lsm: fold lsm_init_ordered() into security_init()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

With only security_init() calling lsm_init_ordered, it makes little
sense to keep lsm_init_ordered() as a standalone function. Fold
lsm_init_ordered() into security_init().

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: John Johansen <john.johhansen@canonical.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 5 months ago 45a41d13 27be5600

+73 -86

1 changed file

expand all

security

lsm_init.c

+73 -86

security/lsm_init.c

··· 18 18 extern struct lsm_info __start_lsm_info[], __end_lsm_info[]; 19 19 extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; 20 20 21 + /* Number of "early" LSMs */ 22 + static __initdata unsigned int lsm_count_early; 23 + 21 24 /* Build and boot-time LSM ordering. */ 22 25 static __initconst const char *const lsm_order_builtin = CONFIG_LSM; 23 26 static __initdata const char *lsm_order_cmdline; ··· 172 169 lsm_is_enabled(lsm) ? "enabled" : "disabled"); 173 170 } 174 171 175 - 176 172 /** 177 173 * lsm_blob_size_update - Update the LSM blob size and offset information 178 174 * @sz_req: the requested additional blob size ··· 315 313 } 316 314 } 317 315 318 - /** 319 - * lsm_init_ordered - Initialize the ordered LSMs 320 - */ 321 - static void __init lsm_init_ordered(void) 316 + static void __init lsm_static_call_init(struct security_hook_list *hl) 322 317 { 323 - unsigned int first = 0; 318 + struct lsm_static_call *scall = hl->scalls; 319 + int i; 320 + 321 + for (i = 0; i < MAX_LSM_COUNT; i++) { 322 + /* Update the first static call that is not used yet */ 323 + if (!scall->hl) { 324 + __static_call_update(scall->key, scall->trampoline, 325 + hl->hook.lsm_func_addr); 326 + scall->hl = hl; 327 + static_branch_enable(scall->active); 328 + return; 329 + } 330 + scall++; 331 + } 332 + panic("%s - Ran out of static slots.\n", __func__); 333 + } 334 + 335 + /** 336 + * security_add_hooks - Add a modules hooks to the hook lists. 337 + * @hooks: the hooks to add 338 + * @count: the number of hooks to add 339 + * @lsmid: the identification information for the security module 340 + * 341 + * Each LSM has to register its hooks with the infrastructure. 342 + */ 343 + void __init security_add_hooks(struct security_hook_list *hooks, int count, 344 + const struct lsm_id *lsmid) 345 + { 346 + int i; 347 + 348 + for (i = 0; i < count; i++) { 349 + hooks[i].lsmid = lsmid; 350 + lsm_static_call_init(&hooks[i]); 351 + } 352 + } 353 + 354 + int __init early_security_init(void) 355 + { 356 + struct lsm_info *lsm; 357 + 358 + lsm_early_for_each_raw(lsm) { 359 + lsm_enabled_set(lsm, true); 360 + lsm_order_append(lsm, "early"); 361 + lsm_prepare(lsm); 362 + lsm_init_single(lsm); 363 + lsm_count_early++; 364 + } 365 + 366 + return 0; 367 + } 368 + 369 + /** 370 + * security_init - Initializes the LSM framework 371 + * 372 + * This should be called early in the kernel initialization sequence. 373 + */ 374 + int __init security_init(void) 375 + { 376 + unsigned int cnt; 324 377 struct lsm_info **lsm; 325 378 struct lsm_info *early; 379 + unsigned int first = 0; 380 + 381 + init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*"); 382 + init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin); 383 + init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*"); 326 384 327 385 if (lsm_order_cmdline) { 328 386 if (lsm_order_legacy) { ··· 394 332 } else 395 333 lsm_order_parse(lsm_order_builtin, "builtin"); 396 334 397 - lsm_order_for_each(lsm) { 335 + lsm_order_for_each(lsm) 398 336 lsm_prepare(*lsm); 399 - } 400 337 401 338 pr_info("initializing lsm="); 402 339 lsm_early_for_each_raw(early) { ··· 444 383 if (lsm_task_alloc(current)) 445 384 panic("%s: early task alloc failed.\n", __func__); 446 385 386 + cnt = 0; 447 387 lsm_order_for_each(lsm) { 388 + /* skip the "early" LSMs as they have already been setup */ 389 + if (cnt++ < lsm_count_early) 390 + continue; 448 391 lsm_init_single(*lsm); 449 392 } 450 - } 451 - 452 - static void __init lsm_static_call_init(struct security_hook_list *hl) 453 - { 454 - struct lsm_static_call *scall = hl->scalls; 455 - int i; 456 - 457 - for (i = 0; i < MAX_LSM_COUNT; i++) { 458 - /* Update the first static call that is not used yet */ 459 - if (!scall->hl) { 460 - __static_call_update(scall->key, scall->trampoline, 461 - hl->hook.lsm_func_addr); 462 - scall->hl = hl; 463 - static_branch_enable(scall->active); 464 - return; 465 - } 466 - scall++; 467 - } 468 - panic("%s - Ran out of static slots.\n", __func__); 469 - } 470 - 471 - /** 472 - * security_add_hooks - Add a modules hooks to the hook lists. 473 - * @hooks: the hooks to add 474 - * @count: the number of hooks to add 475 - * @lsmid: the identification information for the security module 476 - * 477 - * Each LSM has to register its hooks with the infrastructure. 478 - */ 479 - void __init security_add_hooks(struct security_hook_list *hooks, int count, 480 - const struct lsm_id *lsmid) 481 - { 482 - int i; 483 - 484 - for (i = 0; i < count; i++) { 485 - hooks[i].lsmid = lsmid; 486 - lsm_static_call_init(&hooks[i]); 487 - } 488 - } 489 - 490 - int __init early_security_init(void) 491 - { 492 - struct lsm_info *lsm; 493 - 494 - lsm_early_for_each_raw(lsm) { 495 - lsm_enabled_set(lsm, true); 496 - lsm_order_append(lsm, "early"); 497 - lsm_prepare(lsm); 498 - lsm_init_single(lsm); 499 - } 500 - 501 - return 0; 502 - } 503 - 504 - /** 505 - * security_init - initializes the security framework 506 - * 507 - * This should be called early in the kernel initialization sequence. 508 - */ 509 - int __init security_init(void) 510 - { 511 - struct lsm_info *lsm; 512 - 513 - init_debug("legacy security=%s\n", lsm_order_legacy ? : " *unspecified*"); 514 - init_debug(" CONFIG_LSM=%s\n", lsm_order_builtin); 515 - init_debug("boot arg lsm=%s\n", lsm_order_cmdline ? : " *unspecified*"); 516 - 517 - /* 518 - * Append the names of the early LSM modules now that kmalloc() is 519 - * available 520 - */ 521 - lsm_early_for_each_raw(lsm) { 522 - init_debug(" early started: %s (%s)\n", lsm->id->name, 523 - lsm_is_enabled(lsm) ? "enabled" : "disabled"); 524 - } 525 - 526 - /* Load LSMs in specified order. */ 527 - lsm_init_ordered(); 528 393 529 394 return 0; 530 395 }