Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/2] Minor lockdown fixups
@ 2019-09-10 10:03 Matthew Garrett
  2019-09-10 10:03 ` [PATCH 1/2] security: constify some arrays in lockdown LSM Matthew Garrett
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Matthew Garrett @ 2019-09-10 10:03 UTC (permalink / raw)
  To: jmorris; +Cc: linux-security-module, linux-kernel, linux-api

Constify some arrays and fix an #ifdef that I typoed.



^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] security: constify some arrays in lockdown LSM
  2019-09-10 10:03 [PATCH 0/2] Minor lockdown fixups Matthew Garrett
@ 2019-09-10 10:03 ` Matthew Garrett
  2019-09-10 10:03 ` [PATCH 2/2] kexec: Fix file verification on S390 Matthew Garrett
  2019-09-10 12:29 ` [PATCH 0/2] Minor lockdown fixups James Morris
  2 siblings, 0 replies; 4+ messages in thread
From: Matthew Garrett @ 2019-09-10 10:03 UTC (permalink / raw)
  To: jmorris
  Cc: linux-security-module, linux-kernel, linux-api, Matthew Garrett,
	Matthew Garrett, David Howells

No reason for these not to be const.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Suggested-by: David Howells <dhowells@redhat.com>
---
 security/lockdown/lockdown.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 0068cec77c05..8a10b43daf74 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -16,7 +16,7 @@
 
 static enum lockdown_reason kernel_locked_down;
 
-static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
+static const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_NONE] = "none",
 	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
 	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
@@ -40,7 +40,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
 };
 
-static enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE,
+static const enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE,
 						 LOCKDOWN_INTEGRITY_MAX,
 						 LOCKDOWN_CONFIDENTIALITY_MAX};
 
-- 
2.23.0.162.g0b9fbb3734-goog


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 2/2] kexec: Fix file verification on S390
  2019-09-10 10:03 [PATCH 0/2] Minor lockdown fixups Matthew Garrett
  2019-09-10 10:03 ` [PATCH 1/2] security: constify some arrays in lockdown LSM Matthew Garrett
@ 2019-09-10 10:03 ` Matthew Garrett
  2019-09-10 12:29 ` [PATCH 0/2] Minor lockdown fixups James Morris
  2 siblings, 0 replies; 4+ messages in thread
From: Matthew Garrett @ 2019-09-10 10:03 UTC (permalink / raw)
  To: jmorris
  Cc: linux-security-module, linux-kernel, linux-api, Matthew Garrett,
	Matthew Garrett, Philipp Rudo

I accidentally typoed this #ifdef, so verification would always be
disabled.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reported-by: Philipp Rudo <prudo@linux.ibm.com>
---
 arch/s390/kernel/kexec_elf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/s390/kernel/kexec_elf.c b/arch/s390/kernel/kexec_elf.c
index 9b4f37a4edf1..9da6fa30c447 100644
--- a/arch/s390/kernel/kexec_elf.c
+++ b/arch/s390/kernel/kexec_elf.c
@@ -130,7 +130,7 @@ static int s390_elf_probe(const char *buf, unsigned long len)
 const struct kexec_file_ops s390_kexec_elf_ops = {
 	.probe = s390_elf_probe,
 	.load = s390_elf_load,
-#ifdef CONFIG_KEXEC__SIG
+#ifdef CONFIG_KEXEC_SIG
 	.verify_sig = s390_verify_sig,
 #endif /* CONFIG_KEXEC_SIG */
 };
-- 
2.23.0.162.g0b9fbb3734-goog


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 0/2] Minor lockdown fixups
  2019-09-10 10:03 [PATCH 0/2] Minor lockdown fixups Matthew Garrett
  2019-09-10 10:03 ` [PATCH 1/2] security: constify some arrays in lockdown LSM Matthew Garrett
  2019-09-10 10:03 ` [PATCH 2/2] kexec: Fix file verification on S390 Matthew Garrett
@ 2019-09-10 12:29 ` James Morris
  2 siblings, 0 replies; 4+ messages in thread
From: James Morris @ 2019-09-10 12:29 UTC (permalink / raw)
  To: Matthew Garrett; +Cc: linux-security-module, linux-kernel, linux-api

On Tue, 10 Sep 2019, Matthew Garrett wrote:

> Constify some arrays and fix an #ifdef that I typoed.
> 

Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-lockdown
and next-testing


-- 
James Morris
<jmorris@namei.org>


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-10 10:03 [PATCH 0/2] Minor lockdown fixups Matthew Garrett
2019-09-10 10:03 ` [PATCH 1/2] security: constify some arrays in lockdown LSM Matthew Garrett
2019-09-10 10:03 ` [PATCH 2/2] kexec: Fix file verification on S390 Matthew Garrett
2019-09-10 12:29 ` [PATCH 0/2] Minor lockdown fixups James Morris

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org linux-security-module@archiver.kernel.org
	public-inbox-index linux-security-module


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/ public-inbox