[RFC,11/29] lsm: cleanup initialize_lsm() and rename to lsm_init_single()

Commit Message

Paul Moore April 9, 2025, 6:49 p.m. UTC

One part of a larger effort to cleanup the LSM framework initialization
code.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/lsm_init.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

Comments

Kees Cook April 9, 2025, 11:30 p.m. UTC | #1

On Wed, Apr 09, 2025 at 02:49:56PM -0400, Paul Moore wrote:
> One part of a larger effort to cleanup the LSM framework initialization
> code.
> 
> Signed-off-by: Paul Moore <paul@paul-moore.com>

Yup, better structure for "exit on fail" instead of indented normal code
flow. :)

Reviewed-by: Kees Cook <kees@kernel.org>

John Johansen April 15, 2025, 11:04 p.m. UTC | #2

On 4/9/25 11:49, Paul Moore wrote:
> One part of a larger effort to cleanup the LSM framework initialization
> code.
> 
> Signed-off-by: Paul Moore <paul@paul-moore.com>


Reviewed-by: John Johansen <john.johansen@canonical.com>

> ---
>   security/lsm_init.c | 24 ++++++++++++++----------
>   1 file changed, 14 insertions(+), 10 deletions(-)
> 
> diff --git a/security/lsm_init.c b/security/lsm_init.c
> index 9bb4b4fc9888..163fc2a1a952 100644
> --- a/security/lsm_init.c
> +++ b/security/lsm_init.c
> @@ -214,16 +214,20 @@ static void __init lsm_prep_single(struct lsm_info *lsm)
>   	lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
>   }
>   
> -/* Initialize a given LSM, if it is enabled. */
> -static void __init initialize_lsm(struct lsm_info *lsm)
> +/**
> + * lsm_init_single - Initialize a given LSM
> + * @lsm: LSM definition
> + */
> +static void __init lsm_init_single(struct lsm_info *lsm)
>   {
> -	if (lsm_is_enabled(lsm)) {
> -		int ret;
> +	int ret;
>   
> -		init_debug("initializing %s\n", lsm->id->name);
> -		ret = lsm->init();
> -		WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
> -	}
> +	if (!lsm_is_enabled(lsm))
> +		return;
> +
> +	init_debug("initializing %s\n", lsm->id->name);
> +	ret = lsm->init();
> +	WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
>   }
>   
>   /* Populate ordered LSMs list from comma-separated LSM name list. */
> @@ -374,7 +378,7 @@ static void __init lsm_init_ordered(void)
>   		panic("%s: early task alloc failed.\n", __func__);
>   
>   	lsm_order_for_each(lsm) {
> -		initialize_lsm(*lsm);
> +		lsm_init_single(*lsm);
>   	}
>   }
>   
> @@ -423,7 +427,7 @@ int __init early_security_init(void)
>   	lsm_early_for_each_raw(lsm) {
>   		lsm_enabled_set(lsm, true);
>   		lsm_prep_single(lsm);
> -		initialize_lsm(lsm);
> +		lsm_init_single(lsm);
>   	}
>   
>   	return 0;

Patch

diff --git a/security/lsm_init.c b/security/lsm_init.c
index 9bb4b4fc9888..163fc2a1a952 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -214,16 +214,20 @@  static void __init lsm_prep_single(struct lsm_info *lsm)
 	lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
 }
 
-/* Initialize a given LSM, if it is enabled. */
-static void __init initialize_lsm(struct lsm_info *lsm)
+/**
+ * lsm_init_single - Initialize a given LSM
+ * @lsm: LSM definition
+ */
+static void __init lsm_init_single(struct lsm_info *lsm)
 {
-	if (lsm_is_enabled(lsm)) {
-		int ret;
+	int ret;
 
-		init_debug("initializing %s\n", lsm->id->name);
-		ret = lsm->init();
-		WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
-	}
+	if (!lsm_is_enabled(lsm))
+		return;
+
+	init_debug("initializing %s\n", lsm->id->name);
+	ret = lsm->init();
+	WARN(ret, "%s failed to initialize: %d\n", lsm->id->name, ret);
 }
 
 /* Populate ordered LSMs list from comma-separated LSM name list. */
@@ -374,7 +378,7 @@  static void __init lsm_init_ordered(void)
 		panic("%s: early task alloc failed.\n", __func__);
 
 	lsm_order_for_each(lsm) {
-		initialize_lsm(*lsm);
+		lsm_init_single(*lsm);
 	}
 }
 
@@ -423,7 +427,7 @@  int __init early_security_init(void)
 	lsm_early_for_each_raw(lsm) {
 		lsm_enabled_set(lsm, true);
 		lsm_prep_single(lsm);
-		initialize_lsm(lsm);
+		lsm_init_single(lsm);
 	}
 
 	return 0;