* [PATCH] smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block
@ 2021-09-10 9:45 Sebastian Andrzej Siewior
2021-09-15 22:12 ` Casey Schaufler
0 siblings, 1 reply; 2+ messages in thread
From: Sebastian Andrzej Siewior @ 2021-09-10 9:45 UTC (permalink / raw)
To: linux-security-module
Cc: Thomas Gleixner, Sebastian Andrzej Siewior, Casey Schaufler,
James Morris, Serge E. Hallyn
The mutex smack_ipv6_lock is only used with the SMACK_IPV6_PORT_LABELING
block but its definition is outside of the block. This leads to a
defined-but-not-used warning on PREEMPT_RT.
Moving smack_ipv6_lock down to the block where it is used where it used
raises the question why is smk_ipv6_port_list read if nothing is added
to it.
Turns out, only smk_ipv6_port_check() is using it outside of an ifdef
SMACK_IPV6_PORT_LABELING block. However two of three caller invoke
smk_ipv6_port_check() from a ifdef block and only one is using
__is_defined() macro which requires the function and smk_ipv6_port_list
to be around.
Put the lock and list inside an ifdef SMACK_IPV6_PORT_LABELING block to
avoid the warning regarding unused mutex. Extend the ifdef-block to also
cover smk_ipv6_port_check(). Make smack_socket_connect() use ifdef
instead of __is_defined() to avoid complains about missing function.
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
---
security/smack/smack_lsm.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index cacbe75185194..fd9e6b54907ee 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -51,8 +51,10 @@
#define SMK_RECEIVING 1
#define SMK_SENDING 2
+#ifdef SMACK_IPV6_PORT_LABELING
static DEFINE_MUTEX(smack_ipv6_lock);
static LIST_HEAD(smk_ipv6_port_list);
+#endif
struct kmem_cache *smack_rule_cache;
int smack_enabled __initdata;
@@ -2603,7 +2605,6 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
mutex_unlock(&smack_ipv6_lock);
return;
}
-#endif
/**
* smk_ipv6_port_check - check Smack port access
@@ -2666,6 +2667,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
return smk_ipv6_check(skp, object, address, act);
}
+#endif
/**
* smack_inode_setsecurity - set smack xattrs
@@ -2852,8 +2854,9 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
SMK_CONNECTING);
}
- if (__is_defined(SMACK_IPV6_PORT_LABELING))
+#ifdef SMACK_IPV6_PORT_LABELING
rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
+#endif
return rc;
}
--
2.33.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block
2021-09-10 9:45 [PATCH] smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block Sebastian Andrzej Siewior
@ 2021-09-15 22:12 ` Casey Schaufler
0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2021-09-15 22:12 UTC (permalink / raw)
To: Sebastian Andrzej Siewior, linux-security-module
Cc: Thomas Gleixner, James Morris, Serge E. Hallyn, Casey Schaufler
On 9/10/2021 2:45 AM, Sebastian Andrzej Siewior wrote:
> The mutex smack_ipv6_lock is only used with the SMACK_IPV6_PORT_LABELING
> block but its definition is outside of the block. This leads to a
> defined-but-not-used warning on PREEMPT_RT.
>
> Moving smack_ipv6_lock down to the block where it is used where it used
> raises the question why is smk_ipv6_port_list read if nothing is added
> to it.
> Turns out, only smk_ipv6_port_check() is using it outside of an ifdef
> SMACK_IPV6_PORT_LABELING block. However two of three caller invoke
> smk_ipv6_port_check() from a ifdef block and only one is using
> __is_defined() macro which requires the function and smk_ipv6_port_list
> to be around.
>
> Put the lock and list inside an ifdef SMACK_IPV6_PORT_LABELING block to
> avoid the warning regarding unused mutex. Extend the ifdef-block to also
> cover smk_ipv6_port_check(). Make smack_socket_connect() use ifdef
> instead of __is_defined() to avoid complains about missing function.
>
> Cc: Casey Schaufler <casey@schaufler-ca.com>
This is the Smack maintainer, to whom you should send the next revision.
> Cc: James Morris <jmorris@namei.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> ---
> security/smack/smack_lsm.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index cacbe75185194..fd9e6b54907ee 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -51,8 +51,10 @@
> #define SMK_RECEIVING 1
> #define SMK_SENDING 2
>
> +#ifdef SMACK_IPV6_PORT_LABELING
> static DEFINE_MUTEX(smack_ipv6_lock);
> static LIST_HEAD(smk_ipv6_port_list);
> +#endif
> struct kmem_cache *smack_rule_cache;
> int smack_enabled __initdata;
>
> @@ -2603,7 +2605,6 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
> mutex_unlock(&smack_ipv6_lock);
> return;
> }
> -#endif
>
> /**
> * smk_ipv6_port_check - check Smack port access
> @@ -2666,6 +2667,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
>
> return smk_ipv6_check(skp, object, address, act);
> }
> +#endif
>
> /**
> * smack_inode_setsecurity - set smack xattrs
> @@ -2852,8 +2854,9 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
> rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
> SMK_CONNECTING);
> }
> - if (__is_defined(SMACK_IPV6_PORT_LABELING))
> +#ifdef SMACK_IPV6_PORT_LABELING
> rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
> +#endif
Fix the indentation.
Also, the patch came through with some html artifacts. Please fix the
indentation and resubmit. Thank you.
>
> return rc;
> }
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-15 22:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-10 9:45 [PATCH] smack: Guard smack_ipv6_lock definition within a SMACK_IPV6_PORT_LABELING block Sebastian Andrzej Siewior
2021-09-15 22:12 ` Casey Schaufler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).