOOK(int, 0, shm_alloc_security, struct kern_ipc_perm *perm)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_shm_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:312:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     312 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, shm_free_security, struct kern_ipc_perm *perm)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_sem_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:317:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     317 | LSM_PLAIN_INT_HOOK(int, 0, sem_alloc_security, struct kern_ipc_perm *perm)
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_sem_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:318:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     318 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sem_free_security, struct kern_ipc_perm *perm)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:799:14: warning: no previous prototype for 'security_sk_getsecid' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:381:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     381 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, sk_getsecid, const struct sock *sk, u32 *secid)
         | ^~~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_xfrm_policy_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:420:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     420 | LSM_PLAIN_INT_HOOK(int, 0, xfrm_policy_alloc_security, struct xfrm_sec_ctx **ctxp,
         | ^~~~~~~~~~~~~~~~~~
>> security/security.c:784:13: warning: no previous prototype for 'security_xfrm_policy_clone_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:422:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     422 | LSM_PLAIN_INT_HOOK(int, 0, xfrm_policy_clone_security, struct xfrm_sec_ctx *old_ctx,
         | ^~~~~~~~~~~~~~~~~~
   security/security.c:799:14: warning: no previous prototype for 'security_xfrm_policy_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:424:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     424 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, xfrm_policy_free_security,
         | ^~~~~~~~~~~~~~~~~~~
   security/security.c:784:13: warning: no previous prototype for 'security_xfrm_policy_delete_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:426:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     426 | LSM_PLAIN_INT_HOOK(int, 0, xfrm_policy_delete_security, struct xfrm_sec_ctx *ctx)
         | ^~~~~~~~~~~~~~~~~~
   security/security.c:799:14: warning: no previous prototype for 'security_xfrm_state_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:431:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     431 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, xfrm_state_free_security, struct xfrm_state *x)
         | ^~~~~~~~~~~~~~~~~~~
   security/security.c:784:13: warning: no previous prototype for 'security_xfrm_state_delete_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:432:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     432 | LSM_PLAIN_INT_HOOK(int, 0, xfrm_state_delete_security, struct xfrm_state *x)
         | ^~~~~~~~~~~~~~~~~~
   security/security.c:784:13: error: conflicting types for 'security_xfrm_decode_session'; have 'int(struct sk_buff *, u32 *, int)' {aka 'int(struct sk_buff *, unsigned int *, int)'}
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:436:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     436 | LSM_PLAIN_INT_HOOK(int, 0, xfrm_decode_session, struct sk_buff *skb, u32 *secid,
         | ^~~~~~~~~~~~~~~~~~
   In file included from include/linux/lsm_hooks.h:28,
                    from security/security.c:21:
   include/linux/security.h:1753:5: note: previous declaration of 'security_xfrm_decode_session' with type 'int(struct sk_buff *, u32 *)' {aka 'int(struct sk_buff *, unsigned int *)'}
    1753 | int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
         |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
   security/security.c:784:13: warning: no previous prototype for 'security_bpf_map_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:462:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     462 | LSM_PLAIN_INT_HOOK(int, 0, bpf_map_alloc_security, struct bpf_map *map)
         | ^~~~~~~~~~~~~~~~~~
   security/security.c:799:14: warning: no previous prototype for 'security_bpf_map_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:463:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     463 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, bpf_map_free_security, struct bpf_map *map)
         | ^~~~~~~~~~~~~~~~~~~
   security/security.c:784:13: warning: no previous prototype for 'security_bpf_prog_alloc_security' [-Wmissing-prototypes]
     784 |         int security_##NAME(__VA_ARGS__)                                \
         |             ^~~~~~~~~
   include/linux/lsm_hook_defs.h:464:1: note: in expansion of macro 'LSM_PLAIN_INT_HOOK'
     464 | LSM_PLAIN_INT_HOOK(int, 0, bpf_prog_alloc_security, struct bpf_prog_aux *aux)
         | ^~~~~~~~~~~~~~~~~~
   security/security.c:799:14: warning: no previous prototype for 'security_bpf_prog_free_security' [-Wmissing-prototypes]
     799 |         void security_##NAME(__VA_ARGS__)                               \
         |              ^~~~~~~~~
   include/linux/lsm_hook_defs.h:465:1: note: in expansion of macro 'LSM_PLAIN_VOID_HOOK'
     465 | LSM_PLAIN_VOID_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux)
         | ^~~~~~~~~~~~~~~~~~~


vim +784 security/security.c

   781	
   782	#include <linux/lsm_hook_args.h>
   783	#define LSM_PLAIN_INT_HOOK(RET, DEFAULT, NAME, ...)			\
 > 784		int security_##NAME(__VA_ARGS__)				\
   785		{								\
   786			struct security_hook_list *P;				\
   787										\
   788			hlist_for_each_entry(P, &security_hook_heads.NAME, list) { \
   789				int RC = P->hook.NAME(LSM_CALL_ARGS_##NAME);	\
   790										\
   791				if (RC != DEFAULT)				\
   792					return RC;				\
   793			}							\
   794			return DEFAULT;						\
   795		}
   796	#define LSM_CUSTOM_INT_HOOK(RET, DEFAULT, NAME, ...) DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME)
   797	#define LSM_SPECIAL_INT_HOOK(RET, DEFAULT, NAME, ...) DECLARE_LSM_RET_DEFAULT_int(DEFAULT, NAME)
   798	#define LSM_PLAIN_VOID_HOOK(RET, DEFAULT, NAME, ...)			\
 > 799		void security_##NAME(__VA_ARGS__)				\
   800		{								\
   801			struct security_hook_list *P;				\
   802										\
   803			hlist_for_each_entry(P, &security_hook_heads.NAME, list) \
   804				P->hook.NAME(LSM_CALL_ARGS_##NAME);		\
   805		}
   806	#define LSM_CUSTOM_VOID_HOOK(RET, DEFAULT, NAME, ...)
   807	#define LSM_SPECIAL_VOID_HOOK(RET, DEFAULT, NAME, ...)
   808	#include <linux/lsm_hook_defs.h>
   809	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Re: [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.

[Tetsuo Handa]

On 2023/11/21 7:52, Paul Moore wrote:
> On Mon, Nov 20, 2023 at 8:28 AM Tetsuo Handa
> <penguin-kernel@i-love.sakura.ne.jp> wrote:
>>
>> This functionality will be used by TOMOYO security module.
>>
>> In order to officially use an LSM module, that LSM module has to be
>> built into vmlinux. This limitation has been a big barrier for allowing
>> distribution kernel users to use LSM modules which the organization who
>> builds that distribution kernel cannot afford supporting [1]. Therefore,
>> I've been asking for ability to append LSM hooks from LKM-based LSMs so
>> that distribution kernel users can use LSMs which the organization who
>> builds that distribution kernel cannot afford supporting.
> 
> It doesn't really matter for this discussion, but based on my days
> working for a Linux distro company I would be very surprised if a
> commercial distro would support a system running unapproved
> third-party kernel modules.

A commercial distro does not care about problems that are caused by
using kernel modules that are not included in that distro's kernels.

Those who supply kernel modules that are not included in that distro's
kernels (e.g. antivirus software vendors) care about problems that are
caused by using such kernel modules.

Kernel modules for hardware devices that are not included in that distro's
kernels can be appended after boot.

Kernel modules for filesystems that are not included in that distro's
kernels can be appended after boot.

If a commercial distro does not want to allow use of kernel modules that
are not included in that distro's kernels, that distro would enforce module
signature verification rather than disabling loadable module support.
Keeping loadable module support enabled is a balance that is important for
getting wider developers/users.

> 
> We've talked a lot about this core problem and I maintain that it is
> still a disto problem and not something I'm really concerned about
> upstream.

LSM modules that are not built into vmlinux currently cannot be appended
after boot. Such asymmetry is strange and remains a big barrier.

You are not concerned about this asymmetry, but I am very much concerned.
Please give me feedback on not "I don't need it" but "how we can do it".

Re: [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.

[Paul Moore]

On Tue, Nov 21, 2023 at 8:03 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
> On 2023/11/21 7:52, Paul Moore wrote:
> > On Mon, Nov 20, 2023 at 8:28 AM Tetsuo Handa
> > <penguin-kernel@i-love.sakura.ne.jp> wrote:
> >>
> >> This functionality will be used by TOMOYO security module.
> >>
> >> In order to officially use an LSM module, that LSM module has to be
> >> built into vmlinux. This limitation has been a big barrier for allowing
> >> distribution kernel users to use LSM modules which the organization who
> >> builds that distribution kernel cannot afford supporting [1]. Therefore,
> >> I've been asking for ability to append LSM hooks from LKM-based LSMs so
> >> that distribution kernel users can use LSMs which the organization who
> >> builds that distribution kernel cannot afford supporting.
> >
> > It doesn't really matter for this discussion, but based on my days
> > working for a Linux distro company I would be very surprised if a
> > commercial distro would support a system running unapproved
> > third-party kernel modules.
>
> A commercial distro does not care about problems that are caused by
> using kernel modules that are not included in that distro's kernels.

My experience has taught me otherwise.

> If a commercial distro does not want to allow use of kernel modules that
> are not included in that distro's kernels, that distro would enforce module
> signature verification rather than disabling loadable module support.
> Keeping loadable module support enabled is a balance that is important for
> getting wider developers/users.

We don't currently support LSMs as dynamically loadable kernel modules
and if the only reasons for doing so are either to A) support
out-of-tree LSMs or B) avoid having to recompile a kernel (to hack an
unsupported LSM into a distro kernel) I have to say (yet again) that I
am not interested.

> > We've talked a lot about this core problem and I maintain that it is
> > still a disto problem and not something I'm really concerned about
> > upstream.
>
> LSM modules that are not built into vmlinux currently cannot be appended
> after boot. Such asymmetry is strange and remains a big barrier.
>
> You are not concerned about this asymmetry, but I am very much concerned.
> Please give me feedback on not "I don't need it" but "how we can do it".

I thought my feedback has been clear up to this point, but perhaps I
need to be more direct.  At this point in time I am not interested in
supporting dynamically loaded LSM kernel modules if the only reasons
are to support out-of-tree LSMs or users who want to hack unsupported
LSMs into pre-built distro kernels; both of these use cases can be
solved today by compiling your own kernel.

As with the other threads involving this topic, I'm going to refrain
from any further comments until I see a new discussion point.

--
paul-moore.com

Re: [RFC PATCH v2 0/4] LSM: Officially support appending LSM hooks after boot.

[Tetsuo Handa]

On 2023/11/22 13:41, Paul Moore wrote:
> both of these use cases can be solved today by compiling your own kernel.

No. Compiling kernels is not a viable option for regular developers/users.

We (who are kernel developers) tend to think that compiling/replacing a
kernel as a trivial thing. But majority of Linux users do not think so.
The kernel is one of most puzzling programs for Linux users, and most of
Linux users afraid compiling/replacing kernels.

Red Hat's support said that Red Hat does not support a rebuilt RHEL kernel
even if that kernel is rebuilt using the same kernel source and the same
kernel config shipped by Red Hat. Let alone kernels which are rebuilt with
the modified kernel config.

Your "compiling your own kernel" answer is asking me to become a Linux
distributor and to support the whole rebuilt kernels. That will include
management of kernel-debuginfo packages needed for analyzing vmcore, and
also management of userspace packages which depend on the kernel package.

What do you think if you are obligated to support whatever problems just because
you want to allow users to use your code? I'm sure that you will say "I can't".
Your answer cannot be satisfied by a kernel developer who can develop/support
an LSM module but cannot afford supporting problems that are irrelevant to
that LSM module.

Being able to use whatever functionality (not only LSM modules but also
device drivers and filesystem drivers) using pre-built distribution kernels
and pre-built kernel-debuginfo packages is the mandatory baseline.

Of course, the best solution is that whatever LSM modules are built into
distributor's kernels. But since such solution is impossible
( https://bugzilla.redhat.com/show_bug.cgi?id=542986 ), the second best
solution will be that distributor's kernels support only ability to load LSM
modules which that distributor's kernels cannot afford supporting as loadable
kernel modules, and somebody else other than distributor provides support for
LSM modules which that distributor's kernels cannot afford supporting.