korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

lsm: add helper for blob allocations

Browse Source 
Create a helper function lsm_blob_alloc() for general use in the hook
specific functions that allocate LSM blobs. Change the hook specific
functions to use this helper. This reduces the code size by a small
amount and will make adding new instances of infrastructure managed
security blobs easier.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johansen@canonical.com>
[PM: subject tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Casey Schaufler 2024-07-10 14:32:27 -07:00 committed by Paul Moore
parent 5f8d28f6d7
commit 09001284ee
1 changed files with 34 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
security/security.c
View File

@ -602,6 +602,29 @@ int unregister_blocking_lsm_notifier(struct notifier_block *nb)
}
EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
/**
* lsm_blob_alloc - allocate a composite blob
* @dest: the destination for the blob
* @size: the size of the blob
* @gfp: allocation type
*
* Allocate a blob for all the modules
*
* Returns 0, or -ENOMEM if memory can't be allocated.
*/
static int lsm_blob_alloc(void **dest, size_t size, gfp_t gfp)
{
if (size == 0) {
*dest = NULL;
return 0;
}
*dest = kzalloc(size, gfp);
if (*dest == NULL)
return -ENOMEM;
return 0;
}
/**
* lsm_cred_alloc - allocate a composite cred blob
* @cred: the cred that needs a blob
@ -613,15 +636,7 @@ EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
*/
static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
{
if (blob_sizes.lbs_cred == 0) {
cred->security = NULL;
return 0;
}
cred->security = kzalloc(blob_sizes.lbs_cred, gfp);
if (cred->security == NULL)
return -ENOMEM;
return 0;
return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp);
}
/**
@ -690,15 +705,7 @@ int lsm_inode_alloc(struct inode *inode)
*/
static int lsm_task_alloc(struct task_struct *task)
{
if (blob_sizes.lbs_task == 0) {
task->security = NULL;
return 0;
}
task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL);
if (task->security == NULL)
return -ENOMEM;
return 0;
return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL);
}
/**
@ -711,15 +718,7 @@ static int lsm_task_alloc(struct task_struct *task)
*/
static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
{
if (blob_sizes.lbs_ipc == 0) {
kip->security = NULL;
return 0;
}
kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL);
if (kip->security == NULL)
return -ENOMEM;
return 0;
return lsm_blob_alloc(&kip->security, blob_sizes.lbs_ipc, GFP_KERNEL);
}
#ifdef CONFIG_KEYS
@ -733,15 +732,7 @@ static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
*/
static int lsm_key_alloc(struct key *key)
{
if (blob_sizes.lbs_key == 0) {
key->security = NULL;
return 0;
}
key->security = kzalloc(blob_sizes.lbs_key, GFP_KERNEL);
if (key->security == NULL)
return -ENOMEM;
return 0;
return lsm_blob_alloc(&key->security, blob_sizes.lbs_key, GFP_KERNEL);
}
#endif /* CONFIG_KEYS */
@ -755,15 +746,8 @@ static int lsm_key_alloc(struct key *key)
*/
static int lsm_msg_msg_alloc(struct msg_msg *mp)
{
if (blob_sizes.lbs_msg_msg == 0) {
mp->security = NULL;
return 0;
}
mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL);
if (mp->security == NULL)
return -ENOMEM;
return 0;
return lsm_blob_alloc(&mp->security, blob_sizes.lbs_msg_msg,
GFP_KERNEL);
}
/**
@ -790,15 +774,8 @@ static void __init lsm_early_task(struct task_struct *task)
*/
static int lsm_superblock_alloc(struct super_block *sb)
{
if (blob_sizes.lbs_superblock == 0) {
sb->s_security = NULL;
return 0;
}
sb->s_security = kzalloc(blob_sizes.lbs_superblock, GFP_KERNEL);
if (sb->s_security == NULL)
return -ENOMEM;
return 0;
return lsm_blob_alloc(&sb->s_security, blob_sizes.lbs_superblock,
GFP_KERNEL);
}
/**
@ -4706,23 +4683,15 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram);
/**
* lsm_sock_alloc - allocate a composite sock blob
* @sock: the sock that needs a blob
* @priority: allocation mode
* @gfp: allocation mode
*
* Allocate the sock blob for all the modules
*
* Returns 0, or -ENOMEM if memory can't be allocated.
*/
static int lsm_sock_alloc(struct sock *sock, gfp_t priority)
static int lsm_sock_alloc(struct sock *sock, gfp_t gfp)
{
if (blob_sizes.lbs_sock == 0) {
sock->sk_security = NULL;
return 0;
}
sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority);
if (sock->sk_security == NULL)
return -ENOMEM;
return 0;
return lsm_blob_alloc(&sock->sk_security, blob_sizes.lbs_sock, gfp);
}
/**