Message ID | ba64c849-88ca-4890-8c05-d6fc268f14d4@I-love.SAKURA.ne.jp (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | BPF |
Headers | show |
Series | LSM: Officially support appending LSM hooks after boot. | expand |
Context | Check | Description |
---|---|---|
netdev/tree_selection | success | Not a local patch |
bpf/vmtest-bpf-VM_Test-0 | success | Logs for Lint |
bpf/vmtest-bpf-VM_Test-1 | success | Logs for ShellCheck |
bpf/vmtest-bpf-VM_Test-2 | success | Logs for Validate matrix.py |
bpf/vmtest-bpf-VM_Test-3 | fail | Logs for aarch64-gcc / build / build for aarch64 with gcc |
bpf/vmtest-bpf-VM_Test-5 | success | Logs for aarch64-gcc / veristat |
bpf/vmtest-bpf-VM_Test-4 | success | Logs for aarch64-gcc / test |
bpf/vmtest-bpf-PR | fail | PR summary |
bpf/vmtest-bpf-VM_Test-7 | success | Logs for s390x-gcc / test |
bpf/vmtest-bpf-VM_Test-6 | fail | Logs for s390x-gcc / build / build for s390x with gcc |
bpf/vmtest-bpf-VM_Test-15 | success | Logs for x86_64-llvm-16 / veristat |
bpf/vmtest-bpf-VM_Test-11 | success | Logs for x86_64-gcc / test |
bpf/vmtest-bpf-VM_Test-8 | success | Logs for s390x-gcc / veristat |
bpf/vmtest-bpf-VM_Test-9 | success | Logs for set-matrix |
bpf/vmtest-bpf-VM_Test-13 | fail | Logs for x86_64-llvm-16 / build / build for x86_64 with llvm-16 |
bpf/vmtest-bpf-VM_Test-10 | fail | Logs for x86_64-gcc / build / build for x86_64 with gcc |
bpf/vmtest-bpf-VM_Test-12 | success | Logs for x86_64-gcc / veristat |
bpf/vmtest-bpf-VM_Test-14 | success | Logs for x86_64-llvm-16 / test |
diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h index 1de7ece5d36d..01b7a2913cb1 100644 --- a/include/linux/bpf_lsm.h +++ b/include/linux/bpf_lsm.h @@ -16,7 +16,6 @@ #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ RET bpf_lsm_##NAME(__VA_ARGS__); #include <linux/lsm_hook_defs.h> -#undef LSM_HOOK struct bpf_storage_blob { struct bpf_local_storage __rcu *storage; diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ff217a5ce552..3febbe4ef87c 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -23,7 +23,6 @@ * struct security_hook_heads { * #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME; * #include <linux/lsm_hook_defs.h> - * #undef LSM_HOOK * }; */ LSM_HOOK(int, 0, binder_set_context_mgr, const struct cred *mgr) @@ -419,3 +418,5 @@ LSM_HOOK(int, 0, uring_override_creds, const struct cred *new) LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +#undef LSM_HOOK diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index dcb5e5b5eb13..4ba1aedc7901 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -33,13 +33,11 @@ union security_list_options { #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__); #include "lsm_hook_defs.h" - #undef LSM_HOOK }; struct security_hook_heads { #define LSM_HOOK(RET, DEFAULT, NAME, ...) struct hlist_head NAME; #include "lsm_hook_defs.h" - #undef LSM_HOOK } __randomize_layout; /* diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c index e14c822f8911..025d05c30f11 100644 --- a/kernel/bpf/bpf_lsm.c +++ b/kernel/bpf/bpf_lsm.c @@ -26,14 +26,11 @@ noinline RET bpf_lsm_##NAME(__VA_ARGS__) \ { \ return DEFAULT; \ } - #include <linux/lsm_hook_defs.h> -#undef LSM_HOOK #define LSM_HOOK(RET, DEFAULT, NAME, ...) BTF_ID(func, bpf_lsm_##NAME) BTF_SET_START(bpf_lsm_hooks) #include <linux/lsm_hook_defs.h> -#undef LSM_HOOK BTF_SET_END(bpf_lsm_hooks) /* List of LSM hooks that should operate on 'current' cgroup regardless diff --git a/security/bpf/hooks.c b/security/bpf/hooks.c index cfaf1d0e6a5f..93bd9b2cf8fc 100644 --- a/security/bpf/hooks.c +++ b/security/bpf/hooks.c @@ -10,7 +10,6 @@ static struct security_hook_list bpf_lsm_hooks[] __ro_after_init = { #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ LSM_HOOK_INIT(NAME, bpf_lsm_##NAME), #include <linux/lsm_hook_defs.h> - #undef LSM_HOOK LSM_HOOK_INIT(inode_free_security, bpf_inode_storage_free), LSM_HOOK_INIT(task_free, bpf_task_storage_free), }; diff --git a/security/security.c b/security/security.c index dcb3e7014f9b..d35d50b218c6 100644 --- a/security/security.c +++ b/security/security.c @@ -407,7 +407,6 @@ int __init early_security_init(void) #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ INIT_HLIST_HEAD(&security_hook_heads.NAME); #include "linux/lsm_hook_defs.h" -#undef LSM_HOOK for (lsm = __start_early_lsm_info; lsm < __end_early_lsm_info; lsm++) { if (!lsm->enabled) @@ -749,9 +748,7 @@ static int lsm_superblock_alloc(struct super_block *sb) static const int __maybe_unused LSM_RET_DEFAULT(NAME) = (DEFAULT); #define LSM_HOOK(RET, DEFAULT, NAME, ...) \ DECLARE_LSM_RET_DEFAULT_##RET(DEFAULT, NAME) - #include <linux/lsm_hook_defs.h> -#undef LSM_HOOK /* * Hook list operation macros.
Since all users are doing "#undef LSM_HOOK" immediately after "#include <linux/lsm_hook_defs.h>" line, let lsm_hook_defs.h do it. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- include/linux/bpf_lsm.h | 1 - include/linux/lsm_hook_defs.h | 3 ++- include/linux/lsm_hooks.h | 2 -- kernel/bpf/bpf_lsm.c | 3 --- security/bpf/hooks.c | 1 - security/security.c | 3 --- 6 files changed, 2 insertions(+), 11 deletions(-)