* [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
@ 2022-06-06 10:10 Xiu Jianfeng
2022-06-07 6:06 ` Ahmad Fatoum
2022-07-07 23:15 ` Mimi Zohar
0 siblings, 2 replies; 8+ messages in thread
From: Xiu Jianfeng @ 2022-06-06 10:10 UTC (permalink / raw)
To: zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-integrity, linux-security-module, linux-kernel
Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
initialize .enabled, minor simplicity improvement.
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
---
security/integrity/evm/evm_main.c | 52 ++++++++++++++-----------------
1 file changed, 23 insertions(+), 29 deletions(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index cc88f02c7562..397fea5b3fa6 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -36,42 +36,36 @@ static const char * const integrity_status_msg[] = {
int evm_hmac_attrs;
static struct xattr_list evm_config_default_xattrnames[] = {
- {.name = XATTR_NAME_SELINUX,
-#ifdef CONFIG_SECURITY_SELINUX
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SELINUX,
+ .enabled = IS_ENABLED(CONFIG_SECURITY_SELINUX)
},
- {.name = XATTR_NAME_SMACK,
-#ifdef CONFIG_SECURITY_SMACK
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACK,
+ .enabled = IS_ENABLED(CONFIG_SECURITY_SMACK)
},
- {.name = XATTR_NAME_SMACKEXEC,
-#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACKEXEC,
+ .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
},
- {.name = XATTR_NAME_SMACKTRANSMUTE,
-#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACKTRANSMUTE,
+ .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
},
- {.name = XATTR_NAME_SMACKMMAP,
-#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACKMMAP,
+ .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
},
- {.name = XATTR_NAME_APPARMOR,
-#ifdef CONFIG_SECURITY_APPARMOR
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_APPARMOR,
+ .enabled = IS_ENABLED(CONFIG_SECURITY_APPARMOR)
},
- {.name = XATTR_NAME_IMA,
-#ifdef CONFIG_IMA_APPRAISE
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_IMA,
+ .enabled = IS_ENABLED(CONFIG_IMA_APPRAISE)
},
- {.name = XATTR_NAME_CAPS,
+ {
+ .name = XATTR_NAME_CAPS,
.enabled = true
},
};
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
2022-06-06 10:10 [PATCH -next] evm: Use IS_ENABLED to initialize .enabled Xiu Jianfeng
@ 2022-06-07 6:06 ` Ahmad Fatoum
2022-06-21 10:58 ` xiujianfeng
2022-07-07 23:15 ` Mimi Zohar
1 sibling, 1 reply; 8+ messages in thread
From: Ahmad Fatoum @ 2022-06-07 6:06 UTC (permalink / raw)
To: Xiu Jianfeng, zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-integrity, linux-security-module, linux-kernel
On 06.06.22 12:10, Xiu Jianfeng wrote:
> Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
> initialize .enabled, minor simplicity improvement.
>
> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> security/integrity/evm/evm_main.c | 52 ++++++++++++++-----------------
> 1 file changed, 23 insertions(+), 29 deletions(-)
>
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index cc88f02c7562..397fea5b3fa6 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -36,42 +36,36 @@ static const char * const integrity_status_msg[] = {
> int evm_hmac_attrs;
>
> static struct xattr_list evm_config_default_xattrnames[] = {
> - {.name = XATTR_NAME_SELINUX,
> -#ifdef CONFIG_SECURITY_SELINUX
> - .enabled = true
> -#endif
> + {
> + .name = XATTR_NAME_SELINUX,
> + .enabled = IS_ENABLED(CONFIG_SECURITY_SELINUX)
> },
> - {.name = XATTR_NAME_SMACK,
> -#ifdef CONFIG_SECURITY_SMACK
> - .enabled = true
> -#endif
> + {
> + .name = XATTR_NAME_SMACK,
> + .enabled = IS_ENABLED(CONFIG_SECURITY_SMACK)
> },
> - {.name = XATTR_NAME_SMACKEXEC,
> -#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
> - .enabled = true
> -#endif
> + {
> + .name = XATTR_NAME_SMACKEXEC,
> + .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
> },
> - {.name = XATTR_NAME_SMACKTRANSMUTE,
> -#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
> - .enabled = true
> -#endif
> + {
> + .name = XATTR_NAME_SMACKTRANSMUTE,
> + .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
> },
> - {.name = XATTR_NAME_SMACKMMAP,
> -#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
> - .enabled = true
> -#endif
> + {
> + .name = XATTR_NAME_SMACKMMAP,
> + .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
> },
> - {.name = XATTR_NAME_APPARMOR,
> -#ifdef CONFIG_SECURITY_APPARMOR
> - .enabled = true
> -#endif
> + {
> + .name = XATTR_NAME_APPARMOR,
> + .enabled = IS_ENABLED(CONFIG_SECURITY_APPARMOR)
> },
> - {.name = XATTR_NAME_IMA,
> -#ifdef CONFIG_IMA_APPRAISE
> - .enabled = true
> -#endif
> + {
> + .name = XATTR_NAME_IMA,
> + .enabled = IS_ENABLED(CONFIG_IMA_APPRAISE)
> },
> - {.name = XATTR_NAME_CAPS,
> + {
> + .name = XATTR_NAME_CAPS,
> .enabled = true
> },
> };
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
2022-06-07 6:06 ` Ahmad Fatoum
@ 2022-06-21 10:58 ` xiujianfeng
2022-06-21 14:03 ` Mimi Zohar
0 siblings, 1 reply; 8+ messages in thread
From: xiujianfeng @ 2022-06-21 10:58 UTC (permalink / raw)
To: Ahmad Fatoum, zohar, dmitry.kasatkin, jmorris, serge
Cc: linux-integrity, linux-security-module, linux-kernel
Hi, Ahmad
在 2022/6/7 14:06, Ahmad Fatoum 写道:
> On 06.06.22 12:10, Xiu Jianfeng wrote:
>> Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
>> initialize .enabled, minor simplicity improvement.
>>
>> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
> Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
thank you for the review, and I'm not sure if this patch has been
picked, so frendly ping here...
>> ---
>> security/integrity/evm/evm_main.c | 52 ++++++++++++++-----------------
>> 1 file changed, 23 insertions(+), 29 deletions(-)
>>
>> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
>> index cc88f02c7562..397fea5b3fa6 100644
>> --- a/security/integrity/evm/evm_main.c
>> +++ b/security/integrity/evm/evm_main.c
>> @@ -36,42 +36,36 @@ static const char * const integrity_status_msg[] = {
>> int evm_hmac_attrs;
>>
>> static struct xattr_list evm_config_default_xattrnames[] = {
>> - {.name = XATTR_NAME_SELINUX,
>> -#ifdef CONFIG_SECURITY_SELINUX
>> - .enabled = true
>> -#endif
>> + {
>> + .name = XATTR_NAME_SELINUX,
>> + .enabled = IS_ENABLED(CONFIG_SECURITY_SELINUX)
>> },
>> - {.name = XATTR_NAME_SMACK,
>> -#ifdef CONFIG_SECURITY_SMACK
>> - .enabled = true
>> -#endif
>> + {
>> + .name = XATTR_NAME_SMACK,
>> + .enabled = IS_ENABLED(CONFIG_SECURITY_SMACK)
>> },
>> - {.name = XATTR_NAME_SMACKEXEC,
>> -#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
>> - .enabled = true
>> -#endif
>> + {
>> + .name = XATTR_NAME_SMACKEXEC,
>> + .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
>> },
>> - {.name = XATTR_NAME_SMACKTRANSMUTE,
>> -#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
>> - .enabled = true
>> -#endif
>> + {
>> + .name = XATTR_NAME_SMACKTRANSMUTE,
>> + .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
>> },
>> - {.name = XATTR_NAME_SMACKMMAP,
>> -#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
>> - .enabled = true
>> -#endif
>> + {
>> + .name = XATTR_NAME_SMACKMMAP,
>> + .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
>> },
>> - {.name = XATTR_NAME_APPARMOR,
>> -#ifdef CONFIG_SECURITY_APPARMOR
>> - .enabled = true
>> -#endif
>> + {
>> + .name = XATTR_NAME_APPARMOR,
>> + .enabled = IS_ENABLED(CONFIG_SECURITY_APPARMOR)
>> },
>> - {.name = XATTR_NAME_IMA,
>> -#ifdef CONFIG_IMA_APPRAISE
>> - .enabled = true
>> -#endif
>> + {
>> + .name = XATTR_NAME_IMA,
>> + .enabled = IS_ENABLED(CONFIG_IMA_APPRAISE)
>> },
>> - {.name = XATTR_NAME_CAPS,
>> + {
>> + .name = XATTR_NAME_CAPS,
>> .enabled = true
>> },
>> };
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
2022-06-21 10:58 ` xiujianfeng
@ 2022-06-21 14:03 ` Mimi Zohar
2022-06-22 2:17 ` Eric Biggers
0 siblings, 1 reply; 8+ messages in thread
From: Mimi Zohar @ 2022-06-21 14:03 UTC (permalink / raw)
To: xiujianfeng, Ahmad Fatoum, dmitry.kasatkin, jmorris, serge
Cc: linux-integrity, linux-security-module, linux-kernel
On Tue, 2022-06-21 at 18:58 +0800, xiujianfeng wrote:
> Hi, Ahmad
>
> 在 2022/6/7 14:06, Ahmad Fatoum 写道:
> > On 06.06.22 12:10, Xiu Jianfeng wrote:
> >> Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
> >> initialize .enabled, minor simplicity improvement.
The difference between using ifdef's and IS_ENABLED is when the
decision is made - build time, run time. Please update the patch
description providing an explanation for needing to make the decision
at run time.
thanks,
Mimi
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
2022-06-21 14:03 ` Mimi Zohar
@ 2022-06-22 2:17 ` Eric Biggers
2022-06-26 16:13 ` Mimi Zohar
0 siblings, 1 reply; 8+ messages in thread
From: Eric Biggers @ 2022-06-22 2:17 UTC (permalink / raw)
To: Mimi Zohar
Cc: xiujianfeng, Ahmad Fatoum, dmitry.kasatkin, jmorris, serge,
linux-integrity, linux-security-module, linux-kernel
On Tue, Jun 21, 2022 at 10:03:39AM -0400, Mimi Zohar wrote:
> On Tue, 2022-06-21 at 18:58 +0800, xiujianfeng wrote:
> > Hi, Ahmad
> >
> > 在 2022/6/7 14:06, Ahmad Fatoum 写道:
> > > On 06.06.22 12:10, Xiu Jianfeng wrote:
> > >> Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
> > >> initialize .enabled, minor simplicity improvement.
>
> The difference between using ifdef's and IS_ENABLED is when the
> decision is made - build time, run time. Please update the patch
> description providing an explanation for needing to make the decision
> at run time.
>
> thanks,
IS_ENABLED() is a compile time constant. So the patch looks fine to me.
- Eric
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
2022-06-22 2:17 ` Eric Biggers
@ 2022-06-26 16:13 ` Mimi Zohar
2022-06-29 3:59 ` xiujianfeng
0 siblings, 1 reply; 8+ messages in thread
From: Mimi Zohar @ 2022-06-26 16:13 UTC (permalink / raw)
To: Eric Biggers
Cc: xiujianfeng, Ahmad Fatoum, dmitry.kasatkin, jmorris, serge,
linux-integrity, linux-security-module, linux-kernel
On Tue, 2022-06-21 at 19:17 -0700, Eric Biggers wrote:
> On Tue, Jun 21, 2022 at 10:03:39AM -0400, Mimi Zohar wrote:
> > On Tue, 2022-06-21 at 18:58 +0800, xiujianfeng wrote:
> > > Hi, Ahmad
> > >
> > > 在 2022/6/7 14:06, Ahmad Fatoum 写道:
> > > > On 06.06.22 12:10, Xiu Jianfeng wrote:
> > > >> Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
> > > >> initialize .enabled, minor simplicity improvement.
> >
> > The difference between using ifdef's and IS_ENABLED is when the
> > decision is made - build time, run time. Please update the patch
> > description providing an explanation for needing to make the decision
> > at run time.
> >
> > thanks,
>
> IS_ENABLED() is a compile time constant. So the patch looks fine to me.
Thanks, Eric, for the clarification.
As LSMs are only builtin, why the need for using IS_ENABLED as opposed
to IS_BUILTIN?
#define IS_ENABLED(option) __or(IS_BUILTIN(option), IS_MODULE(option))
thanks,
Mimi
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
2022-06-26 16:13 ` Mimi Zohar
@ 2022-06-29 3:59 ` xiujianfeng
0 siblings, 0 replies; 8+ messages in thread
From: xiujianfeng @ 2022-06-29 3:59 UTC (permalink / raw)
To: Mimi Zohar, Eric Biggers
Cc: Ahmad Fatoum, dmitry.kasatkin, jmorris, serge, linux-integrity,
linux-security-module, linux-kernel
在 2022/6/27 0:13, Mimi Zohar 写道:
> On Tue, 2022-06-21 at 19:17 -0700, Eric Biggers wrote:
>> On Tue, Jun 21, 2022 at 10:03:39AM -0400, Mimi Zohar wrote:
>>> On Tue, 2022-06-21 at 18:58 +0800, xiujianfeng wrote:
>>>> Hi, Ahmad
>>>>
>>>> 在 2022/6/7 14:06, Ahmad Fatoum 写道:
>>>>> On 06.06.22 12:10, Xiu Jianfeng wrote:
>>>>>> Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
>>>>>> initialize .enabled, minor simplicity improvement.
>>> The difference between using ifdef's and IS_ENABLED is when the
>>> decision is made - build time, run time. Please update the patch
>>> description providing an explanation for needing to make the decision
>>> at run time.
>>>
>>> thanks,
>> IS_ENABLED() is a compile time constant. So the patch looks fine to me.
> Thanks, Eric, for the clarification.
>
> As LSMs are only builtin, why the need for using IS_ENABLED as opposed
> to IS_BUILTIN?
>
> #define IS_ENABLED(option) __or(IS_BUILTIN(option), IS_MODULE(option))
>
> thanks,
I think IS_ENALBED() is a bit more generic, maybe. here is another
example in rcutorture.c
which uses IS_ENABLED() to initialize the member in structure:
static struct rcu_torture_ops rcu_ops = {
...
.can_boost = IS_ENABLED(CONFIG_RCU_BOOST),
...
};
Do you want me to change IS_ENABLED() to IS_BUILTIN()?
>
> Mimi
>
> .
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH -next] evm: Use IS_ENABLED to initialize .enabled
2022-06-06 10:10 [PATCH -next] evm: Use IS_ENABLED to initialize .enabled Xiu Jianfeng
2022-06-07 6:06 ` Ahmad Fatoum
@ 2022-07-07 23:15 ` Mimi Zohar
1 sibling, 0 replies; 8+ messages in thread
From: Mimi Zohar @ 2022-07-07 23:15 UTC (permalink / raw)
To: Xiu Jianfeng, dmitry.kasatkin, jmorris, serge
Cc: linux-integrity, linux-security-module, linux-kernel
On Mon, 2022-06-06 at 18:10 +0800, Xiu Jianfeng wrote:
> Use IS_ENABLED(CONFIG_XXX) instead of #ifdef/#endif statements to
> initialize .enabled, minor simplicity improvement.
>
> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Thanks, Xiu. This patch is now queued in next-testing.
Mimi
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-07-07 23:15 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-06 10:10 [PATCH -next] evm: Use IS_ENABLED to initialize .enabled Xiu Jianfeng
2022-06-07 6:06 ` Ahmad Fatoum
2022-06-21 10:58 ` xiujianfeng
2022-06-21 14:03 ` Mimi Zohar
2022-06-22 2:17 ` Eric Biggers
2022-06-26 16:13 ` Mimi Zohar
2022-06-29 3:59 ` xiujianfeng
2022-07-07 23:15 ` Mimi Zohar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.