Skip to content

Commit 0900128

Browse files
cschauflerpcmoore
cschaufler
authored and
pcmoore
committed
lsm: add helper for blob allocations
Create a helper function lsm_blob_alloc() for general use in the hook specific functions that allocate LSM blobs. Change the hook specific functions to use this helper. This reduces the code size by a small amount and will make adding new instances of infrastructure managed security blobs easier. Signed-off-by: Casey Schaufler <[email protected]> Reviewed-by: John Johansen <[email protected]> [PM: subject tweak] Signed-off-by: Paul Moore <[email protected]>
1 parent 5f8d28f commit 0900128

File tree

1 file changed

+33
-64
lines changed

1 file changed

+33
-64
lines changed

security/security.c

Lines changed: 33 additions & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -603,27 +603,42 @@ int unregister_blocking_lsm_notifier(struct notifier_block *nb)
603603
EXPORT_SYMBOL(unregister_blocking_lsm_notifier);
604604

605605
/**
606-
* lsm_cred_alloc - allocate a composite cred blob
607-
* @cred: the cred that needs a blob
606+
* lsm_blob_alloc - allocate a composite blob
607+
* @dest: the destination for the blob
608+
* @size: the size of the blob
608609
* @gfp: allocation type
609610
*
610-
* Allocate the cred blob for all the modules
611+
* Allocate a blob for all the modules
611612
*
612613
* Returns 0, or -ENOMEM if memory can't be allocated.
613614
*/
614-
static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
615+
static int lsm_blob_alloc(void **dest, size_t size, gfp_t gfp)
615616
{
616-
if (blob_sizes.lbs_cred == 0) {
617-
cred->security = NULL;
617+
if (size == 0) {
618+
*dest = NULL;
618619
return 0;
619620
}
620621

621-
cred->security = kzalloc(blob_sizes.lbs_cred, gfp);
622-
if (cred->security == NULL)
622+
*dest = kzalloc(size, gfp);
623+
if (*dest == NULL)
623624
return -ENOMEM;
624625
return 0;
625626
}
626627

628+
/**
629+
* lsm_cred_alloc - allocate a composite cred blob
630+
* @cred: the cred that needs a blob
631+
* @gfp: allocation type
632+
*
633+
* Allocate the cred blob for all the modules
634+
*
635+
* Returns 0, or -ENOMEM if memory can't be allocated.
636+
*/
637+
static int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
638+
{
639+
return lsm_blob_alloc(&cred->security, blob_sizes.lbs_cred, gfp);
640+
}
641+
627642
/**
628643
* lsm_early_cred - during initialization allocate a composite cred blob
629644
* @cred: the cred that needs a blob
@@ -690,15 +705,7 @@ int lsm_inode_alloc(struct inode *inode)
690705
*/
691706
static int lsm_task_alloc(struct task_struct *task)
692707
{
693-
if (blob_sizes.lbs_task == 0) {
694-
task->security = NULL;
695-
return 0;
696-
}
697-
698-
task->security = kzalloc(blob_sizes.lbs_task, GFP_KERNEL);
699-
if (task->security == NULL)
700-
return -ENOMEM;
701-
return 0;
708+
return lsm_blob_alloc(&task->security, blob_sizes.lbs_task, GFP_KERNEL);
702709
}
703710

704711
/**
@@ -711,15 +718,7 @@ static int lsm_task_alloc(struct task_struct *task)
711718
*/
712719
static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
713720
{
714-
if (blob_sizes.lbs_ipc == 0) {
715-
kip->security = NULL;
716-
return 0;
717-
}
718-
719-
kip->security = kzalloc(blob_sizes.lbs_ipc, GFP_KERNEL);
720-
if (kip->security == NULL)
721-
return -ENOMEM;
722-
return 0;
721+
return lsm_blob_alloc(&kip->security, blob_sizes.lbs_ipc, GFP_KERNEL);
723722
}
724723

725724
#ifdef CONFIG_KEYS
@@ -733,15 +732,7 @@ static int lsm_ipc_alloc(struct kern_ipc_perm *kip)
733732
*/
734733
static int lsm_key_alloc(struct key *key)
735734
{
736-
if (blob_sizes.lbs_key == 0) {
737-
key->security = NULL;
738-
return 0;
739-
}
740-
741-
key->security = kzalloc(blob_sizes.lbs_key, GFP_KERNEL);
742-
if (key->security == NULL)
743-
return -ENOMEM;
744-
return 0;
735+
return lsm_blob_alloc(&key->security, blob_sizes.lbs_key, GFP_KERNEL);
745736
}
746737
#endif /* CONFIG_KEYS */
747738

@@ -755,15 +746,8 @@ static int lsm_key_alloc(struct key *key)
755746
*/
756747
static int lsm_msg_msg_alloc(struct msg_msg *mp)
757748
{
758-
if (blob_sizes.lbs_msg_msg == 0) {
759-
mp->security = NULL;
760-
return 0;
761-
}
762-
763-
mp->security = kzalloc(blob_sizes.lbs_msg_msg, GFP_KERNEL);
764-
if (mp->security == NULL)
765-
return -ENOMEM;
766-
return 0;
749+
return lsm_blob_alloc(&mp->security, blob_sizes.lbs_msg_msg,
750+
GFP_KERNEL);
767751
}
768752

769753
/**
@@ -790,15 +774,8 @@ static void __init lsm_early_task(struct task_struct *task)
790774
*/
791775
static int lsm_superblock_alloc(struct super_block *sb)
792776
{
793-
if (blob_sizes.lbs_superblock == 0) {
794-
sb->s_security = NULL;
795-
return 0;
796-
}
797-
798-
sb->s_security = kzalloc(blob_sizes.lbs_superblock, GFP_KERNEL);
799-
if (sb->s_security == NULL)
800-
return -ENOMEM;
801-
return 0;
777+
return lsm_blob_alloc(&sb->s_security, blob_sizes.lbs_superblock,
778+
GFP_KERNEL);
802779
}
803780

804781
/**
@@ -4706,23 +4683,15 @@ EXPORT_SYMBOL(security_socket_getpeersec_dgram);
47064683
/**
47074684
* lsm_sock_alloc - allocate a composite sock blob
47084685
* @sock: the sock that needs a blob
4709-
* @priority: allocation mode
4686+
* @gfp: allocation mode
47104687
*
47114688
* Allocate the sock blob for all the modules
47124689
*
47134690
* Returns 0, or -ENOMEM if memory can't be allocated.
47144691
*/
4715-
static int lsm_sock_alloc(struct sock *sock, gfp_t priority)
4692+
static int lsm_sock_alloc(struct sock *sock, gfp_t gfp)
47164693
{
4717-
if (blob_sizes.lbs_sock == 0) {
4718-
sock->sk_security = NULL;
4719-
return 0;
4720-
}
4721-
4722-
sock->sk_security = kzalloc(blob_sizes.lbs_sock, priority);
4723-
if (sock->sk_security == NULL)
4724-
return -ENOMEM;
4725-
return 0;
4694+
return lsm_blob_alloc(&sock->sk_security, blob_sizes.lbs_sock, gfp);
47264695
}
47274696

47284697
/**

0 commit comments

Comments
 (0)