* [PATCH v5 01/34] lsm: split the notifier code out into lsm_notifier.c
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 02/34] lsm: split the init code out into lsm_init.c Paul Moore
` (23 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
In an effort to decompose security/security.c somewhat to make it less
twisted and unwieldy, pull out the LSM notifier code into a new file
as it is fairly well self-contained.
No code changes.
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/Makefile | 2 +-
security/lsm_notifier.c | 31 +++++++++++++++++++++++++++++++
security/security.c | 23 -----------------------
3 files changed, 32 insertions(+), 24 deletions(-)
create mode 100644 security/lsm_notifier.c
diff --git a/security/Makefile b/security/Makefile
index 22ff4c8bd8ce..14d87847bce8 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -11,7 +11,7 @@ obj-$(CONFIG_SECURITY) += lsm_syscalls.o
obj-$(CONFIG_MMU) += min_addr.o
# Object file lists
-obj-$(CONFIG_SECURITY) += security.o
+obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o
obj-$(CONFIG_SECURITYFS) += inode.o
obj-$(CONFIG_SECURITY_SELINUX) += selinux/
obj-$(CONFIG_SECURITY_SMACK) += smack/
diff --git a/security/lsm_notifier.c b/security/lsm_notifier.c
new file mode 100644
index 000000000000..c92fad5d57d4
--- /dev/null
+++ b/security/lsm_notifier.c
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * LSM notifier functions
+ *
+ */
+
+#include <linux/notifier.h>
+#include <linux/security.h>
+
+static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
+
+int call_blocking_lsm_notifier(enum lsm_event event, void *data)
+{
+ return blocking_notifier_call_chain(&blocking_lsm_notifier_chain,
+ event, data);
+}
+EXPORT_SYMBOL(call_blocking_lsm_notifier);
+
+int register_blocking_lsm_notifier(struct notifier_block *nb)
+{
+ return blocking_notifier_chain_register(&blocking_lsm_notifier_chain,
+ nb);
+}
+EXPORT_SYMBOL(register_blocking_lsm_notifier);
+
+int unregister_blocking_lsm_notifier(struct notifier_block *nb)
+{
+ return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain,
+ nb);
+}
+EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
diff --git a/security/security.c b/security/security.c
index 4d3c03a4524c..667479c2e82f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -90,8 +90,6 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
};
-static BLOCKING_NOTIFIER_HEAD(blocking_lsm_notifier_chain);
-
static struct kmem_cache *lsm_file_cache;
static struct kmem_cache *lsm_inode_cache;
@@ -649,27 +647,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
}
}
-int call_blocking_lsm_notifier(enum lsm_event event, void *data)
-{
- return blocking_notifier_call_chain(&blocking_lsm_notifier_chain,
- event, data);
-}
-EXPORT_SYMBOL(call_blocking_lsm_notifier);
-
-int register_blocking_lsm_notifier(struct notifier_block *nb)
-{
- return blocking_notifier_chain_register(&blocking_lsm_notifier_chain,
- nb);
-}
-EXPORT_SYMBOL(register_blocking_lsm_notifier);
-
-int unregister_blocking_lsm_notifier(struct notifier_block *nb)
-{
- return blocking_notifier_chain_unregister(&blocking_lsm_notifier_chain,
- nb);
-}
-EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
-
/**
* lsm_blob_alloc - allocate a composite blob
* @dest: the destination for the blob
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 02/34] lsm: split the init code out into lsm_init.c
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
2025-10-17 20:24 ` [PATCH v5 01/34] lsm: split the notifier code out into lsm_notifier.c Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() Paul Moore
` (22 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Continue to pull code out of security/security.c to help improve
readability by pulling all of the LSM framework initialization
code out into a new file.
No code changes.
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
include/linux/lsm_hooks.h | 3 +-
security/Makefile | 2 +-
security/lsm.h | 22 ++
security/lsm_init.c | 543 ++++++++++++++++++++++++++++++++++
security/security.c | 597 +++-----------------------------------
5 files changed, 601 insertions(+), 566 deletions(-)
create mode 100644 security/lsm.h
create mode 100644 security/lsm_init.c
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 79ec5a2bdcca..0112926ed923 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -170,11 +170,10 @@ struct lsm_info {
__used __section(".early_lsm_info.init") \
__aligned(sizeof(unsigned long))
+
/* DO NOT tamper with these variables outside of the LSM framework */
extern char *lsm_names;
extern struct lsm_static_calls_table static_calls_table __ro_after_init;
-extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
-extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
/**
* lsm_get_xattr_slot - Return the next available slot and increment the index
diff --git a/security/Makefile b/security/Makefile
index 14d87847bce8..4601230ba442 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -11,7 +11,7 @@ obj-$(CONFIG_SECURITY) += lsm_syscalls.o
obj-$(CONFIG_MMU) += min_addr.o
# Object file lists
-obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o
+obj-$(CONFIG_SECURITY) += security.o lsm_notifier.o lsm_init.o
obj-$(CONFIG_SECURITYFS) += inode.o
obj-$(CONFIG_SECURITY_SELINUX) += selinux/
obj-$(CONFIG_SECURITY_SMACK) += smack/
diff --git a/security/lsm.h b/security/lsm.h
new file mode 100644
index 000000000000..0e1731bad4a7
--- /dev/null
+++ b/security/lsm.h
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * LSM functions
+ */
+
+#ifndef _LSM_H_
+#define _LSM_H_
+
+#include <linux/lsm_hooks.h>
+
+/* LSM blob configuration */
+extern struct lsm_blob_sizes blob_sizes;
+
+/* LSM blob caches */
+extern struct kmem_cache *lsm_file_cache;
+extern struct kmem_cache *lsm_inode_cache;
+
+/* LSM blob allocators */
+int lsm_cred_alloc(struct cred *cred, gfp_t gfp);
+int lsm_task_alloc(struct task_struct *task);
+
+#endif /* _LSM_H_ */
diff --git a/security/lsm_init.c b/security/lsm_init.c
new file mode 100644
index 000000000000..124213b906af
--- /dev/null
+++ b/security/lsm_init.c
@@ -0,0 +1,543 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * LSM initialization functions
+ */
+
+#define pr_fmt(fmt) "LSM: " fmt
+
+#include <linux/init.h>
+#include <linux/lsm_hooks.h>
+
+#include "lsm.h"
+
+char *lsm_names;
+
+/* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */
+extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
+extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
+
+/* Boot-time LSM user choice */
+static __initconst const char *const builtin_lsm_order = CONFIG_LSM;
+static __initdata const char *chosen_lsm_order;
+static __initdata const char *chosen_major_lsm;
+
+/* Ordered list of LSMs to initialize. */
+static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + 1];
+static __initdata struct lsm_info *exclusive;
+
+static __initdata bool debug;
+#define init_debug(...) \
+ do { \
+ if (debug) \
+ pr_info(__VA_ARGS__); \
+ } while (0)
+
+static int lsm_append(const char *new, char **result);
+
+/* Save user chosen LSM */
+static int __init choose_major_lsm(char *str)
+{
+ chosen_major_lsm = str;
+ return 1;
+}
+__setup("security=", choose_major_lsm);
+
+/* Explicitly choose LSM initialization order. */
+static int __init choose_lsm_order(char *str)
+{
+ chosen_lsm_order = str;
+ return 1;
+}
+__setup("lsm=", choose_lsm_order);
+
+/* Enable LSM order debugging. */
+static int __init enable_debug(char *str)
+{
+ debug = true;
+ return 1;
+}
+__setup("lsm.debug", enable_debug);
+
+/* Mark an LSM's enabled flag. */
+static int lsm_enabled_true __initdata = 1;
+static int lsm_enabled_false __initdata = 0;
+static void __init set_enabled(struct lsm_info *lsm, bool enabled)
+{
+ /*
+ * When an LSM hasn't configured an enable variable, we can use
+ * a hard-coded location for storing the default enabled state.
+ */
+ if (!lsm->enabled) {
+ if (enabled)
+ lsm->enabled = &lsm_enabled_true;
+ else
+ lsm->enabled = &lsm_enabled_false;
+ } else if (lsm->enabled == &lsm_enabled_true) {
+ if (!enabled)
+ lsm->enabled = &lsm_enabled_false;
+ } else if (lsm->enabled == &lsm_enabled_false) {
+ if (enabled)
+ lsm->enabled = &lsm_enabled_true;
+ } else {
+ *lsm->enabled = enabled;
+ }
+}
+
+static inline bool is_enabled(struct lsm_info *lsm)
+{
+ if (!lsm->enabled)
+ return false;
+
+ return *lsm->enabled;
+}
+
+/* Is an LSM already listed in the ordered LSMs list? */
+static bool __init exists_ordered_lsm(struct lsm_info *lsm)
+{
+ struct lsm_info **check;
+
+ for (check = ordered_lsms; *check; check++)
+ if (*check == lsm)
+ return true;
+
+ return false;
+}
+
+/* Append an LSM to the list of ordered LSMs to initialize. */
+static int last_lsm __initdata;
+static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
+{
+ /* Ignore duplicate selections. */
+ if (exists_ordered_lsm(lsm))
+ return;
+
+ if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from))
+ return;
+
+ /* Enable this LSM, if it is not already set. */
+ if (!lsm->enabled)
+ lsm->enabled = &lsm_enabled_true;
+ ordered_lsms[last_lsm++] = lsm;
+
+ init_debug("%s ordered: %s (%s)\n", from, lsm->name,
+ is_enabled(lsm) ? "enabled" : "disabled");
+}
+
+/* Is an LSM allowed to be initialized? */
+static bool __init lsm_allowed(struct lsm_info *lsm)
+{
+ /* Skip if the LSM is disabled. */
+ if (!is_enabled(lsm))
+ return false;
+
+ /* Not allowed if another exclusive LSM already initialized. */
+ if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
+ init_debug("exclusive disabled: %s\n", lsm->name);
+ return false;
+ }
+
+ return true;
+}
+
+static void __init lsm_set_blob_size(int *need, int *lbs)
+{
+ int offset;
+
+ if (*need <= 0)
+ return;
+
+ offset = ALIGN(*lbs, sizeof(void *));
+ *lbs = offset + *need;
+ *need = offset;
+}
+
+static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
+{
+ if (!needed)
+ return;
+
+ lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
+ lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);
+ lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib);
+ /*
+ * The inode blob gets an rcu_head in addition to
+ * what the modules might need.
+ */
+ if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
+ blob_sizes.lbs_inode = sizeof(struct rcu_head);
+ lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
+ lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
+ lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
+ lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
+ lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event);
+ lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
+ lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
+ lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
+ lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
+ lsm_set_blob_size(&needed->lbs_xattr_count,
+ &blob_sizes.lbs_xattr_count);
+ lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev);
+ lsm_set_blob_size(&needed->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
+ lsm_set_blob_size(&needed->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
+ lsm_set_blob_size(&needed->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
+}
+
+/* Prepare LSM for initialization. */
+static void __init prepare_lsm(struct lsm_info *lsm)
+{
+ int enabled = lsm_allowed(lsm);
+
+ /* Record enablement (to handle any following exclusive LSMs). */
+ set_enabled(lsm, enabled);
+
+ /* If enabled, do pre-initialization work. */
+ if (enabled) {
+ if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
+ exclusive = lsm;
+ init_debug("exclusive chosen: %s\n", lsm->name);
+ }
+
+ lsm_set_blob_sizes(lsm->blobs);
+ }
+}
+
+/* Initialize a given LSM, if it is enabled. */
+static void __init initialize_lsm(struct lsm_info *lsm)
+{
+ if (is_enabled(lsm)) {
+ int ret;
+
+ init_debug("initializing %s\n", lsm->name);
+ ret = lsm->init();
+ WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
+ }
+}
+
+/*
+ * Current index to use while initializing the lsm id list.
+ */
+u32 lsm_active_cnt __ro_after_init;
+const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
+
+/* Populate ordered LSMs list from comma-separated LSM name list. */
+static void __init ordered_lsm_parse(const char *order, const char *origin)
+{
+ struct lsm_info *lsm;
+ char *sep, *name, *next;
+
+ /* LSM_ORDER_FIRST is always first. */
+ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ if (lsm->order == LSM_ORDER_FIRST)
+ append_ordered_lsm(lsm, " first");
+ }
+
+ /* Process "security=", if given. */
+ if (chosen_major_lsm) {
+ struct lsm_info *major;
+
+ /*
+ * To match the original "security=" behavior, this
+ * explicitly does NOT fallback to another Legacy Major
+ * if the selected one was separately disabled: disable
+ * all non-matching Legacy Major LSMs.
+ */
+ for (major = __start_lsm_info; major < __end_lsm_info;
+ major++) {
+ if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
+ strcmp(major->name, chosen_major_lsm) != 0) {
+ set_enabled(major, false);
+ init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
+ chosen_major_lsm, major->name);
+ }
+ }
+ }
+
+ sep = kstrdup(order, GFP_KERNEL);
+ next = sep;
+ /* Walk the list, looking for matching LSMs. */
+ while ((name = strsep(&next, ",")) != NULL) {
+ bool found = false;
+
+ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ if (strcmp(lsm->name, name) == 0) {
+ if (lsm->order == LSM_ORDER_MUTABLE)
+ append_ordered_lsm(lsm, origin);
+ found = true;
+ }
+ }
+
+ if (!found)
+ init_debug("%s ignored: %s (not built into kernel)\n",
+ origin, name);
+ }
+
+ /* Process "security=", if given. */
+ if (chosen_major_lsm) {
+ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ if (exists_ordered_lsm(lsm))
+ continue;
+ if (strcmp(lsm->name, chosen_major_lsm) == 0)
+ append_ordered_lsm(lsm, "security=");
+ }
+ }
+
+ /* LSM_ORDER_LAST is always last. */
+ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ if (lsm->order == LSM_ORDER_LAST)
+ append_ordered_lsm(lsm, " last");
+ }
+
+ /* Disable all LSMs not in the ordered list. */
+ for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ if (exists_ordered_lsm(lsm))
+ continue;
+ set_enabled(lsm, false);
+ init_debug("%s skipped: %s (not in requested order)\n",
+ origin, lsm->name);
+ }
+
+ kfree(sep);
+}
+
+static void __init report_lsm_order(void)
+{
+ struct lsm_info **lsm, *early;
+ int first = 0;
+
+ pr_info("initializing lsm=");
+
+ /* Report each enabled LSM name, comma separated. */
+ for (early = __start_early_lsm_info;
+ early < __end_early_lsm_info; early++)
+ if (is_enabled(early))
+ pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
+ for (lsm = ordered_lsms; *lsm; lsm++)
+ if (is_enabled(*lsm))
+ pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
+
+ pr_cont("\n");
+}
+
+/**
+ * lsm_early_cred - during initialization allocate a composite cred blob
+ * @cred: the cred that needs a blob
+ *
+ * Allocate the cred blob for all the modules
+ */
+static void __init lsm_early_cred(struct cred *cred)
+{
+ int rc = lsm_cred_alloc(cred, GFP_KERNEL);
+
+ if (rc)
+ panic("%s: Early cred alloc failed.\n", __func__);
+}
+
+/**
+ * lsm_early_task - during initialization allocate a composite task blob
+ * @task: the task that needs a blob
+ *
+ * Allocate the task blob for all the modules
+ */
+static void __init lsm_early_task(struct task_struct *task)
+{
+ int rc = lsm_task_alloc(task);
+
+ if (rc)
+ panic("%s: Early task alloc failed.\n", __func__);
+}
+
+static void __init ordered_lsm_init(void)
+{
+ struct lsm_info **lsm;
+
+ if (chosen_lsm_order) {
+ if (chosen_major_lsm) {
+ pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
+ chosen_major_lsm, chosen_lsm_order);
+ chosen_major_lsm = NULL;
+ }
+ ordered_lsm_parse(chosen_lsm_order, "cmdline");
+ } else
+ ordered_lsm_parse(builtin_lsm_order, "builtin");
+
+ for (lsm = ordered_lsms; *lsm; lsm++)
+ prepare_lsm(*lsm);
+
+ report_lsm_order();
+
+ init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
+ init_debug("file blob size = %d\n", blob_sizes.lbs_file);
+ init_debug("ib blob size = %d\n", blob_sizes.lbs_ib);
+ init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
+ init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc);
+#ifdef CONFIG_KEYS
+ init_debug("key blob size = %d\n", blob_sizes.lbs_key);
+#endif /* CONFIG_KEYS */
+ init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
+ init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
+ init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
+ init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event);
+ init_debug("task blob size = %d\n", blob_sizes.lbs_task);
+ init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev);
+ init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
+ init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev);
+ init_debug("bpf map blob size = %d\n", blob_sizes.lbs_bpf_map);
+ init_debug("bpf prog blob size = %d\n", blob_sizes.lbs_bpf_prog);
+ init_debug("bpf token blob size = %d\n", blob_sizes.lbs_bpf_token);
+
+ /*
+ * Create any kmem_caches needed for blobs
+ */
+ if (blob_sizes.lbs_file)
+ lsm_file_cache = kmem_cache_create("lsm_file_cache",
+ blob_sizes.lbs_file, 0,
+ SLAB_PANIC, NULL);
+ if (blob_sizes.lbs_inode)
+ lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
+ blob_sizes.lbs_inode, 0,
+ SLAB_PANIC, NULL);
+
+ lsm_early_cred((struct cred *) current->cred);
+ lsm_early_task(current);
+ for (lsm = ordered_lsms; *lsm; lsm++)
+ initialize_lsm(*lsm);
+}
+
+static bool match_last_lsm(const char *list, const char *lsm)
+{
+ const char *last;
+
+ if (WARN_ON(!list || !lsm))
+ return false;
+ last = strrchr(list, ',');
+ if (last)
+ /* Pass the comma, strcmp() will check for '\0' */
+ last++;
+ else
+ last = list;
+ return !strcmp(last, lsm);
+}
+
+static int lsm_append(const char *new, char **result)
+{
+ char *cp;
+
+ if (*result == NULL) {
+ *result = kstrdup(new, GFP_KERNEL);
+ if (*result == NULL)
+ return -ENOMEM;
+ } else {
+ /* Check if it is the last registered name */
+ if (match_last_lsm(*result, new))
+ return 0;
+ cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new);
+ if (cp == NULL)
+ return -ENOMEM;
+ kfree(*result);
+ *result = cp;
+ }
+ return 0;
+}
+
+static void __init lsm_static_call_init(struct security_hook_list *hl)
+{
+ struct lsm_static_call *scall = hl->scalls;
+ int i;
+
+ for (i = 0; i < MAX_LSM_COUNT; i++) {
+ /* Update the first static call that is not used yet */
+ if (!scall->hl) {
+ __static_call_update(scall->key, scall->trampoline,
+ hl->hook.lsm_func_addr);
+ scall->hl = hl;
+ static_branch_enable(scall->active);
+ return;
+ }
+ scall++;
+ }
+ panic("%s - Ran out of static slots.\n", __func__);
+}
+
+/**
+ * security_add_hooks - Add a modules hooks to the hook lists.
+ * @hooks: the hooks to add
+ * @count: the number of hooks to add
+ * @lsmid: the identification information for the security module
+ *
+ * Each LSM has to register its hooks with the infrastructure.
+ */
+void __init security_add_hooks(struct security_hook_list *hooks, int count,
+ const struct lsm_id *lsmid)
+{
+ int i;
+
+ /*
+ * A security module may call security_add_hooks() more
+ * than once during initialization, and LSM initialization
+ * is serialized. Landlock is one such case.
+ * Look at the previous entry, if there is one, for duplication.
+ */
+ if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) {
+ if (lsm_active_cnt >= MAX_LSM_COUNT)
+ panic("%s Too many LSMs registered.\n", __func__);
+ lsm_idlist[lsm_active_cnt++] = lsmid;
+ }
+
+ for (i = 0; i < count; i++) {
+ hooks[i].lsmid = lsmid;
+ lsm_static_call_init(&hooks[i]);
+ }
+
+ /*
+ * Don't try to append during early_security_init(), we'll come back
+ * and fix this up afterwards.
+ */
+ if (slab_is_available()) {
+ if (lsm_append(lsmid->name, &lsm_names) < 0)
+ panic("%s - Cannot get early memory.\n", __func__);
+ }
+}
+
+int __init early_security_init(void)
+{
+ struct lsm_info *lsm;
+
+ for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
+ if (!lsm->enabled)
+ lsm->enabled = &lsm_enabled_true;
+ prepare_lsm(lsm);
+ initialize_lsm(lsm);
+ }
+
+ return 0;
+}
+
+/**
+ * security_init - initializes the security framework
+ *
+ * This should be called early in the kernel initialization sequence.
+ */
+int __init security_init(void)
+{
+ struct lsm_info *lsm;
+
+ init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*");
+ init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order);
+ init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*");
+
+ /*
+ * Append the names of the early LSM modules now that kmalloc() is
+ * available
+ */
+ for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
+ init_debug(" early started: %s (%s)\n", lsm->name,
+ is_enabled(lsm) ? "enabled" : "disabled");
+ if (lsm->enabled)
+ lsm_append(lsm->name, &lsm_names);
+ }
+
+ /* Load LSMs in specified order. */
+ ordered_lsm_init();
+
+ return 0;
+}
diff --git a/security/security.c b/security/security.c
index 667479c2e82f..dc9734f0d45c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -32,24 +32,7 @@
#include <net/flow.h>
#include <net/sock.h>
-#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX
-
-/*
- * Identifier for the LSM static calls.
- * HOOK is an LSM hook as defined in linux/lsm_hookdefs.h
- * IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT
- */
-#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX
-
-/*
- * Call the macro M for each LSM hook MAX_LSM_COUNT times.
- */
-#define LSM_LOOP_UNROLL(M, ...) \
-do { \
- UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \
-} while (0)
-
-#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__)
+#include "lsm.h"
/*
* These are descriptions of the reasons that can be passed to the
@@ -90,21 +73,29 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
};
-static struct kmem_cache *lsm_file_cache;
-static struct kmem_cache *lsm_inode_cache;
+struct lsm_blob_sizes blob_sizes;
-char *lsm_names;
-static struct lsm_blob_sizes blob_sizes __ro_after_init;
+struct kmem_cache *lsm_file_cache;
+struct kmem_cache *lsm_inode_cache;
-/* Boot-time LSM user choice */
-static __initdata const char *chosen_lsm_order;
-static __initdata const char *chosen_major_lsm;
+#define SECURITY_HOOK_ACTIVE_KEY(HOOK, IDX) security_hook_active_##HOOK##_##IDX
-static __initconst const char *const builtin_lsm_order = CONFIG_LSM;
+/*
+ * Identifier for the LSM static calls.
+ * HOOK is an LSM hook as defined in linux/lsm_hookdefs.h
+ * IDX is the index of the static call. 0 <= NUM < MAX_LSM_COUNT
+ */
+#define LSM_STATIC_CALL(HOOK, IDX) lsm_static_call_##HOOK##_##IDX
-/* Ordered list of LSMs to initialize. */
-static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + 1];
-static __initdata struct lsm_info *exclusive;
+/*
+ * Call the macro M for each LSM hook MAX_LSM_COUNT times.
+ */
+#define LSM_LOOP_UNROLL(M, ...) \
+do { \
+ UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__) \
+} while (0)
+
+#define LSM_DEFINE_UNROLL(M, ...) UNROLL(MAX_LSM_COUNT, M, __VA_ARGS__)
#ifdef CONFIG_HAVE_STATIC_CALL
#define LSM_HOOK_TRAMP(NAME, NUM) \
@@ -155,496 +146,25 @@ struct lsm_static_calls_table
#undef INIT_LSM_STATIC_CALL
};
-static __initdata bool debug;
-#define init_debug(...) \
- do { \
- if (debug) \
- pr_info(__VA_ARGS__); \
- } while (0)
-
-static bool __init is_enabled(struct lsm_info *lsm)
-{
- if (!lsm->enabled)
- return false;
-
- return *lsm->enabled;
-}
-
-/* Mark an LSM's enabled flag. */
-static int lsm_enabled_true __initdata = 1;
-static int lsm_enabled_false __initdata = 0;
-static void __init set_enabled(struct lsm_info *lsm, bool enabled)
-{
- /*
- * When an LSM hasn't configured an enable variable, we can use
- * a hard-coded location for storing the default enabled state.
- */
- if (!lsm->enabled) {
- if (enabled)
- lsm->enabled = &lsm_enabled_true;
- else
- lsm->enabled = &lsm_enabled_false;
- } else if (lsm->enabled == &lsm_enabled_true) {
- if (!enabled)
- lsm->enabled = &lsm_enabled_false;
- } else if (lsm->enabled == &lsm_enabled_false) {
- if (enabled)
- lsm->enabled = &lsm_enabled_true;
- } else {
- *lsm->enabled = enabled;
- }
-}
-
-/* Is an LSM already listed in the ordered LSMs list? */
-static bool __init exists_ordered_lsm(struct lsm_info *lsm)
-{
- struct lsm_info **check;
-
- for (check = ordered_lsms; *check; check++)
- if (*check == lsm)
- return true;
-
- return false;
-}
-
-/* Append an LSM to the list of ordered LSMs to initialize. */
-static int last_lsm __initdata;
-static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
-{
- /* Ignore duplicate selections. */
- if (exists_ordered_lsm(lsm))
- return;
-
- if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from))
- return;
-
- /* Enable this LSM, if it is not already set. */
- if (!lsm->enabled)
- lsm->enabled = &lsm_enabled_true;
- ordered_lsms[last_lsm++] = lsm;
-
- init_debug("%s ordered: %s (%s)\n", from, lsm->name,
- is_enabled(lsm) ? "enabled" : "disabled");
-}
-
-/* Is an LSM allowed to be initialized? */
-static bool __init lsm_allowed(struct lsm_info *lsm)
-{
- /* Skip if the LSM is disabled. */
- if (!is_enabled(lsm))
- return false;
-
- /* Not allowed if another exclusive LSM already initialized. */
- if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
- init_debug("exclusive disabled: %s\n", lsm->name);
- return false;
- }
-
- return true;
-}
-
-static void __init lsm_set_blob_size(int *need, int *lbs)
-{
- int offset;
-
- if (*need <= 0)
- return;
-
- offset = ALIGN(*lbs, sizeof(void *));
- *lbs = offset + *need;
- *need = offset;
-}
-
-static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
-{
- if (!needed)
- return;
-
- lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
- lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);
- lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib);
- /*
- * The inode blob gets an rcu_head in addition to
- * what the modules might need.
- */
- if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
- blob_sizes.lbs_inode = sizeof(struct rcu_head);
- lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
- lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
- lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
- lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
- lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event);
- lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
- lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
- lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
- lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
- lsm_set_blob_size(&needed->lbs_xattr_count,
- &blob_sizes.lbs_xattr_count);
- lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev);
- lsm_set_blob_size(&needed->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
- lsm_set_blob_size(&needed->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
- lsm_set_blob_size(&needed->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
-}
-
-/* Prepare LSM for initialization. */
-static void __init prepare_lsm(struct lsm_info *lsm)
-{
- int enabled = lsm_allowed(lsm);
-
- /* Record enablement (to handle any following exclusive LSMs). */
- set_enabled(lsm, enabled);
-
- /* If enabled, do pre-initialization work. */
- if (enabled) {
- if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
- exclusive = lsm;
- init_debug("exclusive chosen: %s\n", lsm->name);
- }
-
- lsm_set_blob_sizes(lsm->blobs);
- }
-}
-
-/* Initialize a given LSM, if it is enabled. */
-static void __init initialize_lsm(struct lsm_info *lsm)
-{
- if (is_enabled(lsm)) {
- int ret;
-
- init_debug("initializing %s\n", lsm->name);
- ret = lsm->init();
- WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
- }
-}
-
-/*
- * Current index to use while initializing the lsm id list.
- */
-u32 lsm_active_cnt __ro_after_init;
-const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
-
-/* Populate ordered LSMs list from comma-separated LSM name list. */
-static void __init ordered_lsm_parse(const char *order, const char *origin)
-{
- struct lsm_info *lsm;
- char *sep, *name, *next;
-
- /* LSM_ORDER_FIRST is always first. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if (lsm->order == LSM_ORDER_FIRST)
- append_ordered_lsm(lsm, " first");
- }
-
- /* Process "security=", if given. */
- if (chosen_major_lsm) {
- struct lsm_info *major;
-
- /*
- * To match the original "security=" behavior, this
- * explicitly does NOT fallback to another Legacy Major
- * if the selected one was separately disabled: disable
- * all non-matching Legacy Major LSMs.
- */
- for (major = __start_lsm_info; major < __end_lsm_info;
- major++) {
- if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
- strcmp(major->name, chosen_major_lsm) != 0) {
- set_enabled(major, false);
- init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
- chosen_major_lsm, major->name);
- }
- }
- }
-
- sep = kstrdup(order, GFP_KERNEL);
- next = sep;
- /* Walk the list, looking for matching LSMs. */
- while ((name = strsep(&next, ",")) != NULL) {
- bool found = false;
-
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if (strcmp(lsm->name, name) == 0) {
- if (lsm->order == LSM_ORDER_MUTABLE)
- append_ordered_lsm(lsm, origin);
- found = true;
- }
- }
-
- if (!found)
- init_debug("%s ignored: %s (not built into kernel)\n",
- origin, name);
- }
-
- /* Process "security=", if given. */
- if (chosen_major_lsm) {
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if (exists_ordered_lsm(lsm))
- continue;
- if (strcmp(lsm->name, chosen_major_lsm) == 0)
- append_ordered_lsm(lsm, "security=");
- }
- }
-
- /* LSM_ORDER_LAST is always last. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if (lsm->order == LSM_ORDER_LAST)
- append_ordered_lsm(lsm, " last");
- }
-
- /* Disable all LSMs not in the ordered list. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
- if (exists_ordered_lsm(lsm))
- continue;
- set_enabled(lsm, false);
- init_debug("%s skipped: %s (not in requested order)\n",
- origin, lsm->name);
- }
-
- kfree(sep);
-}
-
-static void __init lsm_static_call_init(struct security_hook_list *hl)
-{
- struct lsm_static_call *scall = hl->scalls;
- int i;
-
- for (i = 0; i < MAX_LSM_COUNT; i++) {
- /* Update the first static call that is not used yet */
- if (!scall->hl) {
- __static_call_update(scall->key, scall->trampoline,
- hl->hook.lsm_func_addr);
- scall->hl = hl;
- static_branch_enable(scall->active);
- return;
- }
- scall++;
- }
- panic("%s - Ran out of static slots.\n", __func__);
-}
-
-static void __init lsm_early_cred(struct cred *cred);
-static void __init lsm_early_task(struct task_struct *task);
-
-static int lsm_append(const char *new, char **result);
-
-static void __init report_lsm_order(void)
-{
- struct lsm_info **lsm, *early;
- int first = 0;
-
- pr_info("initializing lsm=");
-
- /* Report each enabled LSM name, comma separated. */
- for (early = __start_early_lsm_info;
- early < __end_early_lsm_info; early++)
- if (is_enabled(early))
- pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
- for (lsm = ordered_lsms; *lsm; lsm++)
- if (is_enabled(*lsm))
- pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
-
- pr_cont("\n");
-}
-
-static void __init ordered_lsm_init(void)
-{
- struct lsm_info **lsm;
-
- if (chosen_lsm_order) {
- if (chosen_major_lsm) {
- pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
- chosen_major_lsm, chosen_lsm_order);
- chosen_major_lsm = NULL;
- }
- ordered_lsm_parse(chosen_lsm_order, "cmdline");
- } else
- ordered_lsm_parse(builtin_lsm_order, "builtin");
-
- for (lsm = ordered_lsms; *lsm; lsm++)
- prepare_lsm(*lsm);
-
- report_lsm_order();
-
- init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
- init_debug("file blob size = %d\n", blob_sizes.lbs_file);
- init_debug("ib blob size = %d\n", blob_sizes.lbs_ib);
- init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
- init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc);
-#ifdef CONFIG_KEYS
- init_debug("key blob size = %d\n", blob_sizes.lbs_key);
-#endif /* CONFIG_KEYS */
- init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
- init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
- init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
- init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event);
- init_debug("task blob size = %d\n", blob_sizes.lbs_task);
- init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev);
- init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
- init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev);
- init_debug("bpf map blob size = %d\n", blob_sizes.lbs_bpf_map);
- init_debug("bpf prog blob size = %d\n", blob_sizes.lbs_bpf_prog);
- init_debug("bpf token blob size = %d\n", blob_sizes.lbs_bpf_token);
-
- /*
- * Create any kmem_caches needed for blobs
- */
- if (blob_sizes.lbs_file)
- lsm_file_cache = kmem_cache_create("lsm_file_cache",
- blob_sizes.lbs_file, 0,
- SLAB_PANIC, NULL);
- if (blob_sizes.lbs_inode)
- lsm_inode_cache = kmem_cache_create("lsm_inode_cache",
- blob_sizes.lbs_inode, 0,
- SLAB_PANIC, NULL);
-
- lsm_early_cred((struct cred *) current->cred);
- lsm_early_task(current);
- for (lsm = ordered_lsms; *lsm; lsm++)
- initialize_lsm(*lsm);
-}
-
-int __init early_security_init(void)
-{
- struct lsm_info *lsm;
-
- for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
- if (!lsm->enabled)
- lsm->enabled = &lsm_enabled_true;
- prepare_lsm(lsm);
- initialize_lsm(lsm);
- }
-
- return 0;
-}
-
/**
- * security_init - initializes the security framework
+ * lsm_file_alloc - allocate a composite file blob
+ * @file: the file that needs a blob
*
- * This should be called early in the kernel initialization sequence.
- */
-int __init security_init(void)
-{
- struct lsm_info *lsm;
-
- init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*");
- init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order);
- init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*");
-
- /*
- * Append the names of the early LSM modules now that kmalloc() is
- * available
- */
- for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
- init_debug(" early started: %s (%s)\n", lsm->name,
- is_enabled(lsm) ? "enabled" : "disabled");
- if (lsm->enabled)
- lsm_append(lsm->name, &lsm_names);
- }
-
- /* Load LSMs in specified order. */
- ordered_lsm_init();
-
- return 0;
-}
-
-/* Save user chosen LSM */
-static int __init choose_major_lsm(char *str)
-{
- chosen_major_lsm = str;
- return 1;
-}
-__setup("security=", choose_major_lsm);
-
-/* Explicitly choose LSM initialization order. */
-static int __init choose_lsm_order(char *str)
-{
- chosen_lsm_order = str;
- return 1;
-}
-__setup("lsm=", choose_lsm_order);
-
-/* Enable LSM order debugging. */
-static int __init enable_debug(char *str)
-{
- debug = true;
- return 1;
-}
-__setup("lsm.debug", enable_debug);
-
-static bool match_last_lsm(const char *list, const char *lsm)
-{
- const char *last;
-
- if (WARN_ON(!list || !lsm))
- return false;
- last = strrchr(list, ',');
- if (last)
- /* Pass the comma, strcmp() will check for '\0' */
- last++;
- else
- last = list;
- return !strcmp(last, lsm);
-}
-
-static int lsm_append(const char *new, char **result)
-{
- char *cp;
-
- if (*result == NULL) {
- *result = kstrdup(new, GFP_KERNEL);
- if (*result == NULL)
- return -ENOMEM;
- } else {
- /* Check if it is the last registered name */
- if (match_last_lsm(*result, new))
- return 0;
- cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new);
- if (cp == NULL)
- return -ENOMEM;
- kfree(*result);
- *result = cp;
- }
- return 0;
-}
-
-/**
- * security_add_hooks - Add a modules hooks to the hook lists.
- * @hooks: the hooks to add
- * @count: the number of hooks to add
- * @lsmid: the identification information for the security module
+ * Allocate the file blob for all the modules
*
- * Each LSM has to register its hooks with the infrastructure.
+ * Returns 0, or -ENOMEM if memory can't be allocated.
*/
-void __init security_add_hooks(struct security_hook_list *hooks, int count,
- const struct lsm_id *lsmid)
+static int lsm_file_alloc(struct file *file)
{
- int i;
-
- /*
- * A security module may call security_add_hooks() more
- * than once during initialization, and LSM initialization
- * is serialized. Landlock is one such case.
- * Look at the previous entry, if there is one, for duplication.
- */
- if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) {
- if (lsm_active_cnt >= MAX_LSM_COUNT)
- panic("%s Too many LSMs registered.\n", __func__);
- lsm_idlist[lsm_active_cnt++] = lsmid;
+ if (!lsm_file_cache) {
+ file->f_security = NULL;
+ return 0;
}
- for (i = 0; i < count; i++) {
- hooks[i].lsmid = lsmid;
- lsm_static_call_init(&hooks[i]);
- }
-
- /*
- * Don't try to append during early_security_init(), we'll come back
- * and fix this up afterwards.
- */
- if (slab_is_available()) {
- if (lsm_append(lsmid->name, &lsm_names) < 0)
- panic("%s - Cannot get early memory.\n", __func__);
- }
+ file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
+ if (file->f_security == NULL)
+ return -ENOMEM;
+ return 0;
}
/**
@@ -679,46 +199,11 @@ static int lsm_blob_alloc(void **dest, size_t size, gfp_t gfp)
*
* Returns 0, or -ENOMEM if memory can't be allocated.
*/
-static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
+int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
{
return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp);
}
-/**
- * lsm_early_cred - during initialization allocate a composite cred blob
- * @cred: the cred that needs a blob
- *
- * Allocate the cred blob for all the modules
- */
-static void __init lsm_early_cred(struct cred *cred)
-{
- int rc = lsm_cred_alloc(cred, GFP_KERNEL);
-
- if (rc)
- panic("%s: Early cred alloc failed.\n", __func__);
-}
-
-/**
- * lsm_file_alloc - allocate a composite file blob
- * @file: the file that needs a blob
- *
- * Allocate the file blob for all the modules
- *
- * Returns 0, or -ENOMEM if memory can't be allocated.
- */
-static int lsm_file_alloc(struct file *file)
-{
- if (!lsm_file_cache) {
- file->f_security = NULL;
- return 0;
- }
-
- file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
- if (file->f_security == NULL)
- return -ENOMEM;
- return 0;
-}
-
/**
* lsm_inode_alloc - allocate a composite inode blob
* @inode: the inode that needs a blob
@@ -749,7 +234,7 @@ static int lsm_inode_alloc(struct inode *inode, gfp_t gfp)
*
* Returns 0, or -ENOMEM if memory can't be allocated.
*/
-static int lsm_task_alloc(struct task_struct *task)
+int lsm_task_alloc(struct task_struct *task)
{
return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL);
}
@@ -851,20 +336,6 @@ static int lsm_bpf_token_alloc(struct bpf_token *token)
}
#endif /* CONFIG_BPF_SYSCALL */
-/**
- * lsm_early_task - during initialization allocate a composite task blob
- * @task: the task that needs a blob
- *
- * Allocate the task blob for all the modules
- */
-static void __init lsm_early_task(struct task_struct *task)
-{
- int rc = lsm_task_alloc(task);
-
- if (rc)
- panic("%s: Early task alloc failed.\n", __func__);
-}
-
/**
* lsm_superblock_alloc - allocate a composite superblock blob
* @sb: the superblock that needs a blob
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare()
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
2025-10-17 20:24 ` [PATCH v5 01/34] lsm: split the notifier code out into lsm_notifier.c Paul Moore
2025-10-17 20:24 ` [PATCH v5 02/34] lsm: split the init code out into lsm_init.c Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 04/34] lsm: introduce looping macros for the initialization code Paul Moore
` (21 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Simplify and consolidate the lsm_allowed() and prepare_lsm() functions
into a new function, lsm_prepare().
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 109 +++++++++++++++++++-------------------------
1 file changed, 46 insertions(+), 63 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 124213b906af..6f40ab1d2f54 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -123,22 +123,6 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
is_enabled(lsm) ? "enabled" : "disabled");
}
-/* Is an LSM allowed to be initialized? */
-static bool __init lsm_allowed(struct lsm_info *lsm)
-{
- /* Skip if the LSM is disabled. */
- if (!is_enabled(lsm))
- return false;
-
- /* Not allowed if another exclusive LSM already initialized. */
- if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
- init_debug("exclusive disabled: %s\n", lsm->name);
- return false;
- }
-
- return true;
-}
-
static void __init lsm_set_blob_size(int *need, int *lbs)
{
int offset;
@@ -151,54 +135,53 @@ static void __init lsm_set_blob_size(int *need, int *lbs)
*need = offset;
}
-static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
+/**
+ * lsm_prepare - Prepare the LSM framework for a new LSM
+ * @lsm: LSM definition
+ */
+static void __init lsm_prepare(struct lsm_info *lsm)
{
- if (!needed)
+ struct lsm_blob_sizes *blobs;
+
+ if (!is_enabled(lsm)) {
+ set_enabled(lsm, false);
+ return;
+ } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
+ init_debug("exclusive disabled: %s\n", lsm->name);
+ set_enabled(lsm, false);
return;
-
- lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
- lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);
- lsm_set_blob_size(&needed->lbs_ib, &blob_sizes.lbs_ib);
- /*
- * The inode blob gets an rcu_head in addition to
- * what the modules might need.
- */
- if (needed->lbs_inode && blob_sizes.lbs_inode == 0)
- blob_sizes.lbs_inode = sizeof(struct rcu_head);
- lsm_set_blob_size(&needed->lbs_inode, &blob_sizes.lbs_inode);
- lsm_set_blob_size(&needed->lbs_ipc, &blob_sizes.lbs_ipc);
- lsm_set_blob_size(&needed->lbs_key, &blob_sizes.lbs_key);
- lsm_set_blob_size(&needed->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
- lsm_set_blob_size(&needed->lbs_perf_event, &blob_sizes.lbs_perf_event);
- lsm_set_blob_size(&needed->lbs_sock, &blob_sizes.lbs_sock);
- lsm_set_blob_size(&needed->lbs_superblock, &blob_sizes.lbs_superblock);
- lsm_set_blob_size(&needed->lbs_task, &blob_sizes.lbs_task);
- lsm_set_blob_size(&needed->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
- lsm_set_blob_size(&needed->lbs_xattr_count,
- &blob_sizes.lbs_xattr_count);
- lsm_set_blob_size(&needed->lbs_bdev, &blob_sizes.lbs_bdev);
- lsm_set_blob_size(&needed->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
- lsm_set_blob_size(&needed->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
- lsm_set_blob_size(&needed->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
-}
-
-/* Prepare LSM for initialization. */
-static void __init prepare_lsm(struct lsm_info *lsm)
-{
- int enabled = lsm_allowed(lsm);
-
- /* Record enablement (to handle any following exclusive LSMs). */
- set_enabled(lsm, enabled);
-
- /* If enabled, do pre-initialization work. */
- if (enabled) {
- if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
- exclusive = lsm;
- init_debug("exclusive chosen: %s\n", lsm->name);
- }
-
- lsm_set_blob_sizes(lsm->blobs);
}
+
+ /* Mark the LSM as enabled. */
+ set_enabled(lsm, true);
+ if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
+ init_debug("exclusive chosen: %s\n", lsm->name);
+ exclusive = lsm;
+ }
+
+ /* Register the LSM blob sizes. */
+ blobs = lsm->blobs;
+ lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
+ lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
+ lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
+ /* inode blob gets an rcu_head in addition to LSM blobs. */
+ if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
+ blob_sizes.lbs_inode = sizeof(struct rcu_head);
+ lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode);
+ lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
+ lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key);
+ lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
+ lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event);
+ lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock);
+ lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock);
+ lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task);
+ lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
+ lsm_set_blob_size(&blobs->lbs_xattr_count,
+ &blob_sizes.lbs_xattr_count);
+ lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
+ lsm_set_blob_size(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
+ lsm_set_blob_size(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
+ lsm_set_blob_size(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
}
/* Initialize a given LSM, if it is enabled. */
@@ -361,7 +344,7 @@ static void __init ordered_lsm_init(void)
ordered_lsm_parse(builtin_lsm_order, "builtin");
for (lsm = ordered_lsms; *lsm; lsm++)
- prepare_lsm(*lsm);
+ lsm_prepare(*lsm);
report_lsm_order();
@@ -505,7 +488,7 @@ int __init early_security_init(void)
for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
- prepare_lsm(lsm);
+ lsm_prepare(lsm);
initialize_lsm(lsm);
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 04/34] lsm: introduce looping macros for the initialization code
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (2 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 05/34] lsm: integrate report_lsm_order() code into caller Paul Moore
` (20 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
There are three common for loop patterns in the LSM initialization code
to loop through the ordered LSM list and the registered "early" LSMs.
This patch implements these loop patterns as macros to help simplify the
code and reduce the chance for errors.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 42 +++++++++++++++++++++++++++---------------
1 file changed, 27 insertions(+), 15 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 6f40ab1d2f54..18828a65c364 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -32,6 +32,15 @@ static __initdata bool debug;
pr_info(__VA_ARGS__); \
} while (0)
+#define lsm_order_for_each(iter) \
+ for ((iter) = ordered_lsms; *(iter); (iter)++)
+#define lsm_for_each_raw(iter) \
+ for ((iter) = __start_lsm_info; \
+ (iter) < __end_lsm_info; (iter)++)
+#define lsm_early_for_each_raw(iter) \
+ for ((iter) = __start_early_lsm_info; \
+ (iter) < __end_early_lsm_info; (iter)++)
+
static int lsm_append(const char *new, char **result);
/* Save user chosen LSM */
@@ -96,9 +105,10 @@ static bool __init exists_ordered_lsm(struct lsm_info *lsm)
{
struct lsm_info **check;
- for (check = ordered_lsms; *check; check++)
+ lsm_order_for_each(check) {
if (*check == lsm)
return true;
+ }
return false;
}
@@ -209,7 +219,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
char *sep, *name, *next;
/* LSM_ORDER_FIRST is always first. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (lsm->order == LSM_ORDER_FIRST)
append_ordered_lsm(lsm, " first");
}
@@ -224,8 +234,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
* if the selected one was separately disabled: disable
* all non-matching Legacy Major LSMs.
*/
- for (major = __start_lsm_info; major < __end_lsm_info;
- major++) {
+ lsm_for_each_raw(major) {
if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
strcmp(major->name, chosen_major_lsm) != 0) {
set_enabled(major, false);
@@ -241,7 +250,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
while ((name = strsep(&next, ",")) != NULL) {
bool found = false;
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (strcmp(lsm->name, name) == 0) {
if (lsm->order == LSM_ORDER_MUTABLE)
append_ordered_lsm(lsm, origin);
@@ -256,7 +265,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
/* Process "security=", if given. */
if (chosen_major_lsm) {
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (exists_ordered_lsm(lsm))
continue;
if (strcmp(lsm->name, chosen_major_lsm) == 0)
@@ -265,13 +274,13 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
}
/* LSM_ORDER_LAST is always last. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (lsm->order == LSM_ORDER_LAST)
append_ordered_lsm(lsm, " last");
}
/* Disable all LSMs not in the ordered list. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (exists_ordered_lsm(lsm))
continue;
set_enabled(lsm, false);
@@ -290,13 +299,14 @@ static void __init report_lsm_order(void)
pr_info("initializing lsm=");
/* Report each enabled LSM name, comma separated. */
- for (early = __start_early_lsm_info;
- early < __end_early_lsm_info; early++)
+ lsm_early_for_each_raw(early) {
if (is_enabled(early))
pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
- for (lsm = ordered_lsms; *lsm; lsm++)
+ }
+ lsm_order_for_each(lsm) {
if (is_enabled(*lsm))
pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
+ }
pr_cont("\n");
}
@@ -343,8 +353,9 @@ static void __init ordered_lsm_init(void)
} else
ordered_lsm_parse(builtin_lsm_order, "builtin");
- for (lsm = ordered_lsms; *lsm; lsm++)
+ lsm_order_for_each(lsm) {
lsm_prepare(*lsm);
+ }
report_lsm_order();
@@ -382,8 +393,9 @@ static void __init ordered_lsm_init(void)
lsm_early_cred((struct cred *) current->cred);
lsm_early_task(current);
- for (lsm = ordered_lsms; *lsm; lsm++)
+ lsm_order_for_each(lsm) {
initialize_lsm(*lsm);
+ }
}
static bool match_last_lsm(const char *list, const char *lsm)
@@ -485,7 +497,7 @@ int __init early_security_init(void)
{
struct lsm_info *lsm;
- for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
+ lsm_early_for_each_raw(lsm) {
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
lsm_prepare(lsm);
@@ -512,7 +524,7 @@ int __init security_init(void)
* Append the names of the early LSM modules now that kmalloc() is
* available
*/
- for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
+ lsm_early_for_each_raw(lsm) {
init_debug(" early started: %s (%s)\n", lsm->name,
is_enabled(lsm) ? "enabled" : "disabled");
if (lsm->enabled)
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 05/34] lsm: integrate report_lsm_order() code into caller
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (3 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 04/34] lsm: introduce looping macros for the initialization code Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() " Paul Moore
` (19 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
With only one caller of report_lsm_order(), insert the function's code
directly into the caller and ger rid of report_lsm_order().
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 33 ++++++++++++---------------------
1 file changed, 12 insertions(+), 21 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 18828a65c364..09afa7ad719e 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -291,26 +291,6 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
kfree(sep);
}
-static void __init report_lsm_order(void)
-{
- struct lsm_info **lsm, *early;
- int first = 0;
-
- pr_info("initializing lsm=");
-
- /* Report each enabled LSM name, comma separated. */
- lsm_early_for_each_raw(early) {
- if (is_enabled(early))
- pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
- }
- lsm_order_for_each(lsm) {
- if (is_enabled(*lsm))
- pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
- }
-
- pr_cont("\n");
-}
-
/**
* lsm_early_cred - during initialization allocate a composite cred blob
* @cred: the cred that needs a blob
@@ -341,7 +321,9 @@ static void __init lsm_early_task(struct task_struct *task)
static void __init ordered_lsm_init(void)
{
+ unsigned int first = 0;
struct lsm_info **lsm;
+ struct lsm_info *early;
if (chosen_lsm_order) {
if (chosen_major_lsm) {
@@ -357,7 +339,16 @@ static void __init ordered_lsm_init(void)
lsm_prepare(*lsm);
}
- report_lsm_order();
+ pr_info("initializing lsm=");
+ lsm_early_for_each_raw(early) {
+ if (is_enabled(early))
+ pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
+ }
+ lsm_order_for_each(lsm) {
+ if (is_enabled(*lsm))
+ pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
+ }
+ pr_cont("\n");
init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
init_debug("file blob size = %d\n", blob_sizes.lbs_file);
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() into caller
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (4 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 05/34] lsm: integrate report_lsm_order() code into caller Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered() Paul Moore
` (18 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
With only one caller of lsm_early_cred() and lsm_early_task(), insert
the functions' code directly into the caller and ger rid of the two
functions.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 35 +++++------------------------------
1 file changed, 5 insertions(+), 30 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 09afa7ad719e..8bb473aca113 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -291,34 +291,6 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
kfree(sep);
}
-/**
- * lsm_early_cred - during initialization allocate a composite cred blob
- * @cred: the cred that needs a blob
- *
- * Allocate the cred blob for all the modules
- */
-static void __init lsm_early_cred(struct cred *cred)
-{
- int rc = lsm_cred_alloc(cred, GFP_KERNEL);
-
- if (rc)
- panic("%s: Early cred alloc failed.\n", __func__);
-}
-
-/**
- * lsm_early_task - during initialization allocate a composite task blob
- * @task: the task that needs a blob
- *
- * Allocate the task blob for all the modules
- */
-static void __init lsm_early_task(struct task_struct *task)
-{
- int rc = lsm_task_alloc(task);
-
- if (rc)
- panic("%s: Early task alloc failed.\n", __func__);
-}
-
static void __init ordered_lsm_init(void)
{
unsigned int first = 0;
@@ -382,8 +354,11 @@ static void __init ordered_lsm_init(void)
blob_sizes.lbs_inode, 0,
SLAB_PANIC, NULL);
- lsm_early_cred((struct cred *) current->cred);
- lsm_early_task(current);
+ if (lsm_cred_alloc((struct cred __rcu *)current->cred, GFP_KERNEL))
+ panic("%s: early cred alloc failed.\n", __func__);
+ if (lsm_task_alloc(current))
+ panic("%s: early task alloc failed.\n", __func__);
+
lsm_order_for_each(lsm) {
initialize_lsm(*lsm);
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered()
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (5 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() " Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 08/34] lsm: replace the name field with a pointer to the lsm_id struct Paul Moore
` (17 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
The new name more closely fits the rest of the naming scheme in
security/lsm_init.c. This patch also adds a trivial comment block to
the top of the function.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 8bb473aca113..9249d5f37ae9 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -291,7 +291,10 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
kfree(sep);
}
-static void __init ordered_lsm_init(void)
+/**
+ * lsm_init_ordered - Initialize the ordered LSMs
+ */
+static void __init lsm_init_ordered(void)
{
unsigned int first = 0;
struct lsm_info **lsm;
@@ -342,9 +345,6 @@ static void __init ordered_lsm_init(void)
init_debug("bpf prog blob size = %d\n", blob_sizes.lbs_bpf_prog);
init_debug("bpf token blob size = %d\n", blob_sizes.lbs_bpf_token);
- /*
- * Create any kmem_caches needed for blobs
- */
if (blob_sizes.lbs_file)
lsm_file_cache = kmem_cache_create("lsm_file_cache",
blob_sizes.lbs_file, 0,
@@ -498,7 +498,7 @@ int __init security_init(void)
}
/* Load LSMs in specified order. */
- ordered_lsm_init();
+ lsm_init_ordered();
return 0;
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 08/34] lsm: replace the name field with a pointer to the lsm_id struct
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (6 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered() Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 09/34] lsm: rename the lsm order variables for consistency Paul Moore
` (16 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Reduce the duplication between the lsm_id struct and the DEFINE_LSM()
definition by linking the lsm_id struct directly into the individual
LSM's DEFINE_LSM() instance.
Linking the lsm_id into the LSM definition also allows us to simplify
the security_add_hooks() function by removing the code which populates
the lsm_idlist[] array and moving it into the normal LSM startup code
where the LSM list is parsed and the individual LSMs are enabled,
making for a cleaner implementation with less overhead at boot.
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
include/linux/lsm_hooks.h | 2 +-
security/apparmor/lsm.c | 2 +-
security/bpf/hooks.c | 2 +-
security/commoncap.c | 2 +-
security/integrity/evm/evm_main.c | 2 +-
security/integrity/ima/ima_main.c | 2 +-
security/ipe/ipe.c | 2 +-
security/landlock/setup.c | 2 +-
security/loadpin/loadpin.c | 2 +-
security/lockdown/lockdown.c | 2 +-
security/lsm_init.c | 45 +++++++++++++------------------
security/safesetid/lsm.c | 2 +-
security/selinux/hooks.c | 2 +-
security/smack/smack_lsm.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
security/yama/yama_lsm.c | 2 +-
16 files changed, 33 insertions(+), 42 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 0112926ed923..7343dd60b1d5 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -152,7 +152,7 @@ enum lsm_order {
};
struct lsm_info {
- const char *name; /* Required. */
+ const struct lsm_id *id;
enum lsm_order order; /* Optional: default is LSM_ORDER_MUTABLE */
unsigned long flags; /* Optional: flags describing LSM */
int *enabled; /* Optional: controlled by CONFIG_LSM */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b3f7a3258a2c..f6798144234b 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -2555,7 +2555,7 @@ static int __init apparmor_init(void)
}
DEFINE_LSM(apparmor) = {
- .name = "apparmor",
+ .id = &apparmor_lsmid,
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
.enabled = &apparmor_enabled,
.blobs = &apparmor_blob_sizes,
diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c
index db759025abe1..40efde233f3a 100644
--- a/security/bpf/hooks.c
+++ b/security/bpf/hooks.c
@@ -33,7 +33,7 @@ struct lsm_blob_sizes bpf_lsm_blob_sizes __ro_after_init = {
};
DEFINE_LSM(bpf) = {
- .name = "bpf",
+ .id = &bpf_lsmid,
.init = bpf_lsm_init,
.blobs = &bpf_lsm_blob_sizes
};
diff --git a/security/commoncap.c b/security/commoncap.c
index 6bd4adeb4795..b50479bd0286 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1505,7 +1505,7 @@ static int __init capability_init(void)
}
DEFINE_LSM(capability) = {
- .name = "capability",
+ .id = &capability_lsmid,
.order = LSM_ORDER_FIRST,
.init = capability_init,
};
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 0add782e73ba..db8e324ed4e6 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -1175,7 +1175,7 @@ struct lsm_blob_sizes evm_blob_sizes __ro_after_init = {
};
DEFINE_LSM(evm) = {
- .name = "evm",
+ .id = &evm_lsmid,
.init = init_evm_lsm,
.order = LSM_ORDER_LAST,
.blobs = &evm_blob_sizes,
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index cdd225f65a62..eade8e1e3cb1 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -1279,7 +1279,7 @@ struct lsm_blob_sizes ima_blob_sizes __ro_after_init = {
};
DEFINE_LSM(ima) = {
- .name = "ima",
+ .id = &ima_lsmid,
.init = init_ima_lsm,
.order = LSM_ORDER_LAST,
.blobs = &ima_blob_sizes,
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 4317134cb0da..2426441181dc 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -92,7 +92,7 @@ static int __init ipe_init(void)
}
DEFINE_LSM(ipe) = {
- .name = "ipe",
+ .id = &ipe_lsmid,
.init = ipe_init,
.blobs = &ipe_blobs,
};
diff --git a/security/landlock/setup.c b/security/landlock/setup.c
index bd53c7a56ab9..47dac1736f10 100644
--- a/security/landlock/setup.c
+++ b/security/landlock/setup.c
@@ -75,7 +75,7 @@ static int __init landlock_init(void)
}
DEFINE_LSM(LANDLOCK_NAME) = {
- .name = LANDLOCK_NAME,
+ .id = &landlock_lsmid,
.init = landlock_init,
.blobs = &landlock_blob_sizes,
};
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index 68252452b66c..b9ddf05c5c16 100644
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c
@@ -271,7 +271,7 @@ static int __init loadpin_init(void)
}
DEFINE_LSM(loadpin) = {
- .name = "loadpin",
+ .id = &loadpin_lsmid,
.init = loadpin_init,
};
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index cf83afa1d879..4813f168ff93 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -168,6 +168,6 @@ DEFINE_EARLY_LSM(lockdown) = {
#else
DEFINE_LSM(lockdown) = {
#endif
- .name = "lockdown",
+ .id = &lockdown_lsmid,
.init = lockdown_lsm_init,
};
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 9249d5f37ae9..692d61a2ea10 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -127,9 +127,10 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
/* Enable this LSM, if it is not already set. */
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
- ordered_lsms[last_lsm++] = lsm;
+ ordered_lsms[last_lsm] = lsm;
+ lsm_idlist[last_lsm++] = lsm->id;
- init_debug("%s ordered: %s (%s)\n", from, lsm->name,
+ init_debug("%s ordered: %s (%s)\n", from, lsm->id->name,
is_enabled(lsm) ? "enabled" : "disabled");
}
@@ -157,7 +158,7 @@ static void __init lsm_prepare(struct lsm_info *lsm)
set_enabled(lsm, false);
return;
} else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
- init_debug("exclusive disabled: %s\n", lsm->name);
+ init_debug("exclusive disabled: %s\n", lsm->id->name);
set_enabled(lsm, false);
return;
}
@@ -165,7 +166,7 @@ static void __init lsm_prepare(struct lsm_info *lsm)
/* Mark the LSM as enabled. */
set_enabled(lsm, true);
if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
- init_debug("exclusive chosen: %s\n", lsm->name);
+ init_debug("exclusive chosen: %s\n", lsm->id->name);
exclusive = lsm;
}
@@ -200,9 +201,9 @@ static void __init initialize_lsm(struct lsm_info *lsm)
if (is_enabled(lsm)) {
int ret;
- init_debug("initializing %s\n", lsm->name);
+ init_debug("initializing %s\n", lsm->id->name);
ret = lsm->init();
- WARN(ret, "%s failed to initialize: %d\n", lsm->name, ret);
+ WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
}
}
@@ -236,10 +237,10 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
*/
lsm_for_each_raw(major) {
if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
- strcmp(major->name, chosen_major_lsm) != 0) {
+ strcmp(major->id->name, chosen_major_lsm) != 0) {
set_enabled(major, false);
init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
- chosen_major_lsm, major->name);
+ chosen_major_lsm, major->id->name);
}
}
}
@@ -251,7 +252,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
bool found = false;
lsm_for_each_raw(lsm) {
- if (strcmp(lsm->name, name) == 0) {
+ if (strcmp(lsm->id->name, name) == 0) {
if (lsm->order == LSM_ORDER_MUTABLE)
append_ordered_lsm(lsm, origin);
found = true;
@@ -268,7 +269,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
lsm_for_each_raw(lsm) {
if (exists_ordered_lsm(lsm))
continue;
- if (strcmp(lsm->name, chosen_major_lsm) == 0)
+ if (strcmp(lsm->id->name, chosen_major_lsm) == 0)
append_ordered_lsm(lsm, "security=");
}
}
@@ -285,7 +286,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
continue;
set_enabled(lsm, false);
init_debug("%s skipped: %s (not in requested order)\n",
- origin, lsm->name);
+ origin, lsm->id->name);
}
kfree(sep);
@@ -317,11 +318,13 @@ static void __init lsm_init_ordered(void)
pr_info("initializing lsm=");
lsm_early_for_each_raw(early) {
if (is_enabled(early))
- pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
+ pr_cont("%s%s",
+ first++ == 0 ? "" : ",", early->id->name);
}
lsm_order_for_each(lsm) {
if (is_enabled(*lsm))
- pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
+ pr_cont("%s%s",
+ first++ == 0 ? "" : ",", (*lsm)->id->name);
}
pr_cont("\n");
@@ -432,18 +435,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
{
int i;
- /*
- * A security module may call security_add_hooks() more
- * than once during initialization, and LSM initialization
- * is serialized. Landlock is one such case.
- * Look at the previous entry, if there is one, for duplication.
- */
- if (lsm_active_cnt == 0 || lsm_idlist[lsm_active_cnt - 1] != lsmid) {
- if (lsm_active_cnt >= MAX_LSM_COUNT)
- panic("%s Too many LSMs registered.\n", __func__);
- lsm_idlist[lsm_active_cnt++] = lsmid;
- }
-
for (i = 0; i < count; i++) {
hooks[i].lsmid = lsmid;
lsm_static_call_init(&hooks[i]);
@@ -491,10 +482,10 @@ int __init security_init(void)
* available
*/
lsm_early_for_each_raw(lsm) {
- init_debug(" early started: %s (%s)\n", lsm->name,
+ init_debug(" early started: %s (%s)\n", lsm->id->name,
is_enabled(lsm) ? "enabled" : "disabled");
if (lsm->enabled)
- lsm_append(lsm->name, &lsm_names);
+ lsm_append(lsm->id->name, &lsm_names);
}
/* Load LSMs in specified order. */
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index 1ba564f097f5..9a7c68d4e642 100644
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
@@ -287,6 +287,6 @@ static int __init safesetid_security_init(void)
}
DEFINE_LSM(safesetid_security_init) = {
+ .id = &safesetid_lsmid,
.init = safesetid_security_init,
- .name = "safesetid",
};
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index dfc22da42f30..299b656ac007 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7639,7 +7639,7 @@ void selinux_complete_init(void)
/* SELinux requires early initialization in order to label
all processes and objects when they are created. */
DEFINE_LSM(selinux) = {
- .name = "selinux",
+ .id = &selinux_lsmid,
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
.enabled = &selinux_enabled_boot,
.blobs = &selinux_blob_sizes,
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index af986587841d..392698e41120 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -5280,7 +5280,7 @@ static __init int smack_init(void)
* all processes and objects when they are created.
*/
DEFINE_LSM(smack) = {
- .name = "smack",
+ .id = &smack_lsmid,
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
.blobs = &smack_blob_sizes,
.init = smack_init,
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 48fc59d38ab2..cb003c460dc2 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -612,7 +612,7 @@ static int __init tomoyo_init(void)
}
DEFINE_LSM(tomoyo) = {
- .name = "tomoyo",
+ .id = &tomoyo_lsmid,
.enabled = &tomoyo_enabled,
.flags = LSM_FLAG_LEGACY_MAJOR,
.blobs = &tomoyo_blob_sizes,
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 3d064dd4e03f..38b21ee0c560 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -476,6 +476,6 @@ static int __init yama_init(void)
}
DEFINE_LSM(yama) = {
- .name = "yama",
+ .id = &yama_lsmid,
.init = yama_init,
};
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 09/34] lsm: rename the lsm order variables for consistency
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (7 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 08/34] lsm: replace the name field with a pointer to the lsm_id struct Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 10/34] lsm: rework lsm_active_cnt and lsm_idlist[] Paul Moore
` (15 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Rename the builtin_lsm_order variable to lsm_order_builtin,
chosen_lsm_order to lsm_order_cmdline, chosen_major_lsm to
lsm_order_legacy, ordered_lsms[] to lsm_order[], and exclusive
to lsm_exclusive.
This patch also renames the associated kernel command line parsing
functions and adds some basic function comment blocks. The parsing
function choose_major_lsm() was renamed to lsm_choose_security(),
choose_lsm_order() to lsm_choose_lsm(), and enable_debug() to
lsm_debug_enable().
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 86 +++++++++++++++++++++++++--------------------
1 file changed, 48 insertions(+), 38 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 692d61a2ea10..a0785ca081c7 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -16,14 +16,14 @@ char *lsm_names;
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
-/* Boot-time LSM user choice */
-static __initconst const char *const builtin_lsm_order = CONFIG_LSM;
-static __initdata const char *chosen_lsm_order;
-static __initdata const char *chosen_major_lsm;
+/* Build and boot-time LSM ordering. */
+static __initconst const char *const lsm_order_builtin = CONFIG_LSM;
+static __initdata const char *lsm_order_cmdline;
+static __initdata const char *lsm_order_legacy;
/* Ordered list of LSMs to initialize. */
-static __initdata struct lsm_info *ordered_lsms[MAX_LSM_COUNT + 1];
-static __initdata struct lsm_info *exclusive;
+static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1];
+static __initdata struct lsm_info *lsm_exclusive;
static __initdata bool debug;
#define init_debug(...) \
@@ -33,7 +33,7 @@ static __initdata bool debug;
} while (0)
#define lsm_order_for_each(iter) \
- for ((iter) = ordered_lsms; *(iter); (iter)++)
+ for ((iter) = lsm_order; *(iter); (iter)++)
#define lsm_for_each_raw(iter) \
for ((iter) = __start_lsm_info; \
(iter) < __end_lsm_info; (iter)++)
@@ -41,31 +41,41 @@ static __initdata bool debug;
for ((iter) = __start_early_lsm_info; \
(iter) < __end_early_lsm_info; (iter)++)
-static int lsm_append(const char *new, char **result);
-
-/* Save user chosen LSM */
-static int __init choose_major_lsm(char *str)
+/**
+ * lsm_choose_security - Legacy "major" LSM selection
+ * @str: kernel command line parameter
+ */
+static int __init lsm_choose_security(char *str)
{
- chosen_major_lsm = str;
+ lsm_order_legacy = str;
return 1;
}
-__setup("security=", choose_major_lsm);
+__setup("security=", lsm_choose_security);
-/* Explicitly choose LSM initialization order. */
-static int __init choose_lsm_order(char *str)
+/**
+ * lsm_choose_lsm - Modern LSM selection
+ * @str: kernel command line parameter
+ */
+static int __init lsm_choose_lsm(char *str)
{
- chosen_lsm_order = str;
+ lsm_order_cmdline = str;
return 1;
}
-__setup("lsm=", choose_lsm_order);
+__setup("lsm=", lsm_choose_lsm);
-/* Enable LSM order debugging. */
-static int __init enable_debug(char *str)
+/**
+ * lsm_debug_enable - Enable LSM framework debugging
+ * @str: kernel command line parameter
+ *
+ * Currently we only provide debug info during LSM initialization, but we may
+ * want to expand this in the future.
+ */
+static int __init lsm_debug_enable(char *str)
{
debug = true;
return 1;
}
-__setup("lsm.debug", enable_debug);
+__setup("lsm.debug", lsm_debug_enable);
/* Mark an LSM's enabled flag. */
static int lsm_enabled_true __initdata = 1;
@@ -127,7 +137,7 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
/* Enable this LSM, if it is not already set. */
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
- ordered_lsms[last_lsm] = lsm;
+ lsm_order[last_lsm] = lsm;
lsm_idlist[last_lsm++] = lsm->id;
init_debug("%s ordered: %s (%s)\n", from, lsm->id->name,
@@ -157,7 +167,7 @@ static void __init lsm_prepare(struct lsm_info *lsm)
if (!is_enabled(lsm)) {
set_enabled(lsm, false);
return;
- } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && exclusive) {
+ } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) {
init_debug("exclusive disabled: %s\n", lsm->id->name);
set_enabled(lsm, false);
return;
@@ -165,9 +175,9 @@ static void __init lsm_prepare(struct lsm_info *lsm)
/* Mark the LSM as enabled. */
set_enabled(lsm, true);
- if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !exclusive) {
+ if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) {
init_debug("exclusive chosen: %s\n", lsm->id->name);
- exclusive = lsm;
+ lsm_exclusive = lsm;
}
/* Register the LSM blob sizes. */
@@ -226,7 +236,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
}
/* Process "security=", if given. */
- if (chosen_major_lsm) {
+ if (lsm_order_legacy) {
struct lsm_info *major;
/*
@@ -237,10 +247,10 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
*/
lsm_for_each_raw(major) {
if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
- strcmp(major->id->name, chosen_major_lsm) != 0) {
+ strcmp(major->id->name, lsm_order_legacy) != 0) {
set_enabled(major, false);
init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
- chosen_major_lsm, major->id->name);
+ lsm_order_legacy, major->id->name);
}
}
}
@@ -265,11 +275,11 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
}
/* Process "security=", if given. */
- if (chosen_major_lsm) {
+ if (lsm_order_legacy) {
lsm_for_each_raw(lsm) {
if (exists_ordered_lsm(lsm))
continue;
- if (strcmp(lsm->id->name, chosen_major_lsm) == 0)
+ if (strcmp(lsm->id->name, lsm_order_legacy) == 0)
append_ordered_lsm(lsm, "security=");
}
}
@@ -301,15 +311,15 @@ static void __init lsm_init_ordered(void)
struct lsm_info **lsm;
struct lsm_info *early;
- if (chosen_lsm_order) {
- if (chosen_major_lsm) {
+ if (lsm_order_cmdline) {
+ if (lsm_order_legacy) {
pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
- chosen_major_lsm, chosen_lsm_order);
- chosen_major_lsm = NULL;
+ lsm_order_legacy, lsm_order_cmdline);
+ lsm_order_legacy = NULL;
}
- ordered_lsm_parse(chosen_lsm_order, "cmdline");
+ ordered_lsm_parse(lsm_order_cmdline, "cmdline");
} else
- ordered_lsm_parse(builtin_lsm_order, "builtin");
+ ordered_lsm_parse(lsm_order_builtin, "builtin");
lsm_order_for_each(lsm) {
lsm_prepare(*lsm);
@@ -473,9 +483,9 @@ int __init security_init(void)
{
struct lsm_info *lsm;
- init_debug("legacy security=%s\n", chosen_major_lsm ? : " *unspecified*");
- init_debug(" CONFIG_LSM=%s\n", builtin_lsm_order);
- init_debug("boot arg lsm=%s\n", chosen_lsm_order ? : " *unspecified*");
+ init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*");
+ init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin);
+ init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*");
/*
* Append the names of the early LSM modules now that kmalloc() is
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 10/34] lsm: rework lsm_active_cnt and lsm_idlist[]
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (8 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 09/34] lsm: rename the lsm order variables for consistency Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 11/34] lsm: get rid of the lsm_names list and do some cleanup Paul Moore
` (14 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Move the LSM active count and lsm_id list declarations out of a header
that is visible across the kernel and into a header that is limited to
the LSM framework. This not only helps keep the include/linux headers
smaller and cleaner, it helps prevent misuse of these variables.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
include/linux/security.h | 2 --
security/lsm.h | 5 +++++
security/lsm_init.c | 6 ------
security/lsm_syscalls.c | 2 ++
security/security.c | 3 +++
5 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 92ac3f27b973..556890ea2e83 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -167,8 +167,6 @@ struct lsm_prop {
};
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
-extern u32 lsm_active_cnt;
-extern const struct lsm_id *lsm_idlist[];
/* These functions are in security/commoncap.c */
extern int cap_capable(const struct cred *cred, struct user_namespace *ns,
diff --git a/security/lsm.h b/security/lsm.h
index 0e1731bad4a7..dbe755c45e57 100644
--- a/security/lsm.h
+++ b/security/lsm.h
@@ -7,6 +7,11 @@
#define _LSM_H_
#include <linux/lsm_hooks.h>
+#include <linux/lsm_count.h>
+
+/* List of configured LSMs */
+extern unsigned int lsm_active_cnt;
+extern const struct lsm_id *lsm_idlist[];
/* LSM blob configuration */
extern struct lsm_blob_sizes blob_sizes;
diff --git a/security/lsm_init.c b/security/lsm_init.c
index a0785ca081c7..d40f31e79bd5 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -217,12 +217,6 @@ static void __init initialize_lsm(struct lsm_info *lsm)
}
}
-/*
- * Current index to use while initializing the lsm id list.
- */
-u32 lsm_active_cnt __ro_after_init;
-const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
-
/* Populate ordered LSMs list from comma-separated LSM name list. */
static void __init ordered_lsm_parse(const char *order, const char *origin)
{
diff --git a/security/lsm_syscalls.c b/security/lsm_syscalls.c
index 8440948a690c..5648b1f0ce9c 100644
--- a/security/lsm_syscalls.c
+++ b/security/lsm_syscalls.c
@@ -17,6 +17,8 @@
#include <linux/lsm_hooks.h>
#include <uapi/linux/lsm.h>
+#include "lsm.h"
+
/**
* lsm_name_to_attr - map an LSM attribute name to its ID
* @name: name of the attribute
diff --git a/security/security.c b/security/security.c
index dc9734f0d45c..b4eec4f00730 100644
--- a/security/security.c
+++ b/security/security.c
@@ -73,6 +73,9 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
};
+unsigned int lsm_active_cnt __ro_after_init;
+const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
+
struct lsm_blob_sizes blob_sizes;
struct kmem_cache *lsm_file_cache;
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 11/34] lsm: get rid of the lsm_names list and do some cleanup
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (9 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 10/34] lsm: rework lsm_active_cnt and lsm_idlist[] Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 12/34] lsm: rework the LSM enable/disable setter/getter functions Paul Moore
` (13 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
The LSM currently has a lot of code to maintain a list of the currently
active LSMs in a human readable string, with the only user being the
"/sys/kernel/security/lsm" code. Let's drop all of that code and
generate the string on first use and then cache it for subsequent use.
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
include/linux/lsm_hooks.h | 1 -
security/inode.c | 43 ++++++++++++++++++++++++++++++++--
security/lsm_init.c | 49 ---------------------------------------
3 files changed, 41 insertions(+), 52 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 7343dd60b1d5..65a8227bece7 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -172,7 +172,6 @@ struct lsm_info {
/* DO NOT tamper with these variables outside of the LSM framework */
-extern char *lsm_names;
extern struct lsm_static_calls_table static_calls_table __ro_after_init;
/**
diff --git a/security/inode.c b/security/inode.c
index 43382ef8896e..6620c3e42af2 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -22,6 +22,8 @@
#include <linux/lsm_hooks.h>
#include <linux/magic.h>
+#include "lsm.h"
+
static struct vfsmount *mount;
static int mount_count;
@@ -315,12 +317,49 @@ void securityfs_remove(struct dentry *dentry)
EXPORT_SYMBOL_GPL(securityfs_remove);
#ifdef CONFIG_SECURITY
+#include <linux/spinlock.h>
+
static struct dentry *lsm_dentry;
+
static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
loff_t *ppos)
{
- return simple_read_from_buffer(buf, count, ppos, lsm_names,
- strlen(lsm_names));
+ int i;
+ static char *str;
+ static size_t len;
+ static DEFINE_SPINLOCK(lock);
+
+ /* NOTE: we never free or modify the string once it is set */
+
+ if (unlikely(!str || !len)) {
+ char *str_tmp;
+ size_t len_tmp = 0;
+
+ for (i = 0; i < lsm_active_cnt; i++)
+ /* the '+ 1' accounts for either a comma or a NUL */
+ len_tmp += strlen(lsm_idlist[i]->name) + 1;
+
+ str_tmp = kmalloc(len_tmp, GFP_KERNEL);
+ if (!str_tmp)
+ return -ENOMEM;
+ str_tmp[0] = '\0';
+
+ for (i = 0; i < lsm_active_cnt; i++) {
+ if (i > 0)
+ strcat(str_tmp, ",");
+ strcat(str_tmp, lsm_idlist[i]->name);
+ }
+
+ spin_lock(&lock);
+ if (!str) {
+ str = str_tmp;
+ len = len_tmp - 1;
+ } else
+ kfree(str_tmp);
+ spin_unlock(&lock);
+ }
+
+ return simple_read_from_buffer(buf, count, ppos, str, len);
}
static const struct file_operations lsm_ops = {
diff --git a/security/lsm_init.c b/security/lsm_init.c
index d40f31e79bd5..574fff354d3f 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -10,8 +10,6 @@
#include "lsm.h"
-char *lsm_names;
-
/* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
@@ -371,42 +369,6 @@ static void __init lsm_init_ordered(void)
}
}
-static bool match_last_lsm(const char *list, const char *lsm)
-{
- const char *last;
-
- if (WARN_ON(!list || !lsm))
- return false;
- last = strrchr(list, ',');
- if (last)
- /* Pass the comma, strcmp() will check for '\0' */
- last++;
- else
- last = list;
- return !strcmp(last, lsm);
-}
-
-static int lsm_append(const char *new, char **result)
-{
- char *cp;
-
- if (*result == NULL) {
- *result = kstrdup(new, GFP_KERNEL);
- if (*result == NULL)
- return -ENOMEM;
- } else {
- /* Check if it is the last registered name */
- if (match_last_lsm(*result, new))
- return 0;
- cp = kasprintf(GFP_KERNEL, "%s,%s", *result, new);
- if (cp == NULL)
- return -ENOMEM;
- kfree(*result);
- *result = cp;
- }
- return 0;
-}
-
static void __init lsm_static_call_init(struct security_hook_list *hl)
{
struct lsm_static_call *scall = hl->scalls;
@@ -443,15 +405,6 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
hooks[i].lsmid = lsmid;
lsm_static_call_init(&hooks[i]);
}
-
- /*
- * Don't try to append during early_security_init(), we'll come back
- * and fix this up afterwards.
- */
- if (slab_is_available()) {
- if (lsm_append(lsmid->name, &lsm_names) < 0)
- panic("%s - Cannot get early memory.\n", __func__);
- }
}
int __init early_security_init(void)
@@ -488,8 +441,6 @@ int __init security_init(void)
lsm_early_for_each_raw(lsm) {
init_debug(" early started: %s (%s)\n", lsm->id->name,
is_enabled(lsm) ? "enabled" : "disabled");
- if (lsm->enabled)
- lsm_append(lsm->id->name, &lsm_names);
}
/* Load LSMs in specified order. */
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 12/34] lsm: rework the LSM enable/disable setter/getter functions
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (10 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 11/34] lsm: get rid of the lsm_names list and do some cleanup Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists() Paul Moore
` (12 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
In addition to style changes, rename set_enabled() to lsm_enabled_set()
and is_enabled() to lsm_is_enabled() to better fit within the LSM
initialization code.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 62 ++++++++++++++++++++++-----------------------
1 file changed, 31 insertions(+), 31 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 574fff354d3f..9bfc35b44b63 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -10,6 +10,10 @@
#include "lsm.h"
+/* LSM enabled constants. */
+static __initdata int lsm_enabled_true = 1;
+static __initdata int lsm_enabled_false = 0;
+
/* Pointers to LSM sections defined in include/asm-generic/vmlinux.lds.h */
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
@@ -75,37 +79,33 @@ static int __init lsm_debug_enable(char *str)
}
__setup("lsm.debug", lsm_debug_enable);
-/* Mark an LSM's enabled flag. */
-static int lsm_enabled_true __initdata = 1;
-static int lsm_enabled_false __initdata = 0;
-static void __init set_enabled(struct lsm_info *lsm, bool enabled)
+/**
+ * lsm_enabled_set - Mark a LSM as enabled
+ * @lsm: LSM definition
+ * @enabled: enabled flag
+ */
+static void __init lsm_enabled_set(struct lsm_info *lsm, bool enabled)
{
/*
* When an LSM hasn't configured an enable variable, we can use
* a hard-coded location for storing the default enabled state.
*/
- if (!lsm->enabled) {
- if (enabled)
- lsm->enabled = &lsm_enabled_true;
- else
- lsm->enabled = &lsm_enabled_false;
- } else if (lsm->enabled == &lsm_enabled_true) {
- if (!enabled)
- lsm->enabled = &lsm_enabled_false;
- } else if (lsm->enabled == &lsm_enabled_false) {
- if (enabled)
- lsm->enabled = &lsm_enabled_true;
+ if (!lsm->enabled ||
+ lsm->enabled == &lsm_enabled_true ||
+ lsm->enabled == &lsm_enabled_false) {
+ lsm->enabled = enabled ? &lsm_enabled_true : &lsm_enabled_false;
} else {
*lsm->enabled = enabled;
}
}
-static inline bool is_enabled(struct lsm_info *lsm)
+/**
+ * lsm_is_enabled - Determine if a LSM is enabled
+ * @lsm: LSM definition
+ */
+static inline bool lsm_is_enabled(struct lsm_info *lsm)
{
- if (!lsm->enabled)
- return false;
-
- return *lsm->enabled;
+ return (lsm->enabled ? *lsm->enabled : false);
}
/* Is an LSM already listed in the ordered LSMs list? */
@@ -139,7 +139,7 @@ static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
lsm_idlist[last_lsm++] = lsm->id;
init_debug("%s ordered: %s (%s)\n", from, lsm->id->name,
- is_enabled(lsm) ? "enabled" : "disabled");
+ lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
static void __init lsm_set_blob_size(int *need, int *lbs)
@@ -162,17 +162,17 @@ static void __init lsm_prepare(struct lsm_info *lsm)
{
struct lsm_blob_sizes *blobs;
- if (!is_enabled(lsm)) {
- set_enabled(lsm, false);
+ if (!lsm_is_enabled(lsm)) {
+ lsm_enabled_set(lsm, false);
return;
} else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) {
init_debug("exclusive disabled: %s\n", lsm->id->name);
- set_enabled(lsm, false);
+ lsm_enabled_set(lsm, false);
return;
}
/* Mark the LSM as enabled. */
- set_enabled(lsm, true);
+ lsm_enabled_set(lsm, true);
if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) {
init_debug("exclusive chosen: %s\n", lsm->id->name);
lsm_exclusive = lsm;
@@ -206,7 +206,7 @@ static void __init lsm_prepare(struct lsm_info *lsm)
/* Initialize a given LSM, if it is enabled. */
static void __init initialize_lsm(struct lsm_info *lsm)
{
- if (is_enabled(lsm)) {
+ if (lsm_is_enabled(lsm)) {
int ret;
init_debug("initializing %s\n", lsm->id->name);
@@ -240,7 +240,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
lsm_for_each_raw(major) {
if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
strcmp(major->id->name, lsm_order_legacy) != 0) {
- set_enabled(major, false);
+ lsm_enabled_set(major, false);
init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
lsm_order_legacy, major->id->name);
}
@@ -286,7 +286,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
lsm_for_each_raw(lsm) {
if (exists_ordered_lsm(lsm))
continue;
- set_enabled(lsm, false);
+ lsm_enabled_set(lsm, false);
init_debug("%s skipped: %s (not in requested order)\n",
origin, lsm->id->name);
}
@@ -319,12 +319,12 @@ static void __init lsm_init_ordered(void)
pr_info("initializing lsm=");
lsm_early_for_each_raw(early) {
- if (is_enabled(early))
+ if (lsm_is_enabled(early))
pr_cont("%s%s",
first++ == 0 ? "" : ",", early->id->name);
}
lsm_order_for_each(lsm) {
- if (is_enabled(*lsm))
+ if (lsm_is_enabled(*lsm))
pr_cont("%s%s",
first++ == 0 ? "" : ",", (*lsm)->id->name);
}
@@ -440,7 +440,7 @@ int __init security_init(void)
*/
lsm_early_for_each_raw(lsm) {
init_debug(" early started: %s (%s)\n", lsm->id->name,
- is_enabled(lsm) ? "enabled" : "disabled");
+ lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
/* Load LSMs in specified order. */
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists()
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (11 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 12/34] lsm: rework the LSM enable/disable setter/getter functions Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append() Paul Moore
` (11 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Also add a header comment block to the function.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 9bfc35b44b63..4b66a8cfe8eb 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -108,8 +108,11 @@ static inline bool lsm_is_enabled(struct lsm_info *lsm)
return (lsm->enabled ? *lsm->enabled : false);
}
-/* Is an LSM already listed in the ordered LSMs list? */
-static bool __init exists_ordered_lsm(struct lsm_info *lsm)
+/**
+ * lsm_order_exists - Determine if a LSM exists in the ordered list
+ * @lsm: LSM definition
+ */
+static bool __init lsm_order_exists(struct lsm_info *lsm)
{
struct lsm_info **check;
@@ -126,7 +129,7 @@ static int last_lsm __initdata;
static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
{
/* Ignore duplicate selections. */
- if (exists_ordered_lsm(lsm))
+ if (lsm_order_exists(lsm))
return;
if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from))
@@ -269,7 +272,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
/* Process "security=", if given. */
if (lsm_order_legacy) {
lsm_for_each_raw(lsm) {
- if (exists_ordered_lsm(lsm))
+ if (lsm_order_exists(lsm))
continue;
if (strcmp(lsm->id->name, lsm_order_legacy) == 0)
append_ordered_lsm(lsm, "security=");
@@ -284,7 +287,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
/* Disable all LSMs not in the ordered list. */
lsm_for_each_raw(lsm) {
- if (exists_ordered_lsm(lsm))
+ if (lsm_order_exists(lsm))
continue;
lsm_enabled_set(lsm, false);
init_debug("%s skipped: %s (not in requested order)\n",
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append()
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (12 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists() Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() Paul Moore
` (10 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Rename append_ordered_lsm() to lsm_order_append() to better match
convention and do some rework. The rework includes moving the
LSM_FLAG_EXCLUSIVE logic from lsm_prepare() to lsm_order_append()
in order to consolidate the individual LSM append/activation code,
and adding logic to skip appending explicitly disabled LSMs to the
active LSM list.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 76 +++++++++++++++++++++++++--------------------
1 file changed, 43 insertions(+), 33 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 4b66a8cfe8eb..1881cd28f0a0 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -124,24 +124,48 @@ static bool __init lsm_order_exists(struct lsm_info *lsm)
return false;
}
-/* Append an LSM to the list of ordered LSMs to initialize. */
-static int last_lsm __initdata;
-static void __init append_ordered_lsm(struct lsm_info *lsm, const char *from)
+/**
+ * lsm_order_append - Append a LSM to the ordered list
+ * @lsm: LSM definition
+ * @src: source of the addition
+ *
+ * Append @lsm to the enabled LSM array after ensuring that it hasn't been
+ * explicitly disabled, is a duplicate entry, or would run afoul of the
+ * LSM_FLAG_EXCLUSIVE logic.
+ */
+static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
{
/* Ignore duplicate selections. */
if (lsm_order_exists(lsm))
return;
- if (WARN(last_lsm == MAX_LSM_COUNT, "%s: out of LSM static calls!?\n", from))
- return;
+ /* Skip explicitly disabled LSMs. */
+ if (lsm->enabled && !lsm_is_enabled(lsm))
+ goto out;
- /* Enable this LSM, if it is not already set. */
- if (!lsm->enabled)
- lsm->enabled = &lsm_enabled_true;
- lsm_order[last_lsm] = lsm;
- lsm_idlist[last_lsm++] = lsm->id;
+ if (WARN(lsm_active_cnt == MAX_LSM_COUNT,
+ "%s: out of LSM static calls!?\n", src)) {
+ lsm_enabled_set(lsm, false);
+ goto out;
+ }
- init_debug("%s ordered: %s (%s)\n", from, lsm->id->name,
+ if (lsm->flags & LSM_FLAG_EXCLUSIVE) {
+ if (lsm_exclusive) {
+ init_debug("exclusive disabled: %s\n", lsm->id->name);
+ lsm_enabled_set(lsm, false);
+ goto out;
+ } else {
+ init_debug("exclusive chosen: %s\n", lsm->id->name);
+ lsm_exclusive = lsm;
+ }
+ }
+
+ lsm_enabled_set(lsm, true);
+ lsm_order[lsm_active_cnt] = lsm;
+ lsm_idlist[lsm_active_cnt++] = lsm->id;
+
+out:
+ init_debug("%s ordered: %s (%s)\n", src, lsm->id->name,
lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
@@ -163,26 +187,12 @@ static void __init lsm_set_blob_size(int *need, int *lbs)
*/
static void __init lsm_prepare(struct lsm_info *lsm)
{
- struct lsm_blob_sizes *blobs;
+ struct lsm_blob_sizes *blobs = lsm->blobs;
- if (!lsm_is_enabled(lsm)) {
- lsm_enabled_set(lsm, false);
+ if (!blobs)
return;
- } else if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && lsm_exclusive) {
- init_debug("exclusive disabled: %s\n", lsm->id->name);
- lsm_enabled_set(lsm, false);
- return;
- }
-
- /* Mark the LSM as enabled. */
- lsm_enabled_set(lsm, true);
- if ((lsm->flags & LSM_FLAG_EXCLUSIVE) && !lsm_exclusive) {
- init_debug("exclusive chosen: %s\n", lsm->id->name);
- lsm_exclusive = lsm;
- }
/* Register the LSM blob sizes. */
- blobs = lsm->blobs;
lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
@@ -227,7 +237,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
/* LSM_ORDER_FIRST is always first. */
lsm_for_each_raw(lsm) {
if (lsm->order == LSM_ORDER_FIRST)
- append_ordered_lsm(lsm, " first");
+ lsm_order_append(lsm, " first");
}
/* Process "security=", if given. */
@@ -259,7 +269,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
lsm_for_each_raw(lsm) {
if (strcmp(lsm->id->name, name) == 0) {
if (lsm->order == LSM_ORDER_MUTABLE)
- append_ordered_lsm(lsm, origin);
+ lsm_order_append(lsm, origin);
found = true;
}
}
@@ -275,14 +285,14 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
if (lsm_order_exists(lsm))
continue;
if (strcmp(lsm->id->name, lsm_order_legacy) == 0)
- append_ordered_lsm(lsm, "security=");
+ lsm_order_append(lsm, "security=");
}
}
/* LSM_ORDER_LAST is always last. */
lsm_for_each_raw(lsm) {
if (lsm->order == LSM_ORDER_LAST)
- append_ordered_lsm(lsm, " last");
+ lsm_order_append(lsm, " last");
}
/* Disable all LSMs not in the ordered list. */
@@ -415,8 +425,8 @@ int __init early_security_init(void)
struct lsm_info *lsm;
lsm_early_for_each_raw(lsm) {
- if (!lsm->enabled)
- lsm->enabled = &lsm_enabled_true;
+ lsm_enabled_set(lsm, true);
+ lsm_order_append(lsm, "early");
lsm_prepare(lsm);
initialize_lsm(lsm);
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse()
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (13 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append() Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 16/34] lsm: cleanup the LSM blob size code Paul Moore
` (9 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Rename ordered_lsm_parse() to lsm_order_parse() for the sake of
consistency with the other LSM initialization routines, and also
do some minor rework of the function. Aside from some minor style
decisions, the majority of the rework involved shuffling the order
of the LSM_FLAG_LEGACY and LSM_ORDER_FIRST code so that the
LSM_FLAG_LEGACY checks are handled first; it is important to note
that this doesn't affect the order in which the LSMs are registered.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 82 ++++++++++++++++++++-------------------------
1 file changed, 37 insertions(+), 45 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 1881cd28f0a0..f0066857bd1a 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -228,83 +228,75 @@ static void __init initialize_lsm(struct lsm_info *lsm)
}
}
-/* Populate ordered LSMs list from comma-separated LSM name list. */
-static void __init ordered_lsm_parse(const char *order, const char *origin)
+/**
+ * lsm_order_parse - Parse the comma delimited LSM list
+ * @list: LSM list
+ * @src: source of the list
+ */
+static void __init lsm_order_parse(const char *list, const char *src)
{
struct lsm_info *lsm;
char *sep, *name, *next;
- /* LSM_ORDER_FIRST is always first. */
- lsm_for_each_raw(lsm) {
- if (lsm->order == LSM_ORDER_FIRST)
- lsm_order_append(lsm, " first");
- }
-
- /* Process "security=", if given. */
+ /* Handle any Legacy LSM exclusions if one was specified. */
if (lsm_order_legacy) {
- struct lsm_info *major;
-
/*
- * To match the original "security=" behavior, this
- * explicitly does NOT fallback to another Legacy Major
- * if the selected one was separately disabled: disable
- * all non-matching Legacy Major LSMs.
+ * To match the original "security=" behavior, this explicitly
+ * does NOT fallback to another Legacy Major if the selected
+ * one was separately disabled: disable all non-matching
+ * Legacy Major LSMs.
*/
- lsm_for_each_raw(major) {
- if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
- strcmp(major->id->name, lsm_order_legacy) != 0) {
- lsm_enabled_set(major, false);
+ lsm_for_each_raw(lsm) {
+ if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) &&
+ strcmp(lsm->id->name, lsm_order_legacy)) {
+ lsm_enabled_set(lsm, false);
init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
- lsm_order_legacy, major->id->name);
+ lsm_order_legacy, lsm->id->name);
}
}
}
- sep = kstrdup(order, GFP_KERNEL);
+ /* LSM_ORDER_FIRST */
+ lsm_for_each_raw(lsm) {
+ if (lsm->order == LSM_ORDER_FIRST)
+ lsm_order_append(lsm, "first");
+ }
+
+ /* Normal or "mutable" LSMs */
+ sep = kstrdup(list, GFP_KERNEL);
next = sep;
/* Walk the list, looking for matching LSMs. */
while ((name = strsep(&next, ",")) != NULL) {
- bool found = false;
-
lsm_for_each_raw(lsm) {
- if (strcmp(lsm->id->name, name) == 0) {
- if (lsm->order == LSM_ORDER_MUTABLE)
- lsm_order_append(lsm, origin);
- found = true;
- }
+ if (!strcmp(lsm->id->name, name) &&
+ lsm->order == LSM_ORDER_MUTABLE)
+ lsm_order_append(lsm, src);
}
-
- if (!found)
- init_debug("%s ignored: %s (not built into kernel)\n",
- origin, name);
}
+ kfree(sep);
- /* Process "security=", if given. */
+ /* Legacy LSM if specified. */
if (lsm_order_legacy) {
lsm_for_each_raw(lsm) {
- if (lsm_order_exists(lsm))
- continue;
- if (strcmp(lsm->id->name, lsm_order_legacy) == 0)
- lsm_order_append(lsm, "security=");
+ if (!strcmp(lsm->id->name, lsm_order_legacy))
+ lsm_order_append(lsm, src);
}
}
- /* LSM_ORDER_LAST is always last. */
+ /* LSM_ORDER_LAST */
lsm_for_each_raw(lsm) {
if (lsm->order == LSM_ORDER_LAST)
- lsm_order_append(lsm, " last");
+ lsm_order_append(lsm, "last");
}
- /* Disable all LSMs not in the ordered list. */
+ /* Disable all LSMs not previously enabled. */
lsm_for_each_raw(lsm) {
if (lsm_order_exists(lsm))
continue;
lsm_enabled_set(lsm, false);
init_debug("%s skipped: %s (not in requested order)\n",
- origin, lsm->id->name);
+ src, lsm->id->name);
}
-
- kfree(sep);
}
/**
@@ -322,9 +314,9 @@ static void __init lsm_init_ordered(void)
lsm_order_legacy, lsm_order_cmdline);
lsm_order_legacy = NULL;
}
- ordered_lsm_parse(lsm_order_cmdline, "cmdline");
+ lsm_order_parse(lsm_order_cmdline, "cmdline");
} else
- ordered_lsm_parse(lsm_order_builtin, "builtin");
+ lsm_order_parse(lsm_order_builtin, "builtin");
lsm_order_for_each(lsm) {
lsm_prepare(*lsm);
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 16/34] lsm: cleanup the LSM blob size code
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (14 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Paul Moore
` (8 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Convert the lsm_blob_size fields to unsigned integers as there is no
current need for them to be negative, change "lsm_set_blob_size()" to
"lsm_blob_size_update()" to better reflect reality, and perform some
other minor cleanups to the associated code.
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
include/linux/lsm_hooks.h | 34 +++++++++++------------
security/lsm_init.c | 57 ++++++++++++++++++++++-----------------
2 files changed, 50 insertions(+), 41 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 65a8227bece7..86e457aa8809 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -102,23 +102,23 @@ struct security_hook_list {
* Security blob size or offset data.
*/
struct lsm_blob_sizes {
- int lbs_cred;
- int lbs_file;
- int lbs_ib;
- int lbs_inode;
- int lbs_sock;
- int lbs_superblock;
- int lbs_ipc;
- int lbs_key;
- int lbs_msg_msg;
- int lbs_perf_event;
- int lbs_task;
- int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
- int lbs_tun_dev;
- int lbs_bdev;
- int lbs_bpf_map;
- int lbs_bpf_prog;
- int lbs_bpf_token;
+ unsigned int lbs_cred;
+ unsigned int lbs_file;
+ unsigned int lbs_ib;
+ unsigned int lbs_inode;
+ unsigned int lbs_sock;
+ unsigned int lbs_superblock;
+ unsigned int lbs_ipc;
+ unsigned int lbs_key;
+ unsigned int lbs_msg_msg;
+ unsigned int lbs_perf_event;
+ unsigned int lbs_task;
+ unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
+ unsigned int lbs_tun_dev;
+ unsigned int lbs_bdev;
+ unsigned int lbs_bpf_map;
+ unsigned int lbs_bpf_prog;
+ unsigned int lbs_bpf_token;
};
/*
diff --git a/security/lsm_init.c b/security/lsm_init.c
index f0066857bd1a..6b1f8f18a43c 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -169,16 +169,22 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
-static void __init lsm_set_blob_size(int *need, int *lbs)
+/**
+ * lsm_blob_size_update - Update the LSM blob size and offset information
+ * @sz_req: the requested additional blob size
+ * @sz_cur: the existing blob size
+ */
+static void __init lsm_blob_size_update(unsigned int *sz_req,
+ unsigned int *sz_cur)
{
- int offset;
+ unsigned int offset;
- if (*need <= 0)
+ if (*sz_req == 0)
return;
- offset = ALIGN(*lbs, sizeof(void *));
- *lbs = offset + *need;
- *need = offset;
+ offset = ALIGN(*sz_cur, sizeof(void *));
+ *sz_cur = offset + *sz_req;
+ *sz_req = offset;
}
/**
@@ -193,27 +199,30 @@ static void __init lsm_prepare(struct lsm_info *lsm)
return;
/* Register the LSM blob sizes. */
- lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
- lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
- lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
+ blobs = lsm->blobs;
+ lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
+ lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
+ lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
/* inode blob gets an rcu_head in addition to LSM blobs. */
if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
blob_sizes.lbs_inode = sizeof(struct rcu_head);
- lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode);
- lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
- lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key);
- lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
- lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event);
- lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock);
- lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock);
- lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task);
- lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
- lsm_set_blob_size(&blobs->lbs_xattr_count,
- &blob_sizes.lbs_xattr_count);
- lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
- lsm_set_blob_size(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
- lsm_set_blob_size(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
- lsm_set_blob_size(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
+ lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
+ lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
+ lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
+ lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
+ lsm_blob_size_update(&blobs->lbs_perf_event,
+ &blob_sizes.lbs_perf_event);
+ lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
+ lsm_blob_size_update(&blobs->lbs_superblock,
+ &blob_sizes.lbs_superblock);
+ lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
+ lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
+ lsm_blob_size_update(&blobs->lbs_xattr_count,
+ &blob_sizes.lbs_xattr_count);
+ lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
+ lsm_blob_size_update(&blobs->lbs_bpf_map, &blob_sizes.lbs_bpf_map);
+ lsm_blob_size_update(&blobs->lbs_bpf_prog, &blob_sizes.lbs_bpf_prog);
+ lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
}
/* Initialize a given LSM, if it is enabled. */
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single()
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (15 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 16/34] lsm: cleanup the LSM blob size code Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 18/34] lsm: fold lsm_init_ordered() into security_init() Paul Moore
` (7 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Rename initialize_lsm() to be more consistent with the rest of the LSM
initialization changes and rework the function itself to better fit
with the "exit on fail" coding pattern.
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 6b1f8f18a43c..eb473f982ddb 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -169,6 +169,7 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
+
/**
* lsm_blob_size_update - Update the LSM blob size and offset information
* @sz_req: the requested additional blob size
@@ -225,16 +226,20 @@ static void __init lsm_prepare(struct lsm_info *lsm)
lsm_blob_size_update(&blobs->lbs_bpf_token, &blob_sizes.lbs_bpf_token);
}
-/* Initialize a given LSM, if it is enabled. */
-static void __init initialize_lsm(struct lsm_info *lsm)
+/**
+ * lsm_init_single - Initialize a given LSM
+ * @lsm: LSM definition
+ */
+static void __init lsm_init_single(struct lsm_info *lsm)
{
- if (lsm_is_enabled(lsm)) {
- int ret;
+ int ret;
- init_debug("initializing %s\n", lsm->id->name);
- ret = lsm->init();
- WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
- }
+ if (!lsm_is_enabled(lsm))
+ return;
+
+ init_debug("initializing %s\n", lsm->id->name);
+ ret = lsm->init();
+ WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
}
/**
@@ -379,7 +384,7 @@ static void __init lsm_init_ordered(void)
panic("%s: early task alloc failed.\n", __func__);
lsm_order_for_each(lsm) {
- initialize_lsm(*lsm);
+ lsm_init_single(*lsm);
}
}
@@ -429,7 +434,7 @@ int __init early_security_init(void)
lsm_enabled_set(lsm, true);
lsm_order_append(lsm, "early");
lsm_prepare(lsm);
- initialize_lsm(lsm);
+ lsm_init_single(lsm);
}
return 0;
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 18/34] lsm: fold lsm_init_ordered() into security_init()
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (16 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 19/34] lsm: add/tweak function header comment blocks in lsm_init.c Paul Moore
` (6 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
With only security_init() calling lsm_init_ordered, it makes little
sense to keep lsm_init_ordered() as a standalone function. Fold
lsm_init_ordered() into security_init().
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 159 ++++++++++++++++++++------------------------
1 file changed, 73 insertions(+), 86 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index eb473f982ddb..9cbb10c42e38 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -18,6 +18,9 @@ static __initdata int lsm_enabled_false = 0;
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
+/* Number of "early" LSMs */
+static __initdata unsigned int lsm_count_early;
+
/* Build and boot-time LSM ordering. */
static __initconst const char *const lsm_order_builtin = CONFIG_LSM;
static __initdata const char *lsm_order_cmdline;
@@ -169,7 +172,6 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
lsm_is_enabled(lsm) ? "enabled" : "disabled");
}
-
/**
* lsm_blob_size_update - Update the LSM blob size and offset information
* @sz_req: the requested additional blob size
@@ -313,14 +315,74 @@ static void __init lsm_order_parse(const char *list, const char *src)
}
}
-/**
- * lsm_init_ordered - Initialize the ordered LSMs
- */
-static void __init lsm_init_ordered(void)
+static void __init lsm_static_call_init(struct security_hook_list *hl)
{
- unsigned int first = 0;
+ struct lsm_static_call *scall = hl->scalls;
+ int i;
+
+ for (i = 0; i < MAX_LSM_COUNT; i++) {
+ /* Update the first static call that is not used yet */
+ if (!scall->hl) {
+ __static_call_update(scall->key, scall->trampoline,
+ hl->hook.lsm_func_addr);
+ scall->hl = hl;
+ static_branch_enable(scall->active);
+ return;
+ }
+ scall++;
+ }
+ panic("%s - Ran out of static slots.\n", __func__);
+}
+
+/**
+ * security_add_hooks - Add a modules hooks to the hook lists.
+ * @hooks: the hooks to add
+ * @count: the number of hooks to add
+ * @lsmid: the identification information for the security module
+ *
+ * Each LSM has to register its hooks with the infrastructure.
+ */
+void __init security_add_hooks(struct security_hook_list *hooks, int count,
+ const struct lsm_id *lsmid)
+{
+ int i;
+
+ for (i = 0; i < count; i++) {
+ hooks[i].lsmid = lsmid;
+ lsm_static_call_init(&hooks[i]);
+ }
+}
+
+int __init early_security_init(void)
+{
+ struct lsm_info *lsm;
+
+ lsm_early_for_each_raw(lsm) {
+ lsm_enabled_set(lsm, true);
+ lsm_order_append(lsm, "early");
+ lsm_prepare(lsm);
+ lsm_init_single(lsm);
+ lsm_count_early++;
+ }
+
+ return 0;
+}
+
+/**
+ * security_init - Initializes the LSM framework
+ *
+ * This should be called early in the kernel initialization sequence.
+ */
+int __init security_init(void)
+{
+ unsigned int cnt;
struct lsm_info **lsm;
struct lsm_info *early;
+ unsigned int first = 0;
+
+ init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*");
+ init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin);
+ init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*");
if (lsm_order_cmdline) {
if (lsm_order_legacy) {
@@ -332,9 +394,8 @@ static void __init lsm_init_ordered(void)
} else
lsm_order_parse(lsm_order_builtin, "builtin");
- lsm_order_for_each(lsm) {
+ lsm_order_for_each(lsm)
lsm_prepare(*lsm);
- }
pr_info("initializing lsm=");
lsm_early_for_each_raw(early) {
@@ -383,87 +444,13 @@ static void __init lsm_init_ordered(void)
if (lsm_task_alloc(current))
panic("%s: early task alloc failed.\n", __func__);
+ cnt = 0;
lsm_order_for_each(lsm) {
+ /* skip the "early" LSMs as they have already been setup */
+ if (cnt++ < lsm_count_early)
+ continue;
lsm_init_single(*lsm);
}
-}
-
-static void __init lsm_static_call_init(struct security_hook_list *hl)
-{
- struct lsm_static_call *scall = hl->scalls;
- int i;
-
- for (i = 0; i < MAX_LSM_COUNT; i++) {
- /* Update the first static call that is not used yet */
- if (!scall->hl) {
- __static_call_update(scall->key, scall->trampoline,
- hl->hook.lsm_func_addr);
- scall->hl = hl;
- static_branch_enable(scall->active);
- return;
- }
- scall++;
- }
- panic("%s - Ran out of static slots.\n", __func__);
-}
-
-/**
- * security_add_hooks - Add a modules hooks to the hook lists.
- * @hooks: the hooks to add
- * @count: the number of hooks to add
- * @lsmid: the identification information for the security module
- *
- * Each LSM has to register its hooks with the infrastructure.
- */
-void __init security_add_hooks(struct security_hook_list *hooks, int count,
- const struct lsm_id *lsmid)
-{
- int i;
-
- for (i = 0; i < count; i++) {
- hooks[i].lsmid = lsmid;
- lsm_static_call_init(&hooks[i]);
- }
-}
-
-int __init early_security_init(void)
-{
- struct lsm_info *lsm;
-
- lsm_early_for_each_raw(lsm) {
- lsm_enabled_set(lsm, true);
- lsm_order_append(lsm, "early");
- lsm_prepare(lsm);
- lsm_init_single(lsm);
- }
-
- return 0;
-}
-
-/**
- * security_init - initializes the security framework
- *
- * This should be called early in the kernel initialization sequence.
- */
-int __init security_init(void)
-{
- struct lsm_info *lsm;
-
- init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*");
- init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin);
- init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*");
-
- /*
- * Append the names of the early LSM modules now that kmalloc() is
- * available
- */
- lsm_early_for_each_raw(lsm) {
- init_debug(" early started: %s (%s)\n", lsm->id->name,
- lsm_is_enabled(lsm) ? "enabled" : "disabled");
- }
-
- /* Load LSMs in specified order. */
- lsm_init_ordered();
return 0;
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 19/34] lsm: add/tweak function header comment blocks in lsm_init.c
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (17 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 18/34] lsm: fold lsm_init_ordered() into security_init() Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 20/34] lsm: cleanup the debug and console output " Paul Moore
` (5 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Add function header comments for lsm_static_call_init() and
early_security_init(), tweak the existing comment block for
security_add_hooks().
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 9cbb10c42e38..bf861081d592 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -315,6 +315,10 @@ static void __init lsm_order_parse(const char *list, const char *src)
}
}
+/**
+ * lsm_static_call_init - Initialize a LSM's static calls
+ * @hl: LSM hook list
+ */
static void __init lsm_static_call_init(struct security_hook_list *hl)
{
struct lsm_static_call *scall = hl->scalls;
@@ -335,12 +339,12 @@ static void __init lsm_static_call_init(struct security_hook_list *hl)
}
/**
- * security_add_hooks - Add a modules hooks to the hook lists.
- * @hooks: the hooks to add
- * @count: the number of hooks to add
- * @lsmid: the identification information for the security module
+ * security_add_hooks - Add a LSM's hooks to the LSM framework's hook lists
+ * @hooks: LSM hooks to add
+ * @count: number of hooks to add
+ * @lsmid: identification information for the LSM
*
- * Each LSM has to register its hooks with the infrastructure.
+ * Each LSM has to register its hooks with the LSM framework.
*/
void __init security_add_hooks(struct security_hook_list *hooks, int count,
const struct lsm_id *lsmid)
@@ -353,6 +357,9 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
}
}
+/**
+ * early_security_init - Initialize the early LSMs
+ */
int __init early_security_init(void)
{
struct lsm_info *lsm;
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 20/34] lsm: cleanup the debug and console output in lsm_init.c
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (18 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 19/34] lsm: add/tweak function header comment blocks in lsm_init.c Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 21/34] lsm: output available LSMs when debugging Paul Moore
` (4 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Move away from an init specific init_debug() macro to a more general
lsm_pr()/lsm_pr_cont()/lsm_pr_dbg() set of macros that are available
both before and after init. In the process we do a number of minor
changes to improve the LSM initialization output and cleanup the code
somewhat.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm.h | 11 ++++
security/lsm_init.c | 123 +++++++++++++++++++-------------------------
security/security.c | 2 +
3 files changed, 66 insertions(+), 70 deletions(-)
diff --git a/security/lsm.h b/security/lsm.h
index dbe755c45e57..8dc267977ae0 100644
--- a/security/lsm.h
+++ b/security/lsm.h
@@ -6,9 +6,20 @@
#ifndef _LSM_H_
#define _LSM_H_
+#include <linux/printk.h>
#include <linux/lsm_hooks.h>
#include <linux/lsm_count.h>
+/* LSM debugging */
+extern bool lsm_debug;
+#define lsm_pr(...) pr_info(__VA_ARGS__)
+#define lsm_pr_cont(...) pr_cont(__VA_ARGS__)
+#define lsm_pr_dbg(...) \
+ do { \
+ if (lsm_debug) \
+ pr_info(__VA_ARGS__); \
+ } while (0)
+
/* List of configured LSMs */
extern unsigned int lsm_active_cnt;
extern const struct lsm_id *lsm_idlist[];
diff --git a/security/lsm_init.c b/security/lsm_init.c
index bf861081d592..cd1779e03497 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -30,13 +30,6 @@ static __initdata const char *lsm_order_legacy;
static __initdata struct lsm_info *lsm_order[MAX_LSM_COUNT + 1];
static __initdata struct lsm_info *lsm_exclusive;
-static __initdata bool debug;
-#define init_debug(...) \
- do { \
- if (debug) \
- pr_info(__VA_ARGS__); \
- } while (0)
-
#define lsm_order_for_each(iter) \
for ((iter) = lsm_order; *(iter); (iter)++)
#define lsm_for_each_raw(iter) \
@@ -77,7 +70,7 @@ __setup("lsm=", lsm_choose_lsm);
*/
static int __init lsm_debug_enable(char *str)
{
- debug = true;
+ lsm_debug = true;
return 1;
}
__setup("lsm.debug", lsm_debug_enable);
@@ -143,22 +136,28 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
return;
/* Skip explicitly disabled LSMs. */
- if (lsm->enabled && !lsm_is_enabled(lsm))
- goto out;
+ if (lsm->enabled && !lsm_is_enabled(lsm)) {
+ lsm_pr_dbg("skip previously disabled LSM %s:%s\n",
+ src, lsm->id->name);
+ return;
+ }
- if (WARN(lsm_active_cnt == MAX_LSM_COUNT,
- "%s: out of LSM static calls!?\n", src)) {
+ if (lsm_active_cnt == MAX_LSM_COUNT) {
+ pr_warn("exceeded maximum LSM count on %s:%s\n",
+ src, lsm->id->name);
lsm_enabled_set(lsm, false);
- goto out;
+ return;
}
if (lsm->flags & LSM_FLAG_EXCLUSIVE) {
if (lsm_exclusive) {
- init_debug("exclusive disabled: %s\n", lsm->id->name);
+ lsm_pr_dbg("skip exclusive LSM conflict %s:%s\n",
+ src, lsm->id->name);
lsm_enabled_set(lsm, false);
- goto out;
+ return;
} else {
- init_debug("exclusive chosen: %s\n", lsm->id->name);
+ lsm_pr_dbg("select exclusive LSM %s:%s\n",
+ src, lsm->id->name);
lsm_exclusive = lsm;
}
}
@@ -167,9 +166,7 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
lsm_order[lsm_active_cnt] = lsm;
lsm_idlist[lsm_active_cnt++] = lsm->id;
-out:
- init_debug("%s ordered: %s (%s)\n", src, lsm->id->name,
- lsm_is_enabled(lsm) ? "enabled" : "disabled");
+ lsm_pr_dbg("enabling LSM %s:%s\n", src, lsm->id->name);
}
/**
@@ -239,7 +236,7 @@ static void __init lsm_init_single(struct lsm_info *lsm)
if (!lsm_is_enabled(lsm))
return;
- init_debug("initializing %s\n", lsm->id->name);
+ lsm_pr_dbg("initializing %s\n", lsm->id->name);
ret = lsm->init();
WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
}
@@ -266,8 +263,8 @@ static void __init lsm_order_parse(const char *list, const char *src)
if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) &&
strcmp(lsm->id->name, lsm_order_legacy)) {
lsm_enabled_set(lsm, false);
- init_debug("security=%s disabled: %s (only one legacy major LSM)\n",
- lsm_order_legacy, lsm->id->name);
+ lsm_pr_dbg("skip legacy LSM conflict %s:%s\n",
+ src, lsm->id->name);
}
}
}
@@ -310,8 +307,7 @@ static void __init lsm_order_parse(const char *list, const char *src)
if (lsm_order_exists(lsm))
continue;
lsm_enabled_set(lsm, false);
- init_debug("%s skipped: %s (not in requested order)\n",
- src, lsm->id->name);
+ lsm_pr_dbg("skip disabled LSM %s:%s\n", src, lsm->id->name);
}
}
@@ -319,7 +315,7 @@ static void __init lsm_order_parse(const char *list, const char *src)
* lsm_static_call_init - Initialize a LSM's static calls
* @hl: LSM hook list
*/
-static void __init lsm_static_call_init(struct security_hook_list *hl)
+static int __init lsm_static_call_init(struct security_hook_list *hl)
{
struct lsm_static_call *scall = hl->scalls;
int i;
@@ -331,11 +327,12 @@ static void __init lsm_static_call_init(struct security_hook_list *hl)
hl->hook.lsm_func_addr);
scall->hl = hl;
static_branch_enable(scall->active);
- return;
+ return 0;
}
scall++;
}
- panic("%s - Ran out of static slots.\n", __func__);
+
+ return -ENOSPC;
}
/**
@@ -353,7 +350,9 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
for (i = 0; i < count; i++) {
hooks[i].lsmid = lsmid;
- lsm_static_call_init(&hooks[i]);
+ if (lsm_static_call_init(&hooks[i]))
+ panic("exhausted LSM callback slots with LSM %s\n",
+ lsmid->name);
}
}
@@ -384,19 +383,16 @@ int __init security_init(void)
{
unsigned int cnt;
struct lsm_info **lsm;
- struct lsm_info *early;
- unsigned int first = 0;
- init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*");
- init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin);
- init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*");
+ if (lsm_debug) {
+ lsm_pr("built-in LSM list: %s\n", lsm_order_builtin);
+ lsm_pr("legacy LSM parameter: %s\n", lsm_order_legacy);
+ lsm_pr("boot LSM parameter: %s\n", lsm_order_cmdline);
+ }
if (lsm_order_cmdline) {
- if (lsm_order_legacy) {
- pr_warn("security=%s is ignored because it is superseded by lsm=%s\n",
- lsm_order_legacy, lsm_order_cmdline);
+ if (lsm_order_legacy)
lsm_order_legacy = NULL;
- }
lsm_order_parse(lsm_order_cmdline, "cmdline");
} else
lsm_order_parse(lsm_order_builtin, "builtin");
@@ -404,38 +400,25 @@ int __init security_init(void)
lsm_order_for_each(lsm)
lsm_prepare(*lsm);
- pr_info("initializing lsm=");
- lsm_early_for_each_raw(early) {
- if (lsm_is_enabled(early))
- pr_cont("%s%s",
- first++ == 0 ? "" : ",", early->id->name);
+ if (lsm_debug) {
+ lsm_pr("blob(cred) size %d\n", blob_sizes.lbs_cred);
+ lsm_pr("blob(file) size %d\n", blob_sizes.lbs_file);
+ lsm_pr("blob(ib) size %d\n", blob_sizes.lbs_ib);
+ lsm_pr("blob(inode) size %d\n", blob_sizes.lbs_inode);
+ lsm_pr("blob(ipc) size %d\n", blob_sizes.lbs_ipc);
+ lsm_pr("blob(key) size %d\n", blob_sizes.lbs_key);
+ lsm_pr("blob(msg_msg)_size %d\n", blob_sizes.lbs_msg_msg);
+ lsm_pr("blob(sock) size %d\n", blob_sizes.lbs_sock);
+ lsm_pr("blob(superblock) size %d\n", blob_sizes.lbs_superblock);
+ lsm_pr("blob(perf_event) size %d\n", blob_sizes.lbs_perf_event);
+ lsm_pr("blob(task) size %d\n", blob_sizes.lbs_task);
+ lsm_pr("blob(tun_dev) size %d\n", blob_sizes.lbs_tun_dev);
+ lsm_pr("blob(xattr) count %d\n", blob_sizes.lbs_xattr_count);
+ lsm_pr("blob(bdev) size %d\n", blob_sizes.lbs_bdev);
+ lsm_pr("blob(bpf_map) size %d\n", blob_sizes.lbs_bpf_map);
+ lsm_pr("blob(bpf_prog) size %d\n", blob_sizes.lbs_bpf_prog);
+ lsm_pr("blob(bpf_token) size %d\n", blob_sizes.lbs_bpf_token);
}
- lsm_order_for_each(lsm) {
- if (lsm_is_enabled(*lsm))
- pr_cont("%s%s",
- first++ == 0 ? "" : ",", (*lsm)->id->name);
- }
- pr_cont("\n");
-
- init_debug("cred blob size = %d\n", blob_sizes.lbs_cred);
- init_debug("file blob size = %d\n", blob_sizes.lbs_file);
- init_debug("ib blob size = %d\n", blob_sizes.lbs_ib);
- init_debug("inode blob size = %d\n", blob_sizes.lbs_inode);
- init_debug("ipc blob size = %d\n", blob_sizes.lbs_ipc);
-#ifdef CONFIG_KEYS
- init_debug("key blob size = %d\n", blob_sizes.lbs_key);
-#endif /* CONFIG_KEYS */
- init_debug("msg_msg blob size = %d\n", blob_sizes.lbs_msg_msg);
- init_debug("sock blob size = %d\n", blob_sizes.lbs_sock);
- init_debug("superblock blob size = %d\n", blob_sizes.lbs_superblock);
- init_debug("perf event blob size = %d\n", blob_sizes.lbs_perf_event);
- init_debug("task blob size = %d\n", blob_sizes.lbs_task);
- init_debug("tun device blob size = %d\n", blob_sizes.lbs_tun_dev);
- init_debug("xattr slots = %d\n", blob_sizes.lbs_xattr_count);
- init_debug("bdev blob size = %d\n", blob_sizes.lbs_bdev);
- init_debug("bpf map blob size = %d\n", blob_sizes.lbs_bpf_map);
- init_debug("bpf prog blob size = %d\n", blob_sizes.lbs_bpf_prog);
- init_debug("bpf token blob size = %d\n", blob_sizes.lbs_bpf_token);
if (blob_sizes.lbs_file)
lsm_file_cache = kmem_cache_create("lsm_file_cache",
@@ -447,9 +430,9 @@ int __init security_init(void)
SLAB_PANIC, NULL);
if (lsm_cred_alloc((struct cred __rcu *)current->cred, GFP_KERNEL))
- panic("%s: early cred alloc failed.\n", __func__);
+ panic("early LSM cred alloc failed\n");
if (lsm_task_alloc(current))
- panic("%s: early task alloc failed.\n", __func__);
+ panic("early LSM task alloc failed\n");
cnt = 0;
lsm_order_for_each(lsm) {
diff --git a/security/security.c b/security/security.c
index b4eec4f00730..31a688650601 100644
--- a/security/security.c
+++ b/security/security.c
@@ -73,6 +73,8 @@ const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX + 1] = {
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
};
+bool lsm_debug __ro_after_init;
+
unsigned int lsm_active_cnt __ro_after_init;
const struct lsm_id *lsm_idlist[MAX_LSM_COUNT];
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 21/34] lsm: output available LSMs when debugging
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (19 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 20/34] lsm: cleanup the debug and console output " Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:24 ` [PATCH v5 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions Paul Moore
` (3 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
This will display all of the LSMs built into the kernel, regardless
of if they are enabled or not.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index cd1779e03497..cfcf3bf7127f 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -363,6 +363,8 @@ int __init early_security_init(void)
{
struct lsm_info *lsm;
+ /* NOTE: lsm_pr_dbg() doesn't work here as lsm_debug is not yet set */
+
lsm_early_for_each_raw(lsm) {
lsm_enabled_set(lsm, true);
lsm_order_append(lsm, "early");
@@ -385,9 +387,24 @@ int __init security_init(void)
struct lsm_info **lsm;
if (lsm_debug) {
- lsm_pr("built-in LSM list: %s\n", lsm_order_builtin);
+ struct lsm_info *i;
+
+ cnt = 0;
+ lsm_pr("available LSMs: ");
+ lsm_early_for_each_raw(i)
+ lsm_pr_cont("%s%s(E)", (cnt++ ? "," : ""), i->id->name);
+ lsm_for_each_raw(i)
+ lsm_pr_cont("%s%s", (cnt++ ? "," : ""), i->id->name);
+ lsm_pr_cont("\n");
+
+ lsm_pr("built-in LSM config: %s\n", lsm_order_builtin);
+
lsm_pr("legacy LSM parameter: %s\n", lsm_order_legacy);
lsm_pr("boot LSM parameter: %s\n", lsm_order_cmdline);
+
+ /* see the note about lsm_pr_dbg() in early_security_init() */
+ lsm_early_for_each_raw(i)
+ lsm_pr("enabled LSM early:%s\n", i->id->name);
}
if (lsm_order_cmdline) {
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (20 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 21/34] lsm: output available LSMs when debugging Paul Moore
@ 2025-10-17 20:24 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (2 subsequent siblings)
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:24 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
Move the lsm_order_parse() function near the other lsm_order_*()
functions to improve readability.
No code changes.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 140 ++++++++++++++++++++++----------------------
1 file changed, 70 insertions(+), 70 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index cfcf3bf7127f..fd69bde9112e 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -169,6 +169,76 @@ static void __init lsm_order_append(struct lsm_info *lsm, const char *src)
lsm_pr_dbg("enabling LSM %s:%s\n", src, lsm->id->name);
}
+/**
+ * lsm_order_parse - Parse the comma delimited LSM list
+ * @list: LSM list
+ * @src: source of the list
+ */
+static void __init lsm_order_parse(const char *list, const char *src)
+{
+ struct lsm_info *lsm;
+ char *sep, *name, *next;
+
+ /* Handle any Legacy LSM exclusions if one was specified. */
+ if (lsm_order_legacy) {
+ /*
+ * To match the original "security=" behavior, this explicitly
+ * does NOT fallback to another Legacy Major if the selected
+ * one was separately disabled: disable all non-matching
+ * Legacy Major LSMs.
+ */
+ lsm_for_each_raw(lsm) {
+ if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) &&
+ strcmp(lsm->id->name, lsm_order_legacy)) {
+ lsm_enabled_set(lsm, false);
+ lsm_pr_dbg("skip legacy LSM conflict %s:%s\n",
+ src, lsm->id->name);
+ }
+ }
+ }
+
+ /* LSM_ORDER_FIRST */
+ lsm_for_each_raw(lsm) {
+ if (lsm->order == LSM_ORDER_FIRST)
+ lsm_order_append(lsm, "first");
+ }
+
+ /* Normal or "mutable" LSMs */
+ sep = kstrdup(list, GFP_KERNEL);
+ next = sep;
+ /* Walk the list, looking for matching LSMs. */
+ while ((name = strsep(&next, ",")) != NULL) {
+ lsm_for_each_raw(lsm) {
+ if (!strcmp(lsm->id->name, name) &&
+ lsm->order == LSM_ORDER_MUTABLE)
+ lsm_order_append(lsm, src);
+ }
+ }
+ kfree(sep);
+
+ /* Legacy LSM if specified. */
+ if (lsm_order_legacy) {
+ lsm_for_each_raw(lsm) {
+ if (!strcmp(lsm->id->name, lsm_order_legacy))
+ lsm_order_append(lsm, src);
+ }
+ }
+
+ /* LSM_ORDER_LAST */
+ lsm_for_each_raw(lsm) {
+ if (lsm->order == LSM_ORDER_LAST)
+ lsm_order_append(lsm, "last");
+ }
+
+ /* Disable all LSMs not previously enabled. */
+ lsm_for_each_raw(lsm) {
+ if (lsm_order_exists(lsm))
+ continue;
+ lsm_enabled_set(lsm, false);
+ lsm_pr_dbg("skip disabled LSM %s:%s\n", src, lsm->id->name);
+ }
+}
+
/**
* lsm_blob_size_update - Update the LSM blob size and offset information
* @sz_req: the requested additional blob size
@@ -241,76 +311,6 @@ static void __init lsm_init_single(struct lsm_info *lsm)
WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
}
-/**
- * lsm_order_parse - Parse the comma delimited LSM list
- * @list: LSM list
- * @src: source of the list
- */
-static void __init lsm_order_parse(const char *list, const char *src)
-{
- struct lsm_info *lsm;
- char *sep, *name, *next;
-
- /* Handle any Legacy LSM exclusions if one was specified. */
- if (lsm_order_legacy) {
- /*
- * To match the original "security=" behavior, this explicitly
- * does NOT fallback to another Legacy Major if the selected
- * one was separately disabled: disable all non-matching
- * Legacy Major LSMs.
- */
- lsm_for_each_raw(lsm) {
- if ((lsm->flags & LSM_FLAG_LEGACY_MAJOR) &&
- strcmp(lsm->id->name, lsm_order_legacy)) {
- lsm_enabled_set(lsm, false);
- lsm_pr_dbg("skip legacy LSM conflict %s:%s\n",
- src, lsm->id->name);
- }
- }
- }
-
- /* LSM_ORDER_FIRST */
- lsm_for_each_raw(lsm) {
- if (lsm->order == LSM_ORDER_FIRST)
- lsm_order_append(lsm, "first");
- }
-
- /* Normal or "mutable" LSMs */
- sep = kstrdup(list, GFP_KERNEL);
- next = sep;
- /* Walk the list, looking for matching LSMs. */
- while ((name = strsep(&next, ",")) != NULL) {
- lsm_for_each_raw(lsm) {
- if (!strcmp(lsm->id->name, name) &&
- lsm->order == LSM_ORDER_MUTABLE)
- lsm_order_append(lsm, src);
- }
- }
- kfree(sep);
-
- /* Legacy LSM if specified. */
- if (lsm_order_legacy) {
- lsm_for_each_raw(lsm) {
- if (!strcmp(lsm->id->name, lsm_order_legacy))
- lsm_order_append(lsm, src);
- }
- }
-
- /* LSM_ORDER_LAST */
- lsm_for_each_raw(lsm) {
- if (lsm->order == LSM_ORDER_LAST)
- lsm_order_append(lsm, "last");
- }
-
- /* Disable all LSMs not previously enabled. */
- lsm_for_each_raw(lsm) {
- if (lsm_order_exists(lsm))
- continue;
- lsm_enabled_set(lsm, false);
- lsm_pr_dbg("skip disabled LSM %s:%s\n", src, lsm->id->name);
- }
-}
-
/**
* lsm_static_call_init - Initialize a LSM's static calls
* @hl: LSM hook list
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 01/11] loadpin: move initcalls to the LSM framework
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (21 preceding siblings ...)
2025-10-17 20:24 ` [PATCH v5 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 02/11] ipe: " Paul Moore
` (9 more replies)
2025-10-17 20:59 ` [PATCH v5 0/34] Rework the LSM initialization Paul Moore
2025-10-22 23:34 ` Paul Moore
24 siblings, 10 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
Acked-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/loadpin/loadpin.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index b9ddf05c5c16..273ffbd6defe 100644
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c
@@ -270,11 +270,6 @@ static int __init loadpin_init(void)
return 0;
}
-DEFINE_LSM(loadpin) = {
- .id = &loadpin_lsmid,
- .init = loadpin_init,
-};
-
#ifdef CONFIG_SECURITY_LOADPIN_VERITY
enum loadpin_securityfs_interface_index {
@@ -434,10 +429,16 @@ static int __init init_loadpin_securityfs(void)
return 0;
}
-fs_initcall(init_loadpin_securityfs);
-
#endif /* CONFIG_SECURITY_LOADPIN_VERITY */
+DEFINE_LSM(loadpin) = {
+ .id = &loadpin_lsmid,
+ .init = loadpin_init,
+#ifdef CONFIG_SECURITY_LOADPIN_VERITY
+ .initcall_fs = init_loadpin_securityfs,
+#endif /* CONFIG_SECURITY_LOADPIN_VERITY */
+};
+
/* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
module_param(enforce, int, 0);
MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning");
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 02/11] ipe: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 03/11] smack: " Paul Moore
` (8 subsequent siblings)
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
Reviewed-by: Kees Cook <kees@kernel.org>
Tested-by: Fan Wu <wufan@kernel.org>
Acked-by: Fan Wu <wufan@kernel.org>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/ipe/fs.c | 4 +---
security/ipe/ipe.c | 1 +
security/ipe/ipe.h | 2 ++
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/ipe/fs.c b/security/ipe/fs.c
index 0bb9468b8026..076c111c85c8 100644
--- a/security/ipe/fs.c
+++ b/security/ipe/fs.c
@@ -193,7 +193,7 @@ static const struct file_operations enforce_fops = {
* Return: %0 on success. If an error occurs, the function will return
* the -errno.
*/
-static int __init ipe_init_securityfs(void)
+int __init ipe_init_securityfs(void)
{
int rc = 0;
struct ipe_policy *ap;
@@ -244,5 +244,3 @@ static int __init ipe_init_securityfs(void)
securityfs_remove(root);
return rc;
}
-
-fs_initcall(ipe_init_securityfs);
diff --git a/security/ipe/ipe.c b/security/ipe/ipe.c
index 2426441181dc..71644748ed56 100644
--- a/security/ipe/ipe.c
+++ b/security/ipe/ipe.c
@@ -95,4 +95,5 @@ DEFINE_LSM(ipe) = {
.id = &ipe_lsmid,
.init = ipe_init,
.blobs = &ipe_blobs,
+ .initcall_fs = ipe_init_securityfs,
};
diff --git a/security/ipe/ipe.h b/security/ipe/ipe.h
index fb37513812dd..25cfdb8f0c20 100644
--- a/security/ipe/ipe.h
+++ b/security/ipe/ipe.h
@@ -23,4 +23,6 @@ struct ipe_bdev *ipe_bdev(struct block_device *b);
struct ipe_inode *ipe_inode(const struct inode *inode);
#endif /* CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG */
+int ipe_init_securityfs(void);
+
#endif /* _IPE_H */
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 03/11] smack: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
2025-10-17 20:48 ` [PATCH v5 02/11] ipe: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 04/11] tomoyo: " Paul Moore
` (7 subsequent siblings)
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
As the LSM framework only supports one LSM initcall callback for each
initcall type, the init_smk_fs() and smack_nf_ip_init() functions were
wrapped with a new function, smack_initcall() that is registered with
the LSM framework.
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/smack/smack.h | 14 ++++++++++++++
security/smack/smack_lsm.c | 9 +++++++++
security/smack/smack_netfilter.c | 4 +---
security/smack/smackfs.c | 4 +---
4 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/security/smack/smack.h b/security/smack/smack.h
index bf6a6ed3946c..c56e1e876f7c 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -275,6 +275,20 @@ struct smk_audit_info {
#endif
};
+/*
+ * Initialization
+ */
+#if defined(CONFIG_SECURITY_SMACK_NETFILTER)
+int smack_nf_ip_init(void);
+#else
+static inline int smack_nf_ip_init(void)
+{
+ return 0;
+}
+#endif
+int init_smk_fs(void);
+int smack_initcall(void);
+
/*
* These functions are in smack_access.c
*/
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 392698e41120..23ee1c0c07b7 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -5275,6 +5275,14 @@ static __init int smack_init(void)
return 0;
}
+int __init smack_initcall(void)
+{
+ int rc_fs = init_smk_fs();
+ int rc_nf = smack_nf_ip_init();
+
+ return rc_fs ? rc_fs : rc_nf;
+}
+
/*
* Smack requires early initialization in order to label
* all processes and objects when they are created.
@@ -5284,4 +5292,5 @@ DEFINE_LSM(smack) = {
.flags = LSM_FLAG_LEGACY_MAJOR | LSM_FLAG_EXCLUSIVE,
.blobs = &smack_blob_sizes,
.init = smack_init,
+ .initcall_device = smack_initcall,
};
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index 8fd747b3653a..17ba578b1308 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -68,7 +68,7 @@ static struct pernet_operations smack_net_ops = {
.exit = smack_nf_unregister,
};
-static int __init smack_nf_ip_init(void)
+int __init smack_nf_ip_init(void)
{
if (smack_enabled == 0)
return 0;
@@ -76,5 +76,3 @@ static int __init smack_nf_ip_init(void)
printk(KERN_DEBUG "Smack: Registering netfilter hooks\n");
return register_pernet_subsys(&smack_net_ops);
}
-
-__initcall(smack_nf_ip_init);
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index b1e5e62f5cbd..405ace6db109 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -2978,7 +2978,7 @@ static struct vfsmount *smackfs_mount;
* Returns true if we were not chosen on boot or if
* we were chosen and filesystem registration succeeded.
*/
-static int __init init_smk_fs(void)
+int __init init_smk_fs(void)
{
int err;
int rc;
@@ -3021,5 +3021,3 @@ static int __init init_smk_fs(void)
return err;
}
-
-__initcall(init_smk_fs);
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 04/11] tomoyo: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
2025-10-17 20:48 ` [PATCH v5 02/11] ipe: " Paul Moore
2025-10-17 20:48 ` [PATCH v5 03/11] smack: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 05/11] safesetid: " Paul Moore
` (6 subsequent siblings)
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Acked-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/tomoyo/common.h | 2 ++
security/tomoyo/securityfs_if.c | 4 +---
security/tomoyo/tomoyo.c | 1 +
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 0e8e2e959aef..3b2a97d10a5d 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -924,6 +924,8 @@ struct tomoyo_task {
/********** Function prototypes. **********/
+int tomoyo_interface_init(void);
+
bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address,
const struct tomoyo_group *group);
bool tomoyo_compare_number_union(const unsigned long value,
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 7e69747b2f77..33933645f5b9 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -233,7 +233,7 @@ static void __init tomoyo_create_entry(const char *name, const umode_t mode,
*
* Returns 0.
*/
-static int __init tomoyo_interface_init(void)
+int __init tomoyo_interface_init(void)
{
struct tomoyo_domain_info *domain;
struct dentry *tomoyo_dir;
@@ -269,5 +269,3 @@ static int __init tomoyo_interface_init(void)
tomoyo_load_builtin_policy();
return 0;
}
-
-fs_initcall(tomoyo_interface_init);
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index cb003c460dc2..c66e02ed8ee3 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -617,4 +617,5 @@ DEFINE_LSM(tomoyo) = {
.flags = LSM_FLAG_LEGACY_MAJOR,
.blobs = &tomoyo_blob_sizes,
.init = tomoyo_init,
+ .initcall_fs = tomoyo_interface_init,
};
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 05/11] safesetid: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (2 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 04/11] tomoyo: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 06/11] apparmor: " Paul Moore
` (5 subsequent siblings)
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
Reviewed-by: Kees Cook <kees@kernel.org>
Acked-by: Micah Morton <mortonm@chromium.org>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/safesetid/lsm.c | 1 +
security/safesetid/lsm.h | 2 ++
security/safesetid/securityfs.c | 3 +--
3 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c
index 9a7c68d4e642..d5fb949050dd 100644
--- a/security/safesetid/lsm.c
+++ b/security/safesetid/lsm.c
@@ -289,4 +289,5 @@ static int __init safesetid_security_init(void)
DEFINE_LSM(safesetid_security_init) = {
.id = &safesetid_lsmid,
.init = safesetid_security_init,
+ .initcall_fs = safesetid_init_securityfs,
};
diff --git a/security/safesetid/lsm.h b/security/safesetid/lsm.h
index d346f4849cea..bf5172e2c3f7 100644
--- a/security/safesetid/lsm.h
+++ b/security/safesetid/lsm.h
@@ -70,4 +70,6 @@ enum sid_policy_type _setid_policy_lookup(struct setid_ruleset *policy,
extern struct setid_ruleset __rcu *safesetid_setuid_rules;
extern struct setid_ruleset __rcu *safesetid_setgid_rules;
+int safesetid_init_securityfs(void);
+
#endif /* _SAFESETID_H */
diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
index 8e1ffd70b18a..ece259f75b0d 100644
--- a/security/safesetid/securityfs.c
+++ b/security/safesetid/securityfs.c
@@ -308,7 +308,7 @@ static const struct file_operations safesetid_gid_file_fops = {
.write = safesetid_gid_file_write,
};
-static int __init safesetid_init_securityfs(void)
+int __init safesetid_init_securityfs(void)
{
int ret;
struct dentry *policy_dir;
@@ -345,4 +345,3 @@ static int __init safesetid_init_securityfs(void)
securityfs_remove(policy_dir);
return ret;
}
-fs_initcall(safesetid_init_securityfs);
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 06/11] apparmor: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (3 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 05/11] safesetid: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 07/11] lockdown: " Paul Moore
` (4 subsequent siblings)
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
Reviewed-by: Kees Cook <kees@kernel.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/apparmor/apparmorfs.c | 4 +---
security/apparmor/crypto.c | 3 +--
security/apparmor/include/apparmorfs.h | 2 ++
security/apparmor/include/crypto.h | 1 +
security/apparmor/lsm.c | 9 ++++++++-
5 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 391a586d0557..ee04c1ac9d6e 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -2649,7 +2649,7 @@ static const struct inode_operations policy_link_iops = {
*
* Returns: error on failure
*/
-static int __init aa_create_aafs(void)
+int __init aa_create_aafs(void)
{
struct dentry *dent;
int error;
@@ -2728,5 +2728,3 @@ static int __init aa_create_aafs(void)
AA_ERROR("Error creating AppArmor securityfs\n");
return error;
}
-
-fs_initcall(aa_create_aafs);
diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c
index 227d47c14907..d8a7bde94d79 100644
--- a/security/apparmor/crypto.c
+++ b/security/apparmor/crypto.c
@@ -53,10 +53,9 @@ int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
return 0;
}
-static int __init init_profile_hash(void)
+int __init init_profile_hash(void)
{
if (apparmor_initialized)
aa_info_message("AppArmor sha256 policy hashing enabled");
return 0;
}
-late_initcall(init_profile_hash);
diff --git a/security/apparmor/include/apparmorfs.h b/security/apparmor/include/apparmorfs.h
index 1e94904f68d9..dd580594dfb7 100644
--- a/security/apparmor/include/apparmorfs.h
+++ b/security/apparmor/include/apparmorfs.h
@@ -104,6 +104,8 @@ enum aafs_prof_type {
#define prof_dir(X) ((X)->dents[AAFS_PROF_DIR])
#define prof_child_dir(X) ((X)->dents[AAFS_PROF_PROFS])
+int aa_create_aafs(void);
+
void __aa_bump_ns_revision(struct aa_ns *ns);
void __aafs_profile_rmdir(struct aa_profile *profile);
void __aafs_profile_migrate_dents(struct aa_profile *old,
diff --git a/security/apparmor/include/crypto.h b/security/apparmor/include/crypto.h
index 636a04e20d91..f3ffd388cc58 100644
--- a/security/apparmor/include/crypto.h
+++ b/security/apparmor/include/crypto.h
@@ -13,6 +13,7 @@
#include "policy.h"
#ifdef CONFIG_SECURITY_APPARMOR_HASH
+int init_profile_hash(void);
unsigned int aa_hash_size(void);
char *aa_calc_hash(void *data, size_t len);
int aa_calc_profile_hash(struct aa_profile *profile, u32 version, void *start,
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index f6798144234b..a87cd60ed206 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -32,6 +32,7 @@
#include "include/audit.h"
#include "include/capability.h"
#include "include/cred.h"
+#include "include/crypto.h"
#include "include/file.h"
#include "include/ipc.h"
#include "include/net.h"
@@ -2426,7 +2427,6 @@ static int __init apparmor_nf_ip_init(void)
return 0;
}
-__initcall(apparmor_nf_ip_init);
#endif
static char nulldfa_src[] __aligned(8) = {
@@ -2560,4 +2560,11 @@ DEFINE_LSM(apparmor) = {
.enabled = &apparmor_enabled,
.blobs = &apparmor_blob_sizes,
.init = apparmor_init,
+ .initcall_fs = aa_create_aafs,
+#if defined(CONFIG_NETFILTER) && defined(CONFIG_NETWORK_SECMARK)
+ .initcall_device = apparmor_nf_ip_init,
+#endif
+#ifdef CONFIG_SECURITY_APPARMOR_HASH
+ .initcall_late = init_profile_hash,
+#endif
};
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 07/11] lockdown: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (4 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 06/11] apparmor: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 08/11] ima,evm: " Paul Moore
` (3 subsequent siblings)
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
Reviewed-by: Kees Cook <kees@kernel.org>
Acked-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lockdown/lockdown.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 4813f168ff93..8d46886d2cca 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -161,8 +161,6 @@ static int __init lockdown_secfs_init(void)
return PTR_ERR_OR_ZERO(dentry);
}
-core_initcall(lockdown_secfs_init);
-
#ifdef CONFIG_SECURITY_LOCKDOWN_LSM_EARLY
DEFINE_EARLY_LSM(lockdown) = {
#else
@@ -170,4 +168,5 @@ DEFINE_LSM(lockdown) = {
#endif
.id = &lockdown_lsmid,
.init = lockdown_lsm_init,
+ .initcall_core = lockdown_secfs_init,
};
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 08/11] ima,evm: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (5 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 07/11] lockdown: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 09/11] selinux: " Paul Moore
` (2 subsequent siblings)
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
From: Roberto Sassu <roberto.sassu@huawei.com>
This patch converts IMA and EVM to use the LSM frameworks's initcall
mechanism. It moved the integrity_fs_init() call to ima_fs_init() and
evm_init_secfs(), to work around the fact that there is no "integrity" LSM,
and introduced integrity_fs_fini() to remove the integrity directory, if
empty. Both integrity_fs_init() and integrity_fs_fini() support the
scenario of being called by both the IMA and EVM LSMs.
This patch does not touch any of the platform certificate code that
lives under the security/integrity/platform_certs directory as the
IMA/EVM developers would prefer to address that in a future patchset.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
[PM: adjust description as discussed over email]
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/integrity/evm/evm_main.c | 3 +--
security/integrity/evm/evm_secfs.c | 11 +++++++++--
security/integrity/iint.c | 14 ++++++++++++--
security/integrity/ima/ima_fs.c | 11 +++++++++--
security/integrity/ima/ima_main.c | 4 ++--
security/integrity/integrity.h | 2 ++
6 files changed, 35 insertions(+), 10 deletions(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index db8e324ed4e6..73d500a375cb 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -1179,6 +1179,5 @@ DEFINE_LSM(evm) = {
.init = init_evm_lsm,
.order = LSM_ORDER_LAST,
.blobs = &evm_blob_sizes,
+ .initcall_late = init_evm,
};
-
-late_initcall(init_evm);
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index b0d2aad27850..c26724690cec 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -302,10 +302,16 @@ int __init evm_init_secfs(void)
int error = 0;
struct dentry *dentry;
- evm_dir = securityfs_create_dir("evm", integrity_dir);
- if (IS_ERR(evm_dir))
+ error = integrity_fs_init();
+ if (error < 0)
return -EFAULT;
+ evm_dir = securityfs_create_dir("evm", integrity_dir);
+ if (IS_ERR(evm_dir)) {
+ error = -EFAULT;
+ goto out;
+ }
+
dentry = securityfs_create_file("evm", 0660,
evm_dir, NULL, &evm_key_ops);
if (IS_ERR(dentry)) {
@@ -329,5 +335,6 @@ int __init evm_init_secfs(void)
out:
securityfs_remove(evm_symlink);
securityfs_remove(evm_dir);
+ integrity_fs_fini();
return error;
}
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index 068ac6c2ae1e..8ec1a3436a71 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -42,8 +42,11 @@ void __init integrity_load_keys(void)
evm_load_x509();
}
-static int __init integrity_fs_init(void)
+int __init integrity_fs_init(void)
{
+ if (integrity_dir)
+ return 0;
+
integrity_dir = securityfs_create_dir("integrity", NULL);
if (IS_ERR(integrity_dir)) {
int ret = PTR_ERR(integrity_dir);
@@ -58,4 +61,11 @@ static int __init integrity_fs_init(void)
return 0;
}
-late_initcall(integrity_fs_init)
+void __init integrity_fs_fini(void)
+{
+ if (!integrity_dir || !simple_empty(integrity_dir))
+ return;
+
+ securityfs_remove(integrity_dir);
+ integrity_dir = NULL;
+}
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 87045b09f120..012a58959ff0 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -499,9 +499,15 @@ int __init ima_fs_init(void)
struct dentry *dentry;
int ret;
+ ret = integrity_fs_init();
+ if (ret < 0)
+ return ret;
+
ima_dir = securityfs_create_dir("ima", integrity_dir);
- if (IS_ERR(ima_dir))
- return PTR_ERR(ima_dir);
+ if (IS_ERR(ima_dir)) {
+ ret = PTR_ERR(ima_dir);
+ goto out;
+ }
ima_symlink = securityfs_create_symlink("ima", NULL, "integrity/ima",
NULL);
@@ -555,6 +561,7 @@ int __init ima_fs_init(void)
out:
securityfs_remove(ima_symlink);
securityfs_remove(ima_dir);
+ integrity_fs_fini();
return ret;
}
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index eade8e1e3cb1..b703bfc2f470 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -1283,6 +1283,6 @@ DEFINE_LSM(ima) = {
.init = init_ima_lsm,
.order = LSM_ORDER_LAST,
.blobs = &ima_blob_sizes,
+ /* Start IMA after the TPM is available */
+ .initcall_late = init_ima,
};
-
-late_initcall(init_ima); /* Start IMA after the TPM is available */
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index c2c2da691123..7b388b66cf80 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -114,6 +114,8 @@ struct ima_file_id {
int integrity_kernel_read(struct file *file, loff_t offset,
void *addr, unsigned long count);
+int __init integrity_fs_init(void);
+void __init integrity_fs_fini(void);
#define INTEGRITY_KEYRING_EVM 0
#define INTEGRITY_KEYRING_IMA 1
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 09/11] selinux: move initcalls to the LSM framework
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (6 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 08/11] ima,evm: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 10/11] lsm: consolidate all of the LSM framework initcalls Paul Moore
2025-10-17 20:48 ` [PATCH v5 11/11] lsm: add a LSM_STARTED_ALL notification event Paul Moore
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
SELinux currently has a number of initcalls so we've created a new
function, selinux_initcall(), which wraps all of these initcalls so
that we have a single initcall function that can be registered with the
LSM framework.
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/selinux/Makefile | 2 +-
security/selinux/hooks.c | 9 +++--
security/selinux/ibpkey.c | 5 ++-
security/selinux/include/audit.h | 9 +++++
security/selinux/include/initcalls.h | 19 ++++++++++
security/selinux/initcalls.c | 52 ++++++++++++++++++++++++++++
security/selinux/netif.c | 5 ++-
security/selinux/netlink.c | 5 ++-
security/selinux/netnode.c | 5 ++-
security/selinux/netport.c | 5 ++-
security/selinux/selinuxfs.c | 5 ++-
security/selinux/ss/services.c | 26 ++++----------
12 files changed, 107 insertions(+), 40 deletions(-)
create mode 100644 security/selinux/include/initcalls.h
create mode 100644 security/selinux/initcalls.c
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index 66e56e9011df..72d3baf7900c 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -15,7 +15,7 @@ ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
ccflags-$(CONFIG_SECURITY_SELINUX_DEBUG) += -DDEBUG
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
- netnode.o netport.o status.o \
+ netnode.o netport.o status.o initcalls.o \
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/context.o
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 299b656ac007..cd5f6974f9e6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -94,6 +94,7 @@
#include <linux/io_uring/cmd.h>
#include <uapi/linux/lsm.h>
+#include "initcalls.h"
#include "avc.h"
#include "objsec.h"
#include "netif.h"
@@ -7612,6 +7613,10 @@ static __init int selinux_init(void)
if (avc_add_callback(selinux_lsm_notifier_avc_callback, AVC_CALLBACK_RESET))
panic("SELinux: Unable to register AVC LSM notifier callback\n");
+ if (avc_add_callback(selinux_audit_rule_avc_callback,
+ AVC_CALLBACK_RESET))
+ panic("SELinux: Unable to register AVC audit callback\n");
+
if (selinux_enforcing_boot)
pr_debug("SELinux: Starting in enforcing mode\n");
else
@@ -7644,6 +7649,7 @@ DEFINE_LSM(selinux) = {
.enabled = &selinux_enabled_boot,
.blobs = &selinux_blob_sizes,
.init = selinux_init,
+ .initcall_device = selinux_initcall,
};
#if defined(CONFIG_NETFILTER)
@@ -7705,7 +7711,7 @@ static struct pernet_operations selinux_net_ops = {
.exit = selinux_nf_unregister,
};
-static int __init selinux_nf_ip_init(void)
+int __init selinux_nf_ip_init(void)
{
int err;
@@ -7720,5 +7726,4 @@ static int __init selinux_nf_ip_init(void)
return 0;
}
-__initcall(selinux_nf_ip_init);
#endif /* CONFIG_NETFILTER */
diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c
index 470481cfe0e8..ea1d9b2c7d2b 100644
--- a/security/selinux/ibpkey.c
+++ b/security/selinux/ibpkey.c
@@ -23,6 +23,7 @@
#include <linux/list.h>
#include <linux/spinlock.h>
+#include "initcalls.h"
#include "ibpkey.h"
#include "objsec.h"
@@ -218,7 +219,7 @@ void sel_ib_pkey_flush(void)
spin_unlock_irqrestore(&sel_ib_pkey_lock, flags);
}
-static __init int sel_ib_pkey_init(void)
+int __init sel_ib_pkey_init(void)
{
int iter;
@@ -232,5 +233,3 @@ static __init int sel_ib_pkey_init(void)
return 0;
}
-
-subsys_initcall(sel_ib_pkey_init);
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h
index d5b0425055e4..85a531ac737b 100644
--- a/security/selinux/include/audit.h
+++ b/security/selinux/include/audit.h
@@ -15,6 +15,15 @@
#include <linux/audit.h>
#include <linux/types.h>
+/**
+ * selinux_audit_rule_avc_callback - update the audit LSM rules on AVC events.
+ * @event: the AVC event
+ *
+ * Update any audit LSM rules based on the AVC event specified in @event.
+ * Returns 0 on success, negative values otherwise.
+ */
+int selinux_audit_rule_avc_callback(u32 event);
+
/**
* selinux_audit_rule_init - alloc/init an selinux audit rule structure.
* @field: the field this rule refers to
diff --git a/security/selinux/include/initcalls.h b/security/selinux/include/initcalls.h
new file mode 100644
index 000000000000..6674cf489473
--- /dev/null
+++ b/security/selinux/include/initcalls.h
@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * SELinux initcalls
+ */
+
+#ifndef _SELINUX_INITCALLS_H
+#define _SELINUX_INITCALLS_H
+
+int init_sel_fs(void);
+int sel_netport_init(void);
+int sel_netnode_init(void);
+int sel_netif_init(void);
+int sel_netlink_init(void);
+int sel_ib_pkey_init(void);
+int selinux_nf_ip_init(void);
+
+int selinux_initcall(void);
+
+#endif
diff --git a/security/selinux/initcalls.c b/security/selinux/initcalls.c
new file mode 100644
index 000000000000..f6716a1d38c1
--- /dev/null
+++ b/security/selinux/initcalls.c
@@ -0,0 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * SELinux initcalls
+ */
+
+#include <linux/init.h>
+
+#include "initcalls.h"
+
+/**
+ * selinux_initcall - Perform the SELinux initcalls
+ *
+ * Used as a device initcall in the SELinux LSM definition.
+ */
+int __init selinux_initcall(void)
+{
+ int rc = 0, rc_tmp = 0;
+
+ rc_tmp = init_sel_fs();
+ if (!rc && rc_tmp)
+ rc = rc_tmp;
+
+ rc_tmp = sel_netport_init();
+ if (!rc && rc_tmp)
+ rc = rc_tmp;
+
+ rc_tmp = sel_netnode_init();
+ if (!rc && rc_tmp)
+ rc = rc_tmp;
+
+ rc_tmp = sel_netif_init();
+ if (!rc && rc_tmp)
+ rc = rc_tmp;
+
+ rc_tmp = sel_netlink_init();
+ if (!rc && rc_tmp)
+ rc = rc_tmp;
+
+#if defined(CONFIG_SECURITY_INFINIBAND)
+ rc_tmp = sel_ib_pkey_init();
+ if (!rc && rc_tmp)
+ rc = rc_tmp;
+#endif
+
+#if defined(CONFIG_NETFILTER)
+ rc_tmp = selinux_nf_ip_init();
+ if (!rc && rc_tmp)
+ rc = rc_tmp;
+#endif
+
+ return rc;
+}
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index 78afbecdbe57..e24b2cba28ea 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -22,6 +22,7 @@
#include <linux/rcupdate.h>
#include <net/net_namespace.h>
+#include "initcalls.h"
#include "security.h"
#include "objsec.h"
#include "netif.h"
@@ -265,7 +266,7 @@ static struct notifier_block sel_netif_netdev_notifier = {
.notifier_call = sel_netif_netdev_notifier_handler,
};
-static __init int sel_netif_init(void)
+int __init sel_netif_init(void)
{
int i;
@@ -280,5 +281,3 @@ static __init int sel_netif_init(void)
return 0;
}
-__initcall(sel_netif_init);
-
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c
index 1760aee712fd..eb40e4603475 100644
--- a/security/selinux/netlink.c
+++ b/security/selinux/netlink.c
@@ -17,6 +17,7 @@
#include <net/net_namespace.h>
#include <net/netlink.h>
+#include "initcalls.h"
#include "security.h"
static struct sock *selnl __ro_after_init;
@@ -105,7 +106,7 @@ void selnl_notify_policyload(u32 seqno)
selnl_notify(SELNL_MSG_POLICYLOAD, &seqno);
}
-static int __init selnl_init(void)
+int __init sel_netlink_init(void)
{
struct netlink_kernel_cfg cfg = {
.groups = SELNLGRP_MAX,
@@ -117,5 +118,3 @@ static int __init selnl_init(void)
panic("SELinux: Cannot create netlink socket.");
return 0;
}
-
-__initcall(selnl_init);
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 5d0ed08d46e5..9b3da5ce8d39 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -30,6 +30,7 @@
#include <net/ip.h>
#include <net/ipv6.h>
+#include "initcalls.h"
#include "netnode.h"
#include "objsec.h"
@@ -290,7 +291,7 @@ void sel_netnode_flush(void)
spin_unlock_bh(&sel_netnode_lock);
}
-static __init int sel_netnode_init(void)
+int __init sel_netnode_init(void)
{
int iter;
@@ -304,5 +305,3 @@ static __init int sel_netnode_init(void)
return 0;
}
-
-__initcall(sel_netnode_init);
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index 6fd7da4b3576..9e62f7285e81 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -29,6 +29,7 @@
#include <net/ip.h>
#include <net/ipv6.h>
+#include "initcalls.h"
#include "netport.h"
#include "objsec.h"
@@ -218,7 +219,7 @@ void sel_netport_flush(void)
spin_unlock_bh(&sel_netport_lock);
}
-static __init int sel_netport_init(void)
+int __init sel_netport_init(void)
{
int iter;
@@ -232,5 +233,3 @@ static __init int sel_netport_init(void)
return 0;
}
-
-__initcall(sel_netport_init);
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 232e087bce3e..93ea27acbfef 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -35,6 +35,7 @@
/* selinuxfs pseudo filesystem for exporting the security policy API.
Based on the proc code and the fs/nfsd/nfsctl.c code. */
+#include "initcalls.h"
#include "flask.h"
#include "avc.h"
#include "avc_ss.h"
@@ -2122,7 +2123,7 @@ static struct file_system_type sel_fs_type = {
struct path selinux_null __ro_after_init;
-static int __init init_sel_fs(void)
+int __init init_sel_fs(void)
{
struct qstr null_name = QSTR_INIT(NULL_FILE_NAME,
sizeof(NULL_FILE_NAME)-1);
@@ -2166,5 +2167,3 @@ static int __init init_sel_fs(void)
return err;
}
-
-__initcall(init_sel_fs);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 713130bd43c4..13fc712d5923 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3570,6 +3570,13 @@ struct selinux_audit_rule {
struct context au_ctxt;
};
+int selinux_audit_rule_avc_callback(u32 event)
+{
+ if (event == AVC_CALLBACK_RESET)
+ return audit_update_lsm_rules();
+ return 0;
+}
+
void selinux_audit_rule_free(void *vrule)
{
struct selinux_audit_rule *rule = vrule;
@@ -3820,25 +3827,6 @@ int selinux_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, void *vru
return match;
}
-static int aurule_avc_callback(u32 event)
-{
- if (event == AVC_CALLBACK_RESET)
- return audit_update_lsm_rules();
- return 0;
-}
-
-static int __init aurule_init(void)
-{
- int err;
-
- err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
- if (err)
- panic("avc_add_callback() failed, error %d\n", err);
-
- return err;
-}
-__initcall(aurule_init);
-
#ifdef CONFIG_NETLABEL
/**
* security_netlbl_cache_add - Add an entry to the NetLabel cache
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 10/11] lsm: consolidate all of the LSM framework initcalls
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (7 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 09/11] selinux: " Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
2025-10-17 20:48 ` [PATCH v5 11/11] lsm: add a LSM_STARTED_ALL notification event Paul Moore
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
The LSM framework itself registers a small number of initcalls, this
patch converts these initcalls into the new initcall mechanism.
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/inode.c | 3 +--
security/lsm.h | 20 ++++++++++++++++++++
security/lsm_init.c | 14 ++++++++++++--
security/min_addr.c | 5 +++--
4 files changed, 36 insertions(+), 6 deletions(-)
diff --git a/security/inode.c b/security/inode.c
index 6620c3e42af2..ab8d6a2acadb 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -368,7 +368,7 @@ static const struct file_operations lsm_ops = {
};
#endif
-static int __init securityfs_init(void)
+int __init securityfs_init(void)
{
int retval;
@@ -387,4 +387,3 @@ static int __init securityfs_init(void)
#endif
return 0;
}
-core_initcall(securityfs_init);
diff --git a/security/lsm.h b/security/lsm.h
index 8dc267977ae0..81aadbc61685 100644
--- a/security/lsm.h
+++ b/security/lsm.h
@@ -35,4 +35,24 @@ extern struct kmem_cache *lsm_inode_cache;
int lsm_cred_alloc(struct cred *cred, gfp_t gfp);
int lsm_task_alloc(struct task_struct *task);
+/* LSM framework initializers */
+
+#ifdef CONFIG_MMU
+int min_addr_init(void);
+#else
+static inline int min_addr_init(void)
+{
+ return 0;
+}
+#endif /* CONFIG_MMU */
+
+#ifdef CONFIG_SECURITYFS
+int securityfs_init(void);
+#else
+static inline int securityfs_init(void)
+{
+ return 0;
+}
+#endif /* CONFIG_SECURITYFS */
+
#endif /* _LSM_H_ */
diff --git a/security/lsm_init.c b/security/lsm_init.c
index aacdac406ba5..0f668bca98f9 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -488,7 +488,12 @@ int __init security_init(void)
*/
static int __init security_initcall_pure(void)
{
- return lsm_initcall(pure);
+ int rc_adr, rc_lsm;
+
+ rc_adr = min_addr_init();
+ rc_lsm = lsm_initcall(pure);
+
+ return (rc_adr ? rc_adr : rc_lsm);
}
pure_initcall(security_initcall_pure);
@@ -506,7 +511,12 @@ early_initcall(security_initcall_early);
*/
static int __init security_initcall_core(void)
{
- return lsm_initcall(core);
+ int rc_sfs, rc_lsm;
+
+ rc_sfs = securityfs_init();
+ rc_lsm = lsm_initcall(core);
+
+ return (rc_sfs ? rc_sfs : rc_lsm);
}
core_initcall(security_initcall_core);
diff --git a/security/min_addr.c b/security/min_addr.c
index c55bb84b8632..0fde5ec9abc8 100644
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -5,6 +5,8 @@
#include <linux/sysctl.h>
#include <linux/minmax.h>
+#include "lsm.h"
+
/* amount of vm to protect from userspace access by both DAC and the LSM*/
unsigned long mmap_min_addr;
/* amount of vm to protect from userspace using CAP_SYS_RAWIO (DAC) */
@@ -52,11 +54,10 @@ static const struct ctl_table min_addr_sysctl_table[] = {
},
};
-static int __init init_mmap_min_addr(void)
+int __init min_addr_init(void)
{
register_sysctl_init("vm", min_addr_sysctl_table);
update_mmap_min_addr();
return 0;
}
-pure_initcall(init_mmap_min_addr);
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread* [PATCH v5 11/11] lsm: add a LSM_STARTED_ALL notification event
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
` (8 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 10/11] lsm: consolidate all of the LSM framework initcalls Paul Moore
@ 2025-10-17 20:48 ` Paul Moore
9 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:48 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: john.johansen, zohar, roberto.sassu, wufan, mic, gnoack, kees,
mortonm, casey, penguin-kernel, nicolas.bouchinet, xiujianfeng
Add a new LSM notifier event, LSM_STARTED_ALL, which is fired once at
boot when all of the LSMs have been started.
Reviewed-by: Kees Cook <kees@kernel.org>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
include/linux/security.h | 1 +
security/lsm_init.c | 1 +
2 files changed, 2 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 556890ea2e83..eb36451ce41f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -85,6 +85,7 @@ struct timezone;
enum lsm_event {
LSM_POLICY_CHANGE,
+ LSM_STARTED_ALL,
};
struct dm_verity_digest {
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 0f668bca98f9..6bb67d41ce52 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -556,6 +556,7 @@ static int __init security_initcall_late(void)
rc = lsm_initcall(late);
lsm_pr_dbg("all enabled LSMs fully activated\n");
+ call_blocking_lsm_notifier(LSM_STARTED_ALL, NULL);
return rc;
}
--
2.51.1.dirty
^ permalink raw reply related [flat|nested] 36+ messages in thread
* Re: [PATCH v5 0/34] Rework the LSM initialization
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (22 preceding siblings ...)
2025-10-17 20:48 ` [PATCH v5 01/11] loadpin: move initcalls to the LSM framework Paul Moore
@ 2025-10-17 20:59 ` Paul Moore
2025-10-22 23:34 ` Paul Moore
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-17 20:59 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
On Fri, Oct 17, 2025 at 4:28 PM Paul Moore <paul@paul-moore.com> wrote:
>
> This is the fifth, and likely final, revision of the LSM rework patchset.
> The number of changes in this revision are very minor and barring any
> surprises I expect to merge this into the lsm/dev branch next week; I'll
> send a notice when I do. While there isn't anything in this revision
> that people haven't seen previously, if you do have any concerns or
> feedback, please let me know. Once again, thank you to all of you that
> have taken the time to review these patches.
>
> I've aldo updated the working-lsm_init_rework branch of the main LSM
> tree to contain the latest v5 revision of the patchset:
> https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git/log/?h=working-lsm_init_rework
>
> The v4 patchset:
> https://lore.kernel.org/linux-security-module/20250916220355.252592-36-paul@paul-moore.com/
>
> The RFC/v3 patchset:
> https://lore.kernel.org/linux-security-module/20250814225159.275901-36-paul@paul-moore.com/
>
> The RFC/v2 patchset:
> https://lore.kernel.org/linux-security-module/20250721232142.77224-36-paul@paul-moore.com/
>
> The RFC/v1 patchset is below, the cover letter provides some background
> and motivation for this series which still applies:
> https://lore.kernel.org/linux-security-module/20250409185019.238841-31-paul@paul-moore.com/
>
> CHANGELOG
> v5:
> - rebased to lsm/dev branch post v6.18-rc1
> - fixed a !CONFIG_SECURITYFS bug (kernel test robot)
> - fixed a missing "__rcu" annotation on a cast (kernel test robot)
> v4:
> - reworked the lsm_read() function (John, Roberto, Tetsuo)
> - replaced the IMA/EVM patch with one from Roberto
> RFC/v3:
> - rebased to lsm/dev branch
> - fixed IMA/EVM initcall comment (Roberto)
> - fixed CONFIG_IMA and CONFIG_EVM problems (Nicolas, Roberto)
> - fixed CONFIG_SECURITY_SMACK_NETFILTER problems (Roberto)
> - fixed the IMA/EVM header file include macro protections
> - fixed an off-by-one string length issue in lsm_read() (Casey)
> RFC/v2:
> - rename lsm_prep_single() to lsm_prepare()
> - drop the lsm_prop counting patch
> - drop the platform_certs changes from the IMA/EVM patch (Mimi)
> - split/reorder anough patches in the patchset that I lost track
> - added missing function comment blocks in the SELinux patches
> - split patch 04/29 into smaller patches (Kees)
> - fix an LSM list output problem in an intermediate patch (Kees)
> - preserve the "lsm_active_cnt" variable name (Casey)
> - cache the lsm_read() string (Kees)
> - squashed, split, and reordered the enabled/ordering patches
> - reworked the Smack patch (Casey)
> - conditionalized the SELinux IB init code (Stephen)
> - fixed missing Smack "__init" annotation (Fan)
> - fixed a potential unused variable warning in IMA/EVM (John)
> - fixed the placeholder commit descriptions (various)
> RFC/v1:
> - initial version
>
> --
> Paul Moore (33):
> lsm: split the notifier code out into lsm_notifier.c
> lsm: split the init code out into lsm_init.c
> lsm: consolidate lsm_allowed() and prepare_lsm() into
> lsm_prepare()
> lsm: introduce looping macros for the initialization code
> lsm: integrate report_lsm_order() code into caller
> lsm: integrate lsm_early_cred() and lsm_early_task() into caller
> lsm: rename ordered_lsm_init() to lsm_init_ordered()
> lsm: replace the name field with a pointer to the lsm_id struct
> lsm: rename the lsm order variables for consistency
> lsm: rework lsm_active_cnt and lsm_idlist[]
> lsm: get rid of the lsm_names list and do some cleanup
> lsm: rework the LSM enable/disable setter/getter functions
> lsm: rename exists_ordered_lsm() to lsm_order_exists()
> lsm: rename/rework append_ordered_lsm() into lsm_order_append()
> lsm: rename/rework ordered_lsm_parse() to lsm_order_parse()
> lsm: cleanup the LSM blob size code
> lsm: cleanup initialize_lsm() and rename to lsm_init_single()
> lsm: fold lsm_init_ordered() into security_init()
> lsm: add/tweak function header comment blocks in lsm_init.c
> lsm: cleanup the debug and console output in lsm_init.c
> lsm: output available LSMs when debugging
> lsm: group lsm_order_parse() with the other lsm_order_*()
> functions
> lsm: introduce an initcall mechanism into the LSM framework
> loadpin: move initcalls to the LSM framework
> ipe: move initcalls to the LSM framework
> smack: move initcalls to the LSM framework
> tomoyo: move initcalls to the LSM framework
> safesetid: move initcalls to the LSM framework
> apparmor: move initcalls to the LSM framework
> lockdown: move initcalls to the LSM framework
> selinux: move initcalls to the LSM framework
> lsm: consolidate all of the LSM framework initcalls
> lsm: add a LSM_STARTED_ALL notification event
>
> Roberto Sassu (1):
> ima,evm: move initcalls to the LSM framework
Unfortunately I ran into a mail throttling issue when sending this
patchset and my initial post only contained the first 22 patches, so I
resent patches 23 through 34. While I set the reply-to header
properly, the remaining patches should be threaded under the cover
letter, the numbering was reset to that patch 23/34 appears as patch
01/11. Sigh.
My apologies, I thought this would be preferable to resending the full
patchset, and potentially getting throttled again.
As this revision is fairly minor, and everyone that *needs* to review
the patchset has already, I'm going to leave things as-is on the list.
All of the patches are present in that thread, the numbering is just a
little wonky. If there is any concern about ordering, you can always
check the git repo mentioned in the cover letter.
Once again, sorry for the confusion, I've never hit throttling like
that before, but if it becomes a regular problem I'll make adjustments
to prevent it from becoming more of an issue.
--
paul-moore.com
^ permalink raw reply [flat|nested] 36+ messages in thread* Re: [PATCH v5 0/34] Rework the LSM initialization
2025-10-17 20:24 [PATCH v5 0/34] Rework the LSM initialization Paul Moore
` (23 preceding siblings ...)
2025-10-17 20:59 ` [PATCH v5 0/34] Rework the LSM initialization Paul Moore
@ 2025-10-22 23:34 ` Paul Moore
24 siblings, 0 replies; 36+ messages in thread
From: Paul Moore @ 2025-10-22 23:34 UTC (permalink / raw)
To: linux-security-module, linux-integrity, selinux
Cc: John Johansen, Mimi Zohar, Roberto Sassu, Fan Wu,
Mickaël Salaün, Günther Noack, Kees Cook,
Micah Morton, Casey Schaufler, Tetsuo Handa, Nicolas Bouchinet,
Xiu Jianfeng
On Fri, Oct 17, 2025 at 4:28 PM Paul Moore <paul@paul-moore.com> wrote:
>
> This is the fifth, and likely final, revision of the LSM rework patchset.
> The number of changes in this revision are very minor and barring any
> surprises I expect to merge this into the lsm/dev branch next week; I'll
> send a notice when I do.
Here is that notice. This patchset is now merged into lsm/dev and
should be in the next linux-next release; if anyone notices anything
odd, please let me know.
As a FYI, I also moved the base of lsm/dev up to v6.18-rc2 to grab the
fix below (it was affecting testing).
https://lore.kernel.org/netdev/20251015052715.4140493-1-edumazet@google.com/
--
paul-moore.com
^ permalink raw reply [flat|nested] 36+ messages in thread