| Message ID | 20210910094544.3430125-1-bigeasy@linutronix.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block | expand |
On 9/10/2021 2:45 AM, Sebastian Andrzej Siewior wrote: > The mutex smack_ipv6_lock is only used with the SMACK_IPV6_PORT_LABELING > block but its definition is outside of the block. This leads to a > defined-but-not-used warning on PREEMPT_RT. > > Moving smack_ipv6_lock down to the block where it is used where it used > raises the question why is smk_ipv6_port_list read if nothing is added > to it. > Turns out, only smk_ipv6_port_check() is using it outside of an ifdef > SMACK_IPV6_PORT_LABELING block. However two of three caller invoke > smk_ipv6_port_check() from a ifdef block and only one is using > __is_defined() macro which requires the function and smk_ipv6_port_list > to be around. > > Put the lock and list inside an ifdef SMACK_IPV6_PORT_LABELING block to > avoid the warning regarding unused mutex. Extend the ifdef-block to also > cover smk_ipv6_port_check(). Make smack_socket_connect() use ifdef > instead of __is_defined() to avoid complains about missing function. > > Cc: Casey Schaufler <casey@schaufler-ca.com> This is the Smack maintainer, to whom you should send the next revision. > Cc: James Morris <jmorris@namei.org> > Cc: "Serge E. Hallyn" <serge@hallyn.com> > Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> > --- > security/smack/smack_lsm.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index cacbe75185194..fd9e6b54907ee 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -51,8 +51,10 @@ > #define SMK_RECEIVING 1 > #define SMK_SENDING 2 > > +#ifdef SMACK_IPV6_PORT_LABELING > static DEFINE_MUTEX(smack_ipv6_lock); > static LIST_HEAD(smk_ipv6_port_list); > +#endif > struct kmem_cache *smack_rule_cache; > int smack_enabled __initdata; > > @@ -2603,7 +2605,6 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) > mutex_unlock(&smack_ipv6_lock); > return; > } > -#endif > > /** > * smk_ipv6_port_check - check Smack port access > @@ -2666,6 +2667,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, > > return smk_ipv6_check(skp, object, address, act); > } > +#endif > > /** > * smack_inode_setsecurity - set smack xattrs > @@ -2852,8 +2854,9 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, > rc = smk_ipv6_check(ssp->smk_out, rsp, sip, > SMK_CONNECTING); > } > - if (__is_defined(SMACK_IPV6_PORT_LABELING)) > +#ifdef SMACK_IPV6_PORT_LABELING > rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); > +#endif Fix the indentation. Also, the patch came through with some html artifacts. Please fix the indentation and resubmit. Thank you. > > return rc; > }
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index cacbe75185194..fd9e6b54907ee 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -51,8 +51,10 @@ #define SMK_RECEIVING 1 #define SMK_SENDING 2 +#ifdef SMACK_IPV6_PORT_LABELING static DEFINE_MUTEX(smack_ipv6_lock); static LIST_HEAD(smk_ipv6_port_list); +#endif struct kmem_cache *smack_rule_cache; int smack_enabled __initdata; @@ -2603,7 +2605,6 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) mutex_unlock(&smack_ipv6_lock); return; } -#endif /** * smk_ipv6_port_check - check Smack port access @@ -2666,6 +2667,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, return smk_ipv6_check(skp, object, address, act); } +#endif /** * smack_inode_setsecurity - set smack xattrs @@ -2852,8 +2854,9 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, rc = smk_ipv6_check(ssp->smk_out, rsp, sip, SMK_CONNECTING); } - if (__is_defined(SMACK_IPV6_PORT_LABELING)) +#ifdef SMACK_IPV6_PORT_LABELING rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); +#endif return rc; }
The mutex smack_ipv6_lock is only used with the SMACK_IPV6_PORT_LABELING block but its definition is outside of the block. This leads to a defined-but-not-used warning on PREEMPT_RT. Moving smack_ipv6_lock down to the block where it is used where it used raises the question why is smk_ipv6_port_list read if nothing is added to it. Turns out, only smk_ipv6_port_check() is using it outside of an ifdef SMACK_IPV6_PORT_LABELING block. However two of three caller invoke smk_ipv6_port_check() from a ifdef block and only one is using __is_defined() macro which requires the function and smk_ipv6_port_list to be around. Put the lock and list inside an ifdef SMACK_IPV6_PORT_LABELING block to avoid the warning regarding unused mutex. Extend the ifdef-block to also cover smk_ipv6_port_check(). Make smack_socket_connect() use ifdef instead of __is_defined() to avoid complains about missing function. Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> --- security/smack/smack_lsm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)