* [PATCH 0/2] security: clarify that some code is really non-modular
@ 2015-12-09 22:37 Paul Gortmaker
2015-12-09 22:37 ` [PATCH 1/2] security/keys: make big_key.c explicitly non-modular Paul Gortmaker
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Paul Gortmaker @ 2015-12-09 22:37 UTC (permalink / raw)
To: linux-kernel
Cc: Paul Gortmaker, David Howells, James Morris, Serge E. Hallyn,
keyrings, linux-security-module, Mimi Zohar, Dmitry Kasatkin,
linux-ima-devel, linux-ima-user
The goal is to ensure that non-modular code doesn't appear modular
just by accident. Here we have two more commits to do that and they
are of the trivial nature (i.e. no ".remove" functions deleted and
no need to block any unbind actions). We just change the
registration functions to be the non modular versions and adjust
the include headers to match.
Paul Gortmaker (2):
security/keys: make big_key.c explicitly non-modular
security/integrity: make ima/ima_mok.c explicitly non-modular
security/integrity/ima/ima_mok.c | 5 ++---
security/keys/big_key.c | 15 +--------------
2 files changed, 3 insertions(+), 17 deletions(-)
---
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: keyrings@linux-nfs.org
Cc: linux-security-module@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-ima-devel@lists.sourceforge.net
Cc: linux-ima-user@lists.sourceforge.net
Cc: linux-security-module@vger.kernel.org
2.6.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] security/keys: make big_key.c explicitly non-modular
2015-12-09 22:37 [PATCH 0/2] security: clarify that some code is really non-modular Paul Gortmaker
@ 2015-12-09 22:37 ` Paul Gortmaker
2015-12-09 22:37 ` [PATCH 2/2] security/integrity: make ima/ima_mok.c " Paul Gortmaker
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Paul Gortmaker @ 2015-12-09 22:37 UTC (permalink / raw)
To: linux-kernel
Cc: Paul Gortmaker, David Howells, James Morris, Serge E. Hallyn,
keyrings, linux-security-module
The Kconfig currently controlling compilation of this code is:
config BIG_KEYS
bool "Large payload keys"
...meaning that it currently is not being built as a module by anyone.
Lets remove the modular code that is essentially orphaned, so that
when reading the driver there is no doubt it is builtin-only.
Since module_init translates to device_initcall in the non-modular
case, the init ordering remains unchanged with this commit.
We also delete the MODULE_LICENSE tag since all that information
is already contained at the top of the file in the comments.
Cc: David Howells <dhowells@redhat.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: keyrings@linux-nfs.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
security/keys/big_key.c | 15 +--------------
1 file changed, 1 insertion(+), 14 deletions(-)
diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 907c1522ee46..c721e398893a 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -9,7 +9,6 @@
* 2 of the Licence, or (at your option) any later version.
*/
-#include <linux/module.h>
#include <linux/init.h>
#include <linux/seq_file.h>
#include <linux/file.h>
@@ -18,8 +17,6 @@
#include <keys/user-type.h>
#include <keys/big_key-type.h>
-MODULE_LICENSE("GPL");
-
/*
* Layout of key payload words.
*/
@@ -212,18 +209,8 @@ long big_key_read(const struct key *key, char __user *buffer, size_t buflen)
return ret;
}
-/*
- * Module stuff
- */
static int __init big_key_init(void)
{
return register_key_type(&key_type_big_key);
}
-
-static void __exit big_key_cleanup(void)
-{
- unregister_key_type(&key_type_big_key);
-}
-
-module_init(big_key_init);
-module_exit(big_key_cleanup);
+device_initcall(big_key_init);
--
2.6.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] security/integrity: make ima/ima_mok.c explicitly non-modular
2015-12-09 22:37 [PATCH 0/2] security: clarify that some code is really non-modular Paul Gortmaker
2015-12-09 22:37 ` [PATCH 1/2] security/keys: make big_key.c explicitly non-modular Paul Gortmaker
@ 2015-12-09 22:37 ` Paul Gortmaker
2015-12-10 15:42 ` Mimi Zohar
2015-12-10 15:02 ` [PATCH 0/2] security: clarify that some code is really non-modular David Howells
2016-02-18 15:08 ` [PATCH 1/2] security/keys: make big_key.c explicitly non-modular David Howells
3 siblings, 1 reply; 6+ messages in thread
From: Paul Gortmaker @ 2015-12-09 22:37 UTC (permalink / raw)
To: linux-kernel
Cc: Paul Gortmaker, Mimi Zohar, Dmitry Kasatkin, James Morris,
Serge E. Hallyn, linux-ima-devel, linux-ima-user,
linux-security-module
The Kconfig currently controlling compilation of this code is:
ima/Kconfig:config IMA_MOK_KEYRING
ima/Kconfig: bool "Create IMA machine owner keys (MOK) and blacklist keyrings"
...meaning that it currently is not being built as a module by anyone.
Lets remove the couple of traces of modularity so that when reading the
driver there is no doubt it really is builtin-only.
Since module_init translates to device_initcall in the non-modular
case, the init ordering remains unchanged with this commit.
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-ima-devel@lists.sourceforge.net
Cc: linux-ima-user@lists.sourceforge.net
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
security/integrity/ima/ima_mok.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c
index 8dad9a2b8e47..676885e4320e 100644
--- a/security/integrity/ima/ima_mok.c
+++ b/security/integrity/ima/ima_mok.c
@@ -16,7 +16,7 @@
#include <linux/sched.h>
#include <linux/cred.h>
#include <linux/err.h>
-#include <linux/module.h>
+#include <linux/init.h>
#include <keys/asymmetric-type.h>
@@ -52,5 +52,4 @@ __init int ima_mok_init(void)
set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags);
return 0;
}
-
-module_init(ima_mok_init);
+device_initcall(ima_mok_init);
--
2.6.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/2] security: clarify that some code is really non-modular
2015-12-09 22:37 [PATCH 0/2] security: clarify that some code is really non-modular Paul Gortmaker
2015-12-09 22:37 ` [PATCH 1/2] security/keys: make big_key.c explicitly non-modular Paul Gortmaker
2015-12-09 22:37 ` [PATCH 2/2] security/integrity: make ima/ima_mok.c " Paul Gortmaker
@ 2015-12-10 15:02 ` David Howells
2016-02-18 15:08 ` [PATCH 1/2] security/keys: make big_key.c explicitly non-modular David Howells
3 siblings, 0 replies; 6+ messages in thread
From: David Howells @ 2015-12-10 15:02 UTC (permalink / raw)
To: Paul Gortmaker
Cc: dhowells, linux-kernel, James Morris, Serge E. Hallyn, keyrings,
linux-security-module, Mimi Zohar, Dmitry Kasatkin,
linux-ima-devel, linux-ima-user
Paul Gortmaker <paul.gortmaker@windriver.com> wrote:
> Paul Gortmaker (2):
> security/keys: make big_key.c explicitly non-modular
> security/integrity: make ima/ima_mok.c explicitly non-modular
Note that I only see patch 1. Note also that keyrings@linux-nfs.org should
now be keyrings@vger.kernel.org.
David
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] security/integrity: make ima/ima_mok.c explicitly non-modular
2015-12-09 22:37 ` [PATCH 2/2] security/integrity: make ima/ima_mok.c " Paul Gortmaker
@ 2015-12-10 15:42 ` Mimi Zohar
0 siblings, 0 replies; 6+ messages in thread
From: Mimi Zohar @ 2015-12-10 15:42 UTC (permalink / raw)
To: Paul Gortmaker
Cc: linux-kernel, Dmitry Kasatkin, James Morris, Serge E. Hallyn,
linux-ima-devel, linux-ima-user, linux-security-module
On Wed, 2015-12-09 at 17:37 -0500, Paul Gortmaker wrote:
> The Kconfig currently controlling compilation of this code is:
>
> ima/Kconfig:config IMA_MOK_KEYRING
> ima/Kconfig: bool "Create IMA machine owner keys (MOK) and blacklist keyrings"
>
> ...meaning that it currently is not being built as a module by anyone.
>
> Lets remove the couple of traces of modularity so that when reading the
> driver there is no doubt it really is builtin-only.
>
> Since module_init translates to device_initcall in the non-modular
> case, the init ordering remains unchanged with this commit.
>
> Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
> Cc: James Morris <james.l.morris@oracle.com>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: linux-ima-devel@lists.sourceforge.net
> Cc: linux-ima-user@lists.sourceforge.net
> Cc: linux-security-module@vger.kernel.org
> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Thanks, this patch is queued to be upstreamed with the original ima_mok
keyring patch.
Mimi
> ---
> security/integrity/ima/ima_mok.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c
> index 8dad9a2b8e47..676885e4320e 100644
> --- a/security/integrity/ima/ima_mok.c
> +++ b/security/integrity/ima/ima_mok.c
> @@ -16,7 +16,7 @@
> #include <linux/sched.h>
> #include <linux/cred.h>
> #include <linux/err.h>
> -#include <linux/module.h>
> +#include <linux/init.h>
> #include <keys/asymmetric-type.h>
>
>
> @@ -52,5 +52,4 @@ __init int ima_mok_init(void)
> set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags);
> return 0;
> }
> -
> -module_init(ima_mok_init);
> +device_initcall(ima_mok_init);
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] security/keys: make big_key.c explicitly non-modular
2015-12-09 22:37 [PATCH 0/2] security: clarify that some code is really non-modular Paul Gortmaker
` (2 preceding siblings ...)
2015-12-10 15:02 ` [PATCH 0/2] security: clarify that some code is really non-modular David Howells
@ 2016-02-18 15:08 ` David Howells
3 siblings, 0 replies; 6+ messages in thread
From: David Howells @ 2016-02-18 15:08 UTC (permalink / raw)
To: Paul Gortmaker
Cc: dhowells, linux-kernel, James Morris, Serge E. Hallyn, keyrings,
linux-security-module
Paul Gortmaker <paul.gortmaker@windriver.com> wrote:
> The Kconfig currently controlling compilation of this code is:
>
> config BIG_KEYS
> bool "Large payload keys"
>
> ...meaning that it currently is not being built as a module by anyone.
>
> Lets remove the modular code that is essentially orphaned, so that
> when reading the driver there is no doubt it is builtin-only.
>
> Since module_init translates to device_initcall in the non-modular
> case, the init ordering remains unchanged with this commit.
>
> We also delete the MODULE_LICENSE tag since all that information
> is already contained at the top of the file in the comments.
>
> Cc: David Howells <dhowells@redhat.com>
> Cc: James Morris <james.l.morris@oracle.com>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: keyrings@linux-nfs.org
> Cc: linux-security-module@vger.kernel.org
> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
I've applied this patch to my next tree.
David
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-02-18 15:08 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-09 22:37 [PATCH 0/2] security: clarify that some code is really non-modular Paul Gortmaker
2015-12-09 22:37 ` [PATCH 1/2] security/keys: make big_key.c explicitly non-modular Paul Gortmaker
2015-12-09 22:37 ` [PATCH 2/2] security/integrity: make ima/ima_mok.c " Paul Gortmaker
2015-12-10 15:42 ` Mimi Zohar
2015-12-10 15:02 ` [PATCH 0/2] security: clarify that some code is really non-modular David Howells
2016-02-18 15:08 ` [PATCH 1/2] security/keys: make big_key.c explicitly non-modular David Howells
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.