diff options
| author | Casey Schaufler <casey@schaufler-ca.com> | 2024-07-10 14:32:29 -0700 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-07-29 16:54:52 -0400 |
| commit | 66de33a0bbb59ef3909d2c65dbbb7fc503d573bd (patch) | |
| tree | 9f6269a38c23b93663e5927567a14628017679cf /security/selinux | |
| parent | a39c0f77dbbe083f3eec6c3b32d90f168f7575eb (diff) | |
| download | lwn-66de33a0bbb59ef3909d2c65dbbb7fc503d573bd.tar.gz lwn-66de33a0bbb59ef3909d2c65dbbb7fc503d573bd.zip | |
lsm: infrastructure management of the infiniband blob
Move management of the infiniband security blob out of the individual
security modules and into the LSM infrastructure. The security modules
tell the infrastructure how much space they require at initialization.
There are no longer any modules that require the ib_free() hook.
The hook definition has been removed.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
[PM: subject tweak, selinux style fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 16 | ||||
| -rw-r--r-- | security/selinux/include/objsec.h | 5 |
2 files changed, 8 insertions, 13 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 793cfdc4c0ef..675c69ebb77c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6781,23 +6781,13 @@ static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name, INFINIBAND_ENDPORT__MANAGE_SUBNET, &ad); } -static int selinux_ib_alloc_security(void **ib_sec) +static int selinux_ib_alloc_security(void *ib_sec) { - struct ib_security_struct *sec; + struct ib_security_struct *sec = selinux_ib(ib_sec); - sec = kzalloc(sizeof(*sec), GFP_KERNEL); - if (!sec) - return -ENOMEM; sec->sid = current_sid(); - - *ib_sec = sec; return 0; } - -static void selinux_ib_free_security(void *ib_sec) -{ - kfree(ib_sec); -} #endif #ifdef CONFIG_BPF_SYSCALL @@ -6969,6 +6959,7 @@ struct lsm_blob_sizes selinux_blob_sizes __ro_after_init = { .lbs_superblock = sizeof(struct superblock_security_struct), .lbs_xattr_count = SELINUX_INODE_INIT_XATTRS, .lbs_tun_dev = sizeof(struct tun_security_struct), + .lbs_ib = sizeof(struct ib_security_struct), }; #ifdef CONFIG_PERF_EVENTS @@ -7288,7 +7279,6 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(ib_pkey_access, selinux_ib_pkey_access), LSM_HOOK_INIT(ib_endport_manage_subnet, selinux_ib_endport_manage_subnet), - LSM_HOOK_INIT(ib_free_security, selinux_ib_free_security), #endif #ifdef CONFIG_SECURITY_NETWORK_XFRM LSM_HOOK_INIT(xfrm_policy_free_security, selinux_xfrm_policy_free), diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index b7d4b1fc8fee..ed9e37f3c9b5 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h @@ -212,4 +212,9 @@ static inline struct tun_security_struct *selinux_tun_dev(void *security) return security + selinux_blob_sizes.lbs_tun_dev; } +static inline struct ib_security_struct *selinux_ib(void *ib_sec) +{ + return ib_sec + selinux_blob_sizes.lbs_ib; +} + #endif /* _SELINUX_OBJSEC_H_ */ |