Skip to content

Commit 5b89c1b

Browse files
keesJames Morris
kees
authored and
James Morris
committed
LSM: Convert from initcall to struct lsm_info
In preparation for doing more interesting LSM init probing, this converts the existing initcall system into an explicit call into a function pointer from a section-collected struct lsm_info array. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: James Morris <james.morris@microsoft.com> Reviewed-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com>
1 parent 6907e37 commit 5b89c1b

File tree

5 files changed

+18
-12
lines changed

5 files changed

+18
-12
lines changed

include/linux/init.h

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,6 @@ static inline initcall_t initcall_from_entry(initcall_entry_t *entry)
133133
#endif
134134

135135
extern initcall_entry_t __con_initcall_start[], __con_initcall_end[];
136-
extern initcall_entry_t __start_lsm_info[], __end_lsm_info[];
137136

138137
/* Used for contructor calls. */
139138
typedef void (*ctor_fn_t)(void);
@@ -236,7 +235,6 @@ extern bool initcall_debug;
236235
static exitcall_t __exitcall_##fn __exit_call = fn
237236

238237
#define console_initcall(fn) ___define_initcall(fn,, .con_initcall)
239-
#define security_initcall(fn) ___define_initcall(fn,, .lsm_info)
240238

241239
struct obs_kernel_param {
242240
const char *str;

include/linux/lsm_hooks.h

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2039,6 +2039,18 @@ extern char *lsm_names;
20392039
extern void security_add_hooks(struct security_hook_list *hooks, int count,
20402040
char *lsm);
20412041

2042+
struct lsm_info {
2043+
int (*init)(void); /* Required. */
2044+
};
2045+
2046+
extern struct lsm_info __start_lsm_info[], __end_lsm_info[];
2047+
2048+
#define security_initcall(lsm) \
2049+
static struct lsm_info __lsm_##lsm \
2050+
__used __section(.lsm_info.init) \
2051+
__aligned(sizeof(unsigned long)) \
2052+
= { .init = lsm, }
2053+
20422054
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
20432055
/*
20442056
* Assuring the safety of deleting a security module is up to

include/linux/module.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,6 @@ extern void cleanup_module(void);
123123
#define late_initcall_sync(fn) module_init(fn)
124124

125125
#define console_initcall(fn) module_init(fn)
126-
#define security_initcall(fn) module_init(fn)
127126

128127
/* Each module must use one module_init(). */
129128
#define module_init(initfn) \

security/integrity/iint.c

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
#include <linux/file.h>
2323
#include <linux/uaccess.h>
2424
#include <linux/security.h>
25+
#include <linux/lsm_hooks.h>
2526
#include "integrity.h"
2627

2728
static struct rb_root integrity_iint_tree = RB_ROOT;

security/security.c

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -43,16 +43,12 @@ char *lsm_names;
4343
static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1] =
4444
CONFIG_DEFAULT_SECURITY;
4545

46-
static void __init do_security_initcalls(void)
46+
static void __init major_lsm_init(void)
4747
{
48-
initcall_t call;
49-
initcall_entry_t *ce;
48+
struct lsm_info *lsm;
5049

51-
ce = __start_lsm_info;
52-
while (ce < __end_lsm_info) {
53-
call = initcall_from_entry(ce);
54-
call();
55-
ce++;
50+
for (lsm = __start_lsm_info; lsm < __end_lsm_info; lsm++) {
51+
lsm->init();
5652
}
5753
}
5854

@@ -82,7 +78,7 @@ int __init security_init(void)
8278
/*
8379
* Load all the remaining security modules.
8480
*/
85-
do_security_initcalls();
81+
major_lsm_init();
8682

8783
return 0;
8884
}

0 commit comments

Comments
 (0)