* [PATCH v2] device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers
@ 2025-10-31 21:39 Thorsten Blum
2025-10-31 23:38 ` Serge E. Hallyn
2025-11-12 0:47 ` Paul Moore
0 siblings, 2 replies; 3+ messages in thread
From: Thorsten Blum @ 2025-10-31 21:39 UTC (permalink / raw)
To: David Laight, Paul Moore, James Morris, Serge E. Hallyn
Cc: Thorsten Blum, linux-security-module, linux-kernel
Replace set_access(), set_majmin(), and type_to_char() with new helpers
seq_putaccess(), seq_puttype(), and seq_putversion() that write directly
to 'seq_file'.
Simplify devcgroup_seq_show() by hard-coding "a *:* rwm", and use the
new seq_put* helper functions to list the exceptions otherwise.
This allows us to remove the intermediate string buffers while
maintaining the same functionality, including wildcard handling.
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
Changes in v2:
- Add setq_put* helpers to modify seq_file directly (David)
- Update patch subject and description
- Link to v1: https://lore.kernel.org/lkml/20251031110647.102728-2-thorsten.blum@linux.dev/
---
security/device_cgroup.c | 56 ++++++++++++++++++----------------------
1 file changed, 25 insertions(+), 31 deletions(-)
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index dc4df7475081..7fec575d32d6 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -244,45 +244,40 @@ static void devcgroup_css_free(struct cgroup_subsys_state *css)
#define DEVCG_DENY 2
#define DEVCG_LIST 3
-#define MAJMINLEN 13
-#define ACCLEN 4
-
-static void set_access(char *acc, short access)
+static void seq_putaccess(struct seq_file *m, short access)
{
- int idx = 0;
- memset(acc, 0, ACCLEN);
if (access & DEVCG_ACC_READ)
- acc[idx++] = 'r';
+ seq_putc(m, 'r');
if (access & DEVCG_ACC_WRITE)
- acc[idx++] = 'w';
+ seq_putc(m, 'w');
if (access & DEVCG_ACC_MKNOD)
- acc[idx++] = 'm';
+ seq_putc(m, 'm');
}
-static char type_to_char(short type)
+static void seq_puttype(struct seq_file *m, short type)
{
if (type == DEVCG_DEV_ALL)
- return 'a';
- if (type == DEVCG_DEV_CHAR)
- return 'c';
- if (type == DEVCG_DEV_BLOCK)
- return 'b';
- return 'X';
+ seq_putc(m, 'a');
+ else if (type == DEVCG_DEV_CHAR)
+ seq_putc(m, 'c');
+ else if (type == DEVCG_DEV_BLOCK)
+ seq_putc(m, 'b');
+ else
+ seq_putc(m, 'X');
}
-static void set_majmin(char *str, unsigned m)
+static void seq_putversion(struct seq_file *m, unsigned int version)
{
- if (m == ~0)
- strcpy(str, "*");
+ if (version == ~0)
+ seq_putc(m, '*');
else
- sprintf(str, "%u", m);
+ seq_printf(m, "%u", version);
}
static int devcgroup_seq_show(struct seq_file *m, void *v)
{
struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
struct dev_exception_item *ex;
- char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
rcu_read_lock();
/*
@@ -292,18 +287,17 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
* This way, the file remains as a "whitelist of devices"
*/
if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
- set_access(acc, DEVCG_ACC_MASK);
- set_majmin(maj, ~0);
- set_majmin(min, ~0);
- seq_printf(m, "%c %s:%s %s\n", type_to_char(DEVCG_DEV_ALL),
- maj, min, acc);
+ seq_puts(m, "a *:* rwm\n");
} else {
list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
- set_access(acc, ex->access);
- set_majmin(maj, ex->major);
- set_majmin(min, ex->minor);
- seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type),
- maj, min, acc);
+ seq_puttype(m, ex->type);
+ seq_putc(m, ' ');
+ seq_putversion(m, ex->major);
+ seq_putc(m, ':');
+ seq_putversion(m, ex->minor);
+ seq_putc(m, ' ');
+ seq_putaccess(m, ex->access);
+ seq_putc(m, '\n');
}
}
rcu_read_unlock();
--
2.51.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers
2025-10-31 21:39 [PATCH v2] device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers Thorsten Blum
@ 2025-10-31 23:38 ` Serge E. Hallyn
2025-11-12 0:47 ` Paul Moore
1 sibling, 0 replies; 3+ messages in thread
From: Serge E. Hallyn @ 2025-10-31 23:38 UTC (permalink / raw)
To: Thorsten Blum
Cc: David Laight, Paul Moore, James Morris, Serge E. Hallyn,
linux-security-module, linux-kernel
On Fri, Oct 31, 2025 at 10:39:14PM +0100, Thorsten Blum wrote:
> Replace set_access(), set_majmin(), and type_to_char() with new helpers
> seq_putaccess(), seq_puttype(), and seq_putversion() that write directly
> to 'seq_file'.
>
> Simplify devcgroup_seq_show() by hard-coding "a *:* rwm", and use the
> new seq_put* helper functions to list the exceptions otherwise.
>
> This allows us to remove the intermediate string buffers while
> maintaining the same functionality, including wildcard handling.
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Thank you, that is much nicer.
Acked-by: Serge Hallyn <serge@hallyn.com>
> ---
> Changes in v2:
> - Add setq_put* helpers to modify seq_file directly (David)
> - Update patch subject and description
> - Link to v1: https://lore.kernel.org/lkml/20251031110647.102728-2-thorsten.blum@linux.dev/
> ---
> security/device_cgroup.c | 56 ++++++++++++++++++----------------------
> 1 file changed, 25 insertions(+), 31 deletions(-)
>
> diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> index dc4df7475081..7fec575d32d6 100644
> --- a/security/device_cgroup.c
> +++ b/security/device_cgroup.c
> @@ -244,45 +244,40 @@ static void devcgroup_css_free(struct cgroup_subsys_state *css)
> #define DEVCG_DENY 2
> #define DEVCG_LIST 3
>
> -#define MAJMINLEN 13
> -#define ACCLEN 4
> -
> -static void set_access(char *acc, short access)
> +static void seq_putaccess(struct seq_file *m, short access)
> {
> - int idx = 0;
> - memset(acc, 0, ACCLEN);
> if (access & DEVCG_ACC_READ)
> - acc[idx++] = 'r';
> + seq_putc(m, 'r');
> if (access & DEVCG_ACC_WRITE)
> - acc[idx++] = 'w';
> + seq_putc(m, 'w');
> if (access & DEVCG_ACC_MKNOD)
> - acc[idx++] = 'm';
> + seq_putc(m, 'm');
> }
>
> -static char type_to_char(short type)
> +static void seq_puttype(struct seq_file *m, short type)
> {
> if (type == DEVCG_DEV_ALL)
I do think a switch would be easier to read here, but that's
personal preference...
> - return 'a';
> - if (type == DEVCG_DEV_CHAR)
> - return 'c';
> - if (type == DEVCG_DEV_BLOCK)
> - return 'b';
> - return 'X';
> + seq_putc(m, 'a');
> + else if (type == DEVCG_DEV_CHAR)
> + seq_putc(m, 'c');
> + else if (type == DEVCG_DEV_BLOCK)
> + seq_putc(m, 'b');
> + else
> + seq_putc(m, 'X');
> }
>
> -static void set_majmin(char *str, unsigned m)
> +static void seq_putversion(struct seq_file *m, unsigned int version)
> {
> - if (m == ~0)
> - strcpy(str, "*");
> + if (version == ~0)
> + seq_putc(m, '*');
> else
> - sprintf(str, "%u", m);
> + seq_printf(m, "%u", version);
> }
>
> static int devcgroup_seq_show(struct seq_file *m, void *v)
> {
> struct dev_cgroup *devcgroup = css_to_devcgroup(seq_css(m));
> struct dev_exception_item *ex;
> - char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN];
>
> rcu_read_lock();
> /*
> @@ -292,18 +287,17 @@ static int devcgroup_seq_show(struct seq_file *m, void *v)
> * This way, the file remains as a "whitelist of devices"
> */
> if (devcgroup->behavior == DEVCG_DEFAULT_ALLOW) {
> - set_access(acc, DEVCG_ACC_MASK);
> - set_majmin(maj, ~0);
> - set_majmin(min, ~0);
> - seq_printf(m, "%c %s:%s %s\n", type_to_char(DEVCG_DEV_ALL),
> - maj, min, acc);
> + seq_puts(m, "a *:* rwm\n");
> } else {
> list_for_each_entry_rcu(ex, &devcgroup->exceptions, list) {
> - set_access(acc, ex->access);
> - set_majmin(maj, ex->major);
> - set_majmin(min, ex->minor);
> - seq_printf(m, "%c %s:%s %s\n", type_to_char(ex->type),
> - maj, min, acc);
> + seq_puttype(m, ex->type);
> + seq_putc(m, ' ');
> + seq_putversion(m, ex->major);
> + seq_putc(m, ':');
> + seq_putversion(m, ex->minor);
> + seq_putc(m, ' ');
> + seq_putaccess(m, ex->access);
> + seq_putc(m, '\n');
> }
> }
> rcu_read_unlock();
> --
> 2.51.1
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers
2025-10-31 21:39 [PATCH v2] device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers Thorsten Blum
2025-10-31 23:38 ` Serge E. Hallyn
@ 2025-11-12 0:47 ` Paul Moore
1 sibling, 0 replies; 3+ messages in thread
From: Paul Moore @ 2025-11-12 0:47 UTC (permalink / raw)
To: Thorsten Blum, David Laight, James Morris, Serge E. Hallyn
Cc: Thorsten Blum, linux-security-module, linux-kernel
On Oct 31, 2025 Thorsten Blum <thorsten.blum@linux.dev> wrote:
>
> Replace set_access(), set_majmin(), and type_to_char() with new helpers
> seq_putaccess(), seq_puttype(), and seq_putversion() that write directly
> to 'seq_file'.
>
> Simplify devcgroup_seq_show() by hard-coding "a *:* rwm", and use the
> new seq_put* helper functions to list the exceptions otherwise.
>
> This allows us to remove the intermediate string buffers while
> maintaining the same functionality, including wildcard handling.
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> Acked-by: Serge Hallyn <serge@hallyn.com>
> ---
> Changes in v2:
> - Add setq_put* helpers to modify seq_file directly (David)
> - Update patch subject and description
> - Link to v1: https://lore.kernel.org/lkml/20251031110647.102728-2-thorsten.blum@linux.dev/
> ---
> security/device_cgroup.c | 56 ++++++++++++++++++----------------------
> 1 file changed, 25 insertions(+), 31 deletions(-)
Looks good to me, merged into lsm/dev, thanks!
--
paul-moore.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-11-12 0:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-31 21:39 [PATCH v2] device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers Thorsten Blum
2025-10-31 23:38 ` Serge E. Hallyn
2025-11-12 0:47 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).