From: Paul Moore <paul@paul-moore.com>
To: linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, selinux@vger.kernel.org
Cc: "John Johansen" <john.johansen@canonical.com>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"Roberto Sassu" <roberto.sassu@huawei.com>,
"Fan Wu" <wufan@kernel.org>, "Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Kees Cook" <kees@kernel.org>,
"Micah Morton" <mortonm@chromium.org>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Tetsuo Handa" <penguin-kernel@I-love.SAKURA.ne.jp>,
"Nicolas Bouchinet" <nicolas.bouchinet@oss.cyber.gouv.fr>,
"Xiu Jianfeng" <xiujianfeng@huawei.com>
Subject: [RFC PATCH v2 04/34] lsm: introduce looping macros for the initialization code
Date: Mon, 21 Jul 2025 19:21:07 -0400 [thread overview]
Message-ID: <20250721232142.77224-40-paul@paul-moore.com> (raw)
In-Reply-To: <20250721232142.77224-36-paul@paul-moore.com>
There are three common for loop patterns in the LSM initialization code
to loop through the ordered LSM list and the registered "early" LSMs.
This patch implements these loop patterns as macros to help simplify the
code and reduce the change for errors.
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/lsm_init.c | 42 +++++++++++++++++++++++++++---------------
1 file changed, 27 insertions(+), 15 deletions(-)
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 7beb028a507b..a73c3769dfea 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -32,6 +32,15 @@ static __initdata bool debug;
pr_info(__VA_ARGS__); \
} while (0)
+#define lsm_order_for_each(iter) \
+ for ((iter) = ordered_lsms; *(iter); (iter)++)
+#define lsm_for_each_raw(iter) \
+ for ((iter) = __start_lsm_info; \
+ (iter) < __end_lsm_info; (iter)++)
+#define lsm_early_for_each_raw(iter) \
+ for ((iter) = __start_early_lsm_info; \
+ (iter) < __end_early_lsm_info; (iter)++)
+
static int lsm_append(const char *new, char **result);
/* Save user chosen LSM */
@@ -96,9 +105,10 @@ static bool __init exists_ordered_lsm(struct lsm_info *lsm)
{
struct lsm_info **check;
- for (check = ordered_lsms; *check; check++)
+ lsm_order_for_each(check) {
if (*check == lsm)
return true;
+ }
return false;
}
@@ -206,7 +216,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
char *sep, *name, *next;
/* LSM_ORDER_FIRST is always first. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (lsm->order == LSM_ORDER_FIRST)
append_ordered_lsm(lsm, " first");
}
@@ -221,8 +231,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
* if the selected one was separately disabled: disable
* all non-matching Legacy Major LSMs.
*/
- for (major = __start_lsm_info; major < __end_lsm_info;
- major++) {
+ lsm_for_each_raw(major) {
if ((major->flags & LSM_FLAG_LEGACY_MAJOR) &&
strcmp(major->name, chosen_major_lsm) != 0) {
set_enabled(major, false);
@@ -238,7 +247,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
while ((name = strsep(&next, ",")) != NULL) {
bool found = false;
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (strcmp(lsm->name, name) == 0) {
if (lsm->order == LSM_ORDER_MUTABLE)
append_ordered_lsm(lsm, origin);
@@ -253,7 +262,7 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
/* Process "security=", if given. */
if (chosen_major_lsm) {
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (exists_ordered_lsm(lsm))
continue;
if (strcmp(lsm->name, chosen_major_lsm) == 0)
@@ -262,13 +271,13 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
}
/* LSM_ORDER_LAST is always last. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (lsm->order == LSM_ORDER_LAST)
append_ordered_lsm(lsm, " last");
}
/* Disable all LSMs not in the ordered list. */
- for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
+ lsm_for_each_raw(lsm) {
if (exists_ordered_lsm(lsm))
continue;
set_enabled(lsm, false);
@@ -287,13 +296,14 @@ static void __init report_lsm_order(void)
pr_info("initializing lsm=");
/* Report each enabled LSM name, comma separated. */
- for (early = __start_early_lsm_info;
- early < __end_early_lsm_info; early++)
+ lsm_early_for_each_raw(early) {
if (is_enabled(early))
pr_cont("%s%s", first++ == 0 ? "" : ",", early->name);
- for (lsm = ordered_lsms; *lsm; lsm++)
+ }
+ lsm_order_for_each(lsm) {
if (is_enabled(*lsm))
pr_cont("%s%s", first++ == 0 ? "" : ",", (*lsm)->name);
+ }
pr_cont("\n");
}
@@ -340,8 +350,9 @@ static void __init ordered_lsm_init(void)
} else
ordered_lsm_parse(builtin_lsm_order, "builtin");
- for (lsm = ordered_lsms; *lsm; lsm++)
+ lsm_order_for_each(lsm) {
lsm_prepare(*lsm);
+ }
report_lsm_order();
@@ -376,8 +387,9 @@ static void __init ordered_lsm_init(void)
lsm_early_cred((struct cred *) current->cred);
lsm_early_task(current);
- for (lsm = ordered_lsms; *lsm; lsm++)
+ lsm_order_for_each(lsm) {
initialize_lsm(*lsm);
+ }
}
static bool match_last_lsm(const char *list, const char *lsm)
@@ -479,7 +491,7 @@ int __init early_security_init(void)
{
struct lsm_info *lsm;
- for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
+ lsm_early_for_each_raw(lsm) {
if (!lsm->enabled)
lsm->enabled = &lsm_enabled_true;
lsm_prepare(lsm);
@@ -506,7 +518,7 @@ int __init security_init(void)
* Append the names of the early LSM modules now that kmalloc() is
* available
*/
- for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) {
+ lsm_early_for_each_raw(lsm) {
init_debug(" early started: %s (%s)\n", lsm->name,
is_enabled(lsm) ? "enabled" : "disabled");
if (lsm->enabled)
--
2.50.1
next prev parent reply other threads:[~2025-07-21 23:24 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-21 23:21 [RFC PATCH v2 0/34] Rework the LSM initialization Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 01/34] lsm: split the notifier code out into lsm_notifier.c Paul Moore
2025-07-24 14:49 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 02/34] lsm: split the init code out into lsm_init.c Paul Moore
2025-07-24 14:50 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() Paul Moore
2025-07-24 14:52 ` Casey Schaufler
2025-07-21 23:21 ` Paul Moore [this message]
2025-07-24 15:10 ` [RFC PATCH v2 04/34] lsm: introduce looping macros for the initialization code Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 05/34] lsm: integrate report_lsm_order() code into caller Paul Moore
2025-07-24 15:19 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() " Paul Moore
2025-07-24 15:20 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered() Paul Moore
2025-07-24 15:28 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 08/34] lsm: replace the name field with a pointer to the lsm_id struct Paul Moore
2025-07-24 15:30 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 09/34] lsm: rename the lsm order variables for consistency Paul Moore
2025-07-24 15:31 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 10/34] lsm: rework lsm_active_cnt and lsm_idlist[] Paul Moore
2025-07-24 15:34 ` Casey Schaufler
2025-07-25 0:26 ` Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 11/34] lsm: get rid of the lsm_names list and do some cleanup Paul Moore
2025-07-24 15:39 ` Casey Schaufler
2025-07-25 2:28 ` Paul Moore
2025-07-25 14:26 ` Casey Schaufler
2025-07-25 16:42 ` Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 12/34] lsm: rework the LSM enable/disable setter/getter functions Paul Moore
2025-07-24 15:44 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists() Paul Moore
2025-07-24 15:45 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append() Paul Moore
2025-07-24 15:47 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() Paul Moore
2025-07-24 15:48 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 16/34] lsm: cleanup the LSM blob size code Paul Moore
2025-07-24 23:28 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single() Paul Moore
2025-07-24 23:29 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 18/34] lsm: fold lsm_init_ordered() into security_init() Paul Moore
2025-07-24 23:30 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 19/34] lsm: add/tweak function header comment blocks in lsm_init.c Paul Moore
2025-07-24 23:31 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 20/34] lsm: cleanup the debug and console output " Paul Moore
2025-07-24 23:32 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 21/34] lsm: output available LSMs when debugging Paul Moore
2025-07-24 23:33 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions Paul Moore
2025-07-24 23:34 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 23/34] lsm: introduce an initcall mechanism into the LSM framework Paul Moore
2025-07-24 23:35 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 24/34] loadpin: move initcalls to " Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 25/34] ipe: " Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 26/34] smack: " Paul Moore
2025-07-24 23:36 ` Casey Schaufler
2025-07-28 9:46 ` Roberto Sassu
2025-07-28 22:34 ` Paul Moore
2025-07-28 23:56 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 27/34] tomoyo: " Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 28/34] safesetid: " Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 29/34] apparmor: " Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 30/34] lockdown: " Paul Moore
2025-07-25 8:12 ` Xiu Jianfeng
2025-07-25 16:51 ` Paul Moore
2025-07-26 9:38 ` xiujianfeng
2025-07-28 21:49 ` Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 31/34] ima,evm: " Paul Moore
2025-07-21 23:30 ` Paul Moore
2025-07-21 23:34 ` Paul Moore
2025-07-28 9:46 ` Nicolas Bouchinet
2025-07-28 10:43 ` Roberto Sassu
2025-07-28 23:17 ` Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 32/34] selinux: " Paul Moore
2025-07-21 23:21 ` [RFC PATCH v2 33/34] lsm: consolidate all of the LSM framework initcalls Paul Moore
2025-07-24 23:37 ` Casey Schaufler
2025-07-21 23:21 ` [RFC PATCH v2 34/34] lsm: add a LSM_STARTED_ALL notification event Paul Moore
2025-07-24 23:38 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250721232142.77224-40-paul@paul-moore.com \
--to=paul@paul-moore.com \
--cc=casey@schaufler-ca.com \
--cc=gnoack@google.com \
--cc=john.johansen@canonical.com \
--cc=kees@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=mortonm@chromium.org \
--cc=nicolas.bouchinet@oss.cyber.gouv.fr \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=roberto.sassu@huawei.com \
--cc=selinux@vger.kernel.org \
--cc=wufan@kernel.org \
--cc=xiujianfeng@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).