Re: [RFC PATCH 10/29] lsm: cleanup the LSM blob size code

John Johansen Tue, 15 Apr 2025 16:03:22 -0700

On 4/9/25 11:49, Paul Moore wrote:

Convert the lsm_blob_size fields to unsigned integers as there is no
current need for them to be negative, change "lsm_set_blob_size()" to
"lsm_blob_size_update()" to better reflect reality, and perform some
other minor cleanups to the associated code.


Signed-off-by: Paul Moore <p...@paul-moore.com>


Reviewed-by: John Johansen <john.johan...@canonical.com>

---
  include/linux/lsm_hooks.h | 28 +++++++++++-----------
  security/lsm_init.c       | 50 +++++++++++++++++++++++----------------
  2 files changed, 43 insertions(+), 35 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index bc477fb20d02..a7ecb0791a0f 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -102,20 +102,20 @@ struct security_hook_list {
   * Security blob size or offset data.
   */
  struct lsm_blob_sizes {
-       int lbs_cred;
-       int lbs_file;
-       int lbs_ib;
-       int lbs_inode;
-       int lbs_sock;
-       int lbs_superblock;
-       int lbs_ipc;
-       int lbs_key;
-       int lbs_msg_msg;
-       int lbs_perf_event;
-       int lbs_task;
-       int lbs_xattr_count; /* number of xattr slots in new_xattrs array */
-       int lbs_tun_dev;
-       int lbs_bdev;
+       unsigned int lbs_cred;
+       unsigned int lbs_file;
+       unsigned int lbs_ib;
+       unsigned int lbs_inode;
+       unsigned int lbs_sock;
+       unsigned int lbs_superblock;
+       unsigned int lbs_ipc;
+       unsigned int lbs_key;
+       unsigned int lbs_msg_msg;
+       unsigned int lbs_perf_event;
+       unsigned int lbs_task;
+       unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
+       unsigned int lbs_tun_dev;
+       unsigned int lbs_bdev;
  };

/*

diff --git a/security/lsm_init.c b/security/lsm_init.c
index 7f2bc8c22ce9..9bb4b4fc9888 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -148,16 +148,22 @@ static void __init lsm_order_append(struct lsm_info *lsm, 
const char *src)
                   lsm_is_enabled(lsm) ? "enabled" : "disabled");
  }

-static void __init lsm_set_blob_size(int *need, int *lbs)

+/**
+ * lsm_blob_size_update - Update the LSM blob size and offset information
+ * @sz_req: the requested additional blob size
+ * @sz_cur: the existing blob size
+ */
+static void __init lsm_blob_size_update(unsigned int *sz_req,
+                                       unsigned int *sz_cur)
  {
-       int offset;
+       unsigned int offset;

- if (*need <= 0)

+       if (*sz_req == 0)
                return;

- offset = ALIGN(*lbs, sizeof(void *));

-       *lbs = offset + *need;
-       *need = offset;
+       offset = ALIGN(*sz_cur, sizeof(void *));
+       *sz_cur = offset + *sz_req;
+       *sz_req = offset;
  }

/**

@@ -186,24 +192,26 @@ static void __init lsm_prep_single(struct lsm_info *lsm)

/* Register the LSM blob sizes. */

        blobs = lsm->blobs;
-       lsm_set_blob_size(&blobs->lbs_cred, &blob_sizes.lbs_cred);
-       lsm_set_blob_size(&blobs->lbs_file, &blob_sizes.lbs_file);
-       lsm_set_blob_size(&blobs->lbs_ib, &blob_sizes.lbs_ib);
+       lsm_blob_size_update(&blobs->lbs_cred, &blob_sizes.lbs_cred);
+       lsm_blob_size_update(&blobs->lbs_file, &blob_sizes.lbs_file);
+       lsm_blob_size_update(&blobs->lbs_ib, &blob_sizes.lbs_ib);
        /* inode blob gets an rcu_head in addition to LSM blobs. */
        if (blobs->lbs_inode && blob_sizes.lbs_inode == 0)
                blob_sizes.lbs_inode = sizeof(struct rcu_head);
-       lsm_set_blob_size(&blobs->lbs_inode, &blob_sizes.lbs_inode);
-       lsm_set_blob_size(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
-       lsm_set_blob_size(&blobs->lbs_key, &blob_sizes.lbs_key);
-       lsm_set_blob_size(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
-       lsm_set_blob_size(&blobs->lbs_perf_event, &blob_sizes.lbs_perf_event);
-       lsm_set_blob_size(&blobs->lbs_sock, &blob_sizes.lbs_sock);
-       lsm_set_blob_size(&blobs->lbs_superblock, &blob_sizes.lbs_superblock);
-       lsm_set_blob_size(&blobs->lbs_task, &blob_sizes.lbs_task);
-       lsm_set_blob_size(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
-       lsm_set_blob_size(&blobs->lbs_xattr_count,
-                         &blob_sizes.lbs_xattr_count);
-       lsm_set_blob_size(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
+       lsm_blob_size_update(&blobs->lbs_inode, &blob_sizes.lbs_inode);
+       lsm_blob_size_update(&blobs->lbs_ipc, &blob_sizes.lbs_ipc);
+       lsm_blob_size_update(&blobs->lbs_key, &blob_sizes.lbs_key);
+       lsm_blob_size_update(&blobs->lbs_msg_msg, &blob_sizes.lbs_msg_msg);
+       lsm_blob_size_update(&blobs->lbs_perf_event,
+                            &blob_sizes.lbs_perf_event);
+       lsm_blob_size_update(&blobs->lbs_sock, &blob_sizes.lbs_sock);
+       lsm_blob_size_update(&blobs->lbs_superblock,
+                            &blob_sizes.lbs_superblock);
+       lsm_blob_size_update(&blobs->lbs_task, &blob_sizes.lbs_task);
+       lsm_blob_size_update(&blobs->lbs_tun_dev, &blob_sizes.lbs_tun_dev);
+       lsm_blob_size_update(&blobs->lbs_xattr_count,
+                            &blob_sizes.lbs_xattr_count);
+       lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
  }

/* Initialize a given LSM, if it is enabled. */

Re: [RFC PATCH 10/29] lsm: cleanup the LSM blob size code

Reply via email to