From: "Günther Noack" <gnoack3000@gmail.com>
To: "Mickaël Salaün" <mic@digikod.net>,
"John Johansen" <john.johansen@canonical.com>
Cc: "Günther Noack" <gnoack3000@gmail.com>,
"kernel test robot" <lkp@intel.com>,
linux-security-module@vger.kernel.org,
"Tingmao Wang" <m@maowtm.org>,
"Justin Suess" <utilityemal77@gmail.com>,
"Samasth Norway Ananda" <samasth.norway.ananda@oracle.com>,
"Matthieu Buffet" <matthieu@buffet.re>,
"Mikhail Ivanov" <ivanov.mikhail1@huawei-partners.com>,
konstantin.meskhidze@huawei.com,
"Demi Marie Obenour" <demiobenour@gmail.com>,
"Alyssa Ross" <hi@alyssa.is>, "Jann Horn" <jannh@google.com>,
"Tahera Fahimi" <fahimitahera@gmail.com>,
"Sebastian Andrzej Siewior" <bigeasy@linutronix.de>,
"Kuniyuki Iwashima" <kuniyu@google.com>,
"Georgia Garcia" <georgia.garcia@canonical.com>
Subject: [PATCH v8 03/12] landlock: Replace union access_masks_all with helper functions
Date: Fri, 27 Mar 2026 17:48:28 +0100 [thread overview]
Message-ID: <20260327164838.38231-4-gnoack3000@gmail.com> (raw)
In-Reply-To: <20260327164838.38231-1-gnoack3000@gmail.com>
* Stop using a union for access_masks_all.
* Expose helper functions for intersection checks and union operations.
The memory layout of bitfields is only loosely defined by the C
standard, so our static assertion that expects a fixed size was
brittle, and it broke on some compilers when we attempted to add a
17th file system access right.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202603261438.jBx2DGNe-lkp@intel.com/
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
security/landlock/access.h | 21 ++++++++++++++-------
security/landlock/cred.h | 10 ++--------
security/landlock/ruleset.h | 13 ++++---------
3 files changed, 20 insertions(+), 24 deletions(-)
diff --git a/security/landlock/access.h b/security/landlock/access.h
index 42c95747d7bd..277b6ed7f7bb 100644
--- a/security/landlock/access.h
+++ b/security/landlock/access.h
@@ -52,14 +52,21 @@ struct access_masks {
access_mask_t scope : LANDLOCK_NUM_SCOPE;
};
-union access_masks_all {
- struct access_masks masks;
- u32 all;
-};
+/* Checks whether two access masks have any common bit set. */
+static inline bool access_masks_intersect(const struct access_masks a,
+ const struct access_masks b)
+{
+ return (a.fs & b.fs) || (a.net & b.net) || (a.scope & b.scope);
+}
-/* Makes sure all fields are covered. */
-static_assert(sizeof(typeof_member(union access_masks_all, masks)) ==
- sizeof(typeof_member(union access_masks_all, all)));
+/* ORs the bits of @src into @dst. */
+static inline void access_masks_merge(struct access_masks *dst,
+ const struct access_masks src)
+{
+ dst->fs |= src.fs;
+ dst->net |= src.net;
+ dst->scope |= src.scope;
+}
/**
* struct layer_access_masks - A boolean matrix of layers and access rights
diff --git a/security/landlock/cred.h b/security/landlock/cred.h
index f287c56b5fd4..207a6db1c086 100644
--- a/security/landlock/cred.h
+++ b/security/landlock/cred.h
@@ -123,9 +123,6 @@ landlock_get_applicable_subject(const struct cred *const cred,
const struct access_masks masks,
size_t *const handle_layer)
{
- const union access_masks_all masks_all = {
- .masks = masks,
- };
const struct landlock_ruleset *domain;
ssize_t layer_level;
@@ -138,11 +135,8 @@ landlock_get_applicable_subject(const struct cred *const cred,
for (layer_level = domain->num_layers - 1; layer_level >= 0;
layer_level--) {
- union access_masks_all layer = {
- .masks = domain->access_masks[layer_level],
- };
-
- if (layer.all & masks_all.all) {
+ if (access_masks_intersect(domain->access_masks[layer_level],
+ masks)) {
if (handle_layer)
*handle_layer = layer_level;
diff --git a/security/landlock/ruleset.h b/security/landlock/ruleset.h
index 889f4b30301a..9f8b33815c2c 100644
--- a/security/landlock/ruleset.h
+++ b/security/landlock/ruleset.h
@@ -229,18 +229,13 @@ static inline void landlock_get_ruleset(struct landlock_ruleset *const ruleset)
static inline struct access_masks
landlock_union_access_masks(const struct landlock_ruleset *const domain)
{
- union access_masks_all matches = {};
+ struct access_masks matches = {};
size_t layer_level;
- for (layer_level = 0; layer_level < domain->num_layers; layer_level++) {
- union access_masks_all layer = {
- .masks = domain->access_masks[layer_level],
- };
+ for (layer_level = 0; layer_level < domain->num_layers; layer_level++)
+ access_masks_merge(&matches, domain->access_masks[layer_level]);
- matches.all |= layer.all;
- }
-
- return matches.masks;
+ return matches;
}
static inline void
--
2.53.0
next prev parent reply other threads:[~2026-03-27 16:49 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-27 16:48 [PATCH v8 00/12] landlock: UNIX connect() control by pathname and scope Günther Noack
2026-03-27 16:48 ` [PATCH v8 01/12] lsm: Add LSM hook security_unix_find Günther Noack
2026-03-27 17:55 ` Paul Moore
2026-03-27 16:48 ` [PATCH v8 02/12] landlock: Use mem_is_zero() in is_layer_masks_allowed() Günther Noack
2026-03-27 16:48 ` Günther Noack [this message]
2026-03-27 16:48 ` [PATCH v8 04/12] landlock: Control pathname UNIX domain socket resolution by path Günther Noack
2026-03-27 16:48 ` [PATCH v8 05/12] landlock: Clarify BUILD_BUG_ON check in scoping logic Günther Noack
2026-03-27 16:48 ` [PATCH v8 06/12] samples/landlock: Add support for named UNIX domain socket restrictions Günther Noack
2026-03-27 16:48 ` [PATCH v8 07/12] selftests/landlock: Replace access_fs_16 with ACCESS_ALL in fs_test Günther Noack
2026-03-27 16:48 ` [PATCH v8 08/12] selftests/landlock: Test LANDLOCK_ACCESS_FS_RESOLVE_UNIX Günther Noack
2026-03-27 16:48 ` [PATCH v8 09/12] selftests/landlock: Audit test for LANDLOCK_ACCESS_FS_RESOLVE_UNIX Günther Noack
2026-03-27 16:48 ` [PATCH v8 10/12] selftests/landlock: Check that coredump sockets stay unrestricted Günther Noack
2026-03-27 16:48 ` [PATCH v8 11/12] selftests/landlock: fs_test: Simplify ruleset creation and enforcement Günther Noack
2026-03-27 16:48 ` [PATCH v8 12/12] landlock: Document FS access right for pathname UNIX sockets Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260327164838.38231-4-gnoack3000@gmail.com \
--to=gnoack3000@gmail.com \
--cc=bigeasy@linutronix.de \
--cc=demiobenour@gmail.com \
--cc=fahimitahera@gmail.com \
--cc=georgia.garcia@canonical.com \
--cc=hi@alyssa.is \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=jannh@google.com \
--cc=john.johansen@canonical.com \
--cc=konstantin.meskhidze@huawei.com \
--cc=kuniyu@google.com \
--cc=linux-security-module@vger.kernel.org \
--cc=lkp@intel.com \
--cc=m@maowtm.org \
--cc=matthieu@buffet.re \
--cc=mic@digikod.net \
--cc=samasth.norway.ananda@oracle.com \
--cc=utilityemal77@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox