[PATCH] ipe: remove headers that are included but not used

[PATCH] ipe: remove headers that are included but not used

[Yicong Hui]

Remove headers that are included but not used in audit.c, audit.c,
policy.c within the IPE module

Change have been tested through kunit, kernel compiles and passes kunit
tests

Signed-off-by: Yicong Hui <yiconghui@gmail.com>
---
 security/ipe/audit.c     | 1 -
 security/ipe/policy.c    | 1 -
 security/ipe/policy_fs.c | 1 -
 3 files changed, 3 deletions(-)

diff --git a/security/ipe/audit.c b/security/ipe/audit.c
index de5fed62592e..5064f2257e32 100644
--- a/security/ipe/audit.c
+++ b/security/ipe/audit.c
@@ -8,7 +8,6 @@
 #include <linux/types.h>
 #include <crypto/sha2.h>
 
-#include "ipe.h"
 #include "eval.h"
 #include "hooks.h"
 #include "policy.h"
diff --git a/security/ipe/policy.c b/security/ipe/policy.c
index 1c58c29886e8..fe7e8c571ab3 100644
--- a/security/ipe/policy.c
+++ b/security/ipe/policy.c
@@ -6,7 +6,6 @@
 #include <linux/errno.h>
 #include <linux/verification.h>
 
-#include "ipe.h"
 #include "eval.h"
 #include "fs.h"
 #include "policy.h"
diff --git a/security/ipe/policy_fs.c b/security/ipe/policy_fs.c
index 9d92d8a14b13..90c37949378c 100644
--- a/security/ipe/policy_fs.c
+++ b/security/ipe/policy_fs.c
@@ -8,7 +8,6 @@
 #include <linux/dcache.h>
 #include <linux/security.h>
 
-#include "ipe.h"
 #include "policy.h"
 #include "eval.h"
 #include "fs.h"
-- 
2.52.0

Re: [PATCH] ipe: remove headers that are included but not used

[Fan Wu]

On Wed, Dec 3, 2025 at 11:37 AM Yicong Hui <yiconghui@gmail.com> wrote:
>
> Remove headers that are included but not used in audit.c, audit.c,
> policy.c within the IPE module
>
> Change have been tested through kunit, kernel compiles and passes kunit
> tests
>
> Signed-off-by: Yicong Hui <yiconghui@gmail.com>
> ---
>  security/ipe/audit.c     | 1 -
>  security/ipe/policy.c    | 1 -
>  security/ipe/policy_fs.c | 1 -
>  3 files changed, 3 deletions(-)

...

Hi Yicong,

Thanks for the patch. This kind of cleanup is appreciated.

Commit message typo: "audit. c, audit.c, policy. c" - audit. c is listed
twice.

I was trying to verify whether ipe.h is really not needed and found
that these files are missing explicit dependencies. policy.c and
policy_fs.c use rcu, mutex, and slab functions but rely on transitive
includes.  After removing ipe.h, they still compile because eval.h
also happens to provide these dependencies indirectly.

I'm happy to merge a patch removing unused headers like ipe.h, but
would like to see the implicit dependencies resolved as well. Would
you mind tracing the complete dependencies and adding the explicit
includes in v2?

-Fan

Re: [PATCH] ipe: remove headers that are included but not used

[Yicong Hui]

On 12/3/25 10:25 PM, Fan Wu wrote:
> On Wed, Dec 3, 2025 at 11:37 AM Yicong Hui <yiconghui@gmail.com> wrote:
> 
> Hi Yicong,
> 
> Thanks for the patch. This kind of cleanup is appreciated.
> 
> Commit message typo: "audit. c, audit.c, policy. c" - audit. c is listed
> twice.

Hi! Thank you for the reply! Yes! My bad, this typo will be fixed in v2.

> I was trying to verify whether ipe.h is really not needed and found
> that these files are missing explicit dependencies. policy.c and
> policy_fs.c use rcu, mutex, and slab functions but rely on transitive
> includes.  After removing ipe.h, they still compile because eval.h
> also happens to provide these dependencies indirectly.
> 
> I'm happy to merge a patch removing unused headers like ipe.h, but
> would like to see the implicit dependencies resolved as well. Would
> you mind tracing the complete dependencies and adding the explicit
> includes in v2?

I have manually read through the functions/macros/filetypes in policy.c, 
policy_fs.c and audit.c and found a few dependencies that are used but 
not explicitly included, like minmax.h, sha2.h, lockdep.h, string.h, 
capability.h, kstrtox.h, sprintf.h, array_size.h and err.h.

This might be a stupid question, but how explicit should I be in my v2 
patch with the dependencies? There's headers like 
"asm-generic/int-ll64.h" "uidgid.h", "gfp_types.h", "rwonce.h", 
"compiler_types.h" or "errno-base.h" but I'm not sure to what extent I 
need to import them, because I shouldn't be including them all, right?

Thank you!
- Yicong

Re: [PATCH] ipe: remove headers that are included but not used

[Fan Wu]

On Sat, Dec 6, 2025 at 1:04 PM Yicong Hui <yiconghui@gmail.com> wrote:
>
> On 12/3/25 10:25 PM, Fan Wu wrote:
> > On Wed, Dec 3, 2025 at 11:37 AM Yicong Hui <yiconghui@gmail.com> wrote:
> >
> > Hi Yicong,
> >
> > Thanks for the patch. This kind of cleanup is appreciated.
> >
> > Commit message typo: "audit. c, audit.c, policy. c" - audit. c is listed
> > twice.
>
> Hi! Thank you for the reply! Yes! My bad, this typo will be fixed in v2.
>
...
>
> I have manually read through the functions/macros/filetypes in policy.c,
> policy_fs.c and audit.c and found a few dependencies that are used but
> not explicitly included, like minmax.h, sha2.h, lockdep.h, string.h,
> capability.h, kstrtox.h, sprintf.h, array_size.h and err.h.
>
> This might be a stupid question, but how explicit should I be in my v2
> patch with the dependencies? There's headers like
> "asm-generic/int-ll64.h" "uidgid.h", "gfp_types.h", "rwonce.h",
> "compiler_types.h" or "errno-base.h" but I'm not sure to what extent I
> need to import them, because I shouldn't be including them all, right?

Hi Yicong,

On second thought, the cost of this cleanup outweighs the benefit.

Let's drop this patch and keep the code as it is.

-Fan