| Message ID | 20231110173427.79275-2-paul@paul-moore.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | lsm: mark the lsm_id variables are marked as static | expand |
On 11/10/2023 9:34 AM, Paul Moore wrote: > As the kernel test robot helpfully reminded us, all of the lsm_id > instances defined inside the various LSMs should be marked as static. > The one exception is Landlock which uses its lsm_id variable across > multiple source files with an extern declaration in a header file. > > Reported-by: kernel test robot <lkp@intel.com> > Suggested-by: Casey Schaufler <casey@schaufler-ca.com> > Signed-off-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> > --- > security/apparmor/lsm.c | 2 +- > security/bpf/hooks.c | 2 +- > security/commoncap.c | 2 +- > security/loadpin/loadpin.c | 2 +- > security/safesetid/lsm.c | 2 +- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c | 2 +- > security/tomoyo/tomoyo.c | 2 +- > security/yama/yama_lsm.c | 2 +- > 9 files changed, 9 insertions(+), 9 deletions(-) > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index 332198e0a017..e490a7000408 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -1454,7 +1454,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __ro_after_init = { > .lbs_task = sizeof(struct aa_task_ctx), > }; > > -const struct lsm_id apparmor_lsmid = { > +static const struct lsm_id apparmor_lsmid = { > .name = "apparmor", > .id = LSM_ID_APPARMOR, > }; > diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c > index 91011e0c361a..57b9ffd53c98 100644 > --- a/security/bpf/hooks.c > +++ b/security/bpf/hooks.c > @@ -16,7 +16,7 @@ static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = { > LSM_HOOK_INIT(task_free, bpf_task_storage_free), > }; > > -const struct lsm_id bpf_lsmid = { > +static const struct lsm_id bpf_lsmid = { > .name = "bpf", > .id = LSM_ID_BPF, > }; > diff --git a/security/commoncap.c b/security/commoncap.c > index a64c0c8592bb..162d96b3a676 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -1441,7 +1441,7 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, > > #ifdef CONFIG_SECURITY > > -const struct lsm_id capability_lsmid = { > +static const struct lsm_id capability_lsmid = { > .name = "capability", > .id = LSM_ID_CAPABILITY, > }; > diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c > index d682a851de58..8e93cda130f1 100644 > --- a/security/loadpin/loadpin.c > +++ b/security/loadpin/loadpin.c > @@ -209,7 +209,7 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) > return loadpin_check(NULL, (enum kernel_read_file_id) id); > } > > -const struct lsm_id loadpin_lsmid = { > +static const struct lsm_id loadpin_lsmid = { > .name = "loadpin", > .id = LSM_ID_LOADPIN, > }; > diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c > index f42d5af5ffb0..1ba564f097f5 100644 > --- a/security/safesetid/lsm.c > +++ b/security/safesetid/lsm.c > @@ -262,7 +262,7 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old > return 0; > } > > -const struct lsm_id safesetid_lsmid = { > +static const struct lsm_id safesetid_lsmid = { > .name = "safesetid", > .id = LSM_ID_SAFESETID, > }; > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 942f2b8c4ebb..b340425ccfae 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -7031,7 +7031,7 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) > } > #endif /* CONFIG_IO_URING */ > > -const struct lsm_id selinux_lsmid = { > +static const struct lsm_id selinux_lsmid = { > .name = "selinux", > .id = LSM_ID_SELINUX, > }; > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 99664c8cf867..53336d7daa93 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -5006,7 +5006,7 @@ struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { > .lbs_xattr_count = SMACK_INODE_INIT_XATTRS, > }; > > -const struct lsm_id smack_lsmid = { > +static const struct lsm_id smack_lsmid = { > .name = "smack", > .id = LSM_ID_SMACK, > }; > diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c > index 722205433105..e10491f155a5 100644 > --- a/security/tomoyo/tomoyo.c > +++ b/security/tomoyo/tomoyo.c > @@ -543,7 +543,7 @@ static void tomoyo_task_free(struct task_struct *task) > } > } > > -const struct lsm_id tomoyo_lsmid = { > +static const struct lsm_id tomoyo_lsmid = { > .name = "tomoyo", > .id = LSM_ID_TOMOYO, > }; > diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c > index 5cdff292fcae..49dc52b454ef 100644 > --- a/security/yama/yama_lsm.c > +++ b/security/yama/yama_lsm.c > @@ -422,7 +422,7 @@ static int yama_ptrace_traceme(struct task_struct *parent) > return rc; > } > > -const struct lsm_id yama_lsmid = { > +static const struct lsm_id yama_lsmid = { > .name = "yama", > .id = LSM_ID_YAMA, > };
On Fri, Nov 10, 2023 at 3:23 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > > On 11/10/2023 9:34 AM, Paul Moore wrote: > > As the kernel test robot helpfully reminded us, all of the lsm_id > > instances defined inside the various LSMs should be marked as static. > > The one exception is Landlock which uses its lsm_id variable across > > multiple source files with an extern declaration in a header file. > > > > Reported-by: kernel test robot <lkp@intel.com> > > Suggested-by: Casey Schaufler <casey@schaufler-ca.com> > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Thanks Casey, I've gone ahead and merge this into lsm/dev-staging.
On Fri, Nov 10, 2023 at 4:36 PM Paul Moore <paul@paul-moore.com> wrote: > On Fri, Nov 10, 2023 at 3:23 PM Casey Schaufler <casey@schaufler-ca.com> wrote: > > > > On 11/10/2023 9:34 AM, Paul Moore wrote: > > > As the kernel test robot helpfully reminded us, all of the lsm_id > > > instances defined inside the various LSMs should be marked as static. > > > The one exception is Landlock which uses its lsm_id variable across > > > multiple source files with an extern declaration in a header file. > > > > > > Reported-by: kernel test robot <lkp@intel.com> > > > Suggested-by: Casey Schaufler <casey@schaufler-ca.com> > > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > > > Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> > > Thanks Casey, I've gone ahead and merge this into lsm/dev-staging. Merged into lsm/dev.
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 332198e0a017..e490a7000408 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1454,7 +1454,7 @@ struct lsm_blob_sizes apparmor_blob_sizes __ro_after_init = { .lbs_task = sizeof(struct aa_task_ctx), }; -const struct lsm_id apparmor_lsmid = { +static const struct lsm_id apparmor_lsmid = { .name = "apparmor", .id = LSM_ID_APPARMOR, }; diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index 91011e0c361a..57b9ffd53c98 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -16,7 +16,7 @@ static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = { LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; -const struct lsm_id bpf_lsmid = { +static const struct lsm_id bpf_lsmid = { .name = "bpf", .id = LSM_ID_BPF, }; diff --git a/security/commoncap.c b/security/commoncap.c index a64c0c8592bb..162d96b3a676 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1441,7 +1441,7 @@ int cap_mmap_file(struct file *file, unsigned long reqprot, #ifdef CONFIG_SECURITY -const struct lsm_id capability_lsmid = { +static const struct lsm_id capability_lsmid = { .name = "capability", .id = LSM_ID_CAPABILITY, }; diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index d682a851de58..8e93cda130f1 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -209,7 +209,7 @@ static int loadpin_load_data(enum kernel_load_data_id id, bool contents) return loadpin_check(NULL, (enum kernel_read_file_id) id); } -const struct lsm_id loadpin_lsmid = { +static const struct lsm_id loadpin_lsmid = { .name = "loadpin", .id = LSM_ID_LOADPIN, }; diff --git a/security/safesetid/lsm.c b/security/safesetid/lsm.c index f42d5af5ffb0..1ba564f097f5 100644 --- a/security/safesetid/lsm.c +++ b/security/safesetid/lsm.c @@ -262,7 +262,7 @@ static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old return 0; } -const struct lsm_id safesetid_lsmid = { +static const struct lsm_id safesetid_lsmid = { .name = "safesetid", .id = LSM_ID_SAFESETID, }; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 942f2b8c4ebb..b340425ccfae 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -7031,7 +7031,7 @@ static int selinux_uring_cmd(struct io_uring_cmd *ioucmd) } #endif /* CONFIG_IO_URING */ -const struct lsm_id selinux_lsmid = { +static const struct lsm_id selinux_lsmid = { .name = "selinux", .id = LSM_ID_SELINUX, }; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 99664c8cf867..53336d7daa93 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -5006,7 +5006,7 @@ struct lsm_blob_sizes smack_blob_sizes __ro_after_init = { .lbs_xattr_count = SMACK_INODE_INIT_XATTRS, }; -const struct lsm_id smack_lsmid = { +static const struct lsm_id smack_lsmid = { .name = "smack", .id = LSM_ID_SMACK, }; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 722205433105..e10491f155a5 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -543,7 +543,7 @@ static void tomoyo_task_free(struct task_struct *task) } } -const struct lsm_id tomoyo_lsmid = { +static const struct lsm_id tomoyo_lsmid = { .name = "tomoyo", .id = LSM_ID_TOMOYO, }; diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 5cdff292fcae..49dc52b454ef 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -422,7 +422,7 @@ static int yama_ptrace_traceme(struct task_struct *parent) return rc; } -const struct lsm_id yama_lsmid = { +static const struct lsm_id yama_lsmid = { .name = "yama", .id = LSM_ID_YAMA, };
As the kernel test robot helpfully reminded us, all of the lsm_id instances defined inside the various LSMs should be marked as static. The one exception is Landlock which uses its lsm_id variable across multiple source files with an extern declaration in a header file. Reported-by: kernel test robot <lkp@intel.com> Suggested-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Paul Moore <paul@paul-moore.com> --- security/apparmor/lsm.c | 2 +- security/bpf/hooks.c | 2 +- security/commoncap.c | 2 +- security/loadpin/loadpin.c | 2 +- security/safesetid/lsm.c | 2 +- security/selinux/hooks.c | 2 +- security/smack/smack_lsm.c | 2 +- security/tomoyo/tomoyo.c | 2 +- security/yama/yama_lsm.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-)