* [PATCH 1/2] security: constify some arrays in lockdown LSM
2019-09-10 10:03 [PATCH 0/2] Minor lockdown fixups Matthew Garrett
@ 2019-09-10 10:03 ` Matthew Garrett
2019-09-10 10:03 ` [PATCH 2/2] kexec: Fix file verification on S390 Matthew Garrett
2019-09-10 12:29 ` [PATCH 0/2] Minor lockdown fixups James Morris
2 siblings, 0 replies; 4+ messages in thread
From: Matthew Garrett @ 2019-09-10 10:03 UTC (permalink / raw)
To: jmorris
Cc: linux-security-module, linux-kernel, linux-api, Matthew Garrett,
Matthew Garrett, David Howells
No reason for these not to be const.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Suggested-by: David Howells <dhowells@redhat.com>
---
security/lockdown/lockdown.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 0068cec77c05..8a10b43daf74 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -16,7 +16,7 @@
static enum lockdown_reason kernel_locked_down;
-static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
+static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
[LOCKDOWN_NONE] = "none",
[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
@@ -40,7 +40,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
};
-static enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE,
+static const enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE,
LOCKDOWN_INTEGRITY_MAX,
LOCKDOWN_CONFIDENTIALITY_MAX};
--
2.23.0.162.g0b9fbb3734-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] kexec: Fix file verification on S390
2019-09-10 10:03 [PATCH 0/2] Minor lockdown fixups Matthew Garrett
2019-09-10 10:03 ` [PATCH 1/2] security: constify some arrays in lockdown LSM Matthew Garrett
@ 2019-09-10 10:03 ` Matthew Garrett
2019-09-10 12:29 ` [PATCH 0/2] Minor lockdown fixups James Morris
2 siblings, 0 replies; 4+ messages in thread
From: Matthew Garrett @ 2019-09-10 10:03 UTC (permalink / raw)
To: jmorris
Cc: linux-security-module, linux-kernel, linux-api, Matthew Garrett,
Matthew Garrett, Philipp Rudo
I accidentally typoed this #ifdef, so verification would always be
disabled.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reported-by: Philipp Rudo <prudo@linux.ibm.com>
---
arch/s390/kernel/kexec_elf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/s390/kernel/kexec_elf.c b/arch/s390/kernel/kexec_elf.c
index 9b4f37a4edf1..9da6fa30c447 100644
--- a/arch/s390/kernel/kexec_elf.c
+++ b/arch/s390/kernel/kexec_elf.c
@@ -130,7 +130,7 @@ static int s390_elf_probe(const char *buf, unsigned long len)
const struct kexec_file_ops s390_kexec_elf_ops = {
.probe = s390_elf_probe,
.load = s390_elf_load,
-#ifdef CONFIG_KEXEC__SIG
+#ifdef CONFIG_KEXEC_SIG
.verify_sig = s390_verify_sig,
#endif /* CONFIG_KEXEC_SIG */
};
--
2.23.0.162.g0b9fbb3734-goog
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] Minor lockdown fixups
2019-09-10 10:03 [PATCH 0/2] Minor lockdown fixups Matthew Garrett
2019-09-10 10:03 ` [PATCH 1/2] security: constify some arrays in lockdown LSM Matthew Garrett
2019-09-10 10:03 ` [PATCH 2/2] kexec: Fix file verification on S390 Matthew Garrett
@ 2019-09-10 12:29 ` James Morris
2 siblings, 0 replies; 4+ messages in thread
From: James Morris @ 2019-09-10 12:29 UTC (permalink / raw)
To: Matthew Garrett; +Cc: linux-security-module, linux-kernel, linux-api
On Tue, 10 Sep 2019, Matthew Garrett wrote:
> Constify some arrays and fix an #ifdef that I typoed.
>
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-lockdown
and next-testing
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 4+ messages in thread