* [PATCH 0/8] security: Use a more current logging style @ 2014-02-24 21:59 Joe Perches 2014-02-24 21:59 ` [PATCH 1/8] " Joe Perches ` (7 more replies) 0 siblings, 8 replies; 25+ messages in thread From: Joe Perches @ 2014-02-24 21:59 UTC (permalink / raw) To: linux-kernel; +Cc: linux-security-module, keyrings, selinux Mostly trivial cleanups of security modules Joe Perches (8): security: Use a more current logging style security: apparmor: Use a more current logging style security: integrity: Use a more current logging style security: keys: Use a more current logging style security: selinux: Use a more current logging style security: smack: Use a more current logging style security: tomoyo: Use a more current logging style security: yama: Use a more current logging style security/apparmor/apparmorfs.c | 2 + security/apparmor/crypto.c | 2 + security/apparmor/include/apparmor.h | 2 +- security/apparmor/lib.c | 4 +- security/apparmor/lsm.c | 2 + security/apparmor/match.c | 5 +- security/apparmor/policy.c | 2 + security/apparmor/procattr.c | 2 + security/capability.c | 16 ++-- security/commoncap.c | 15 ++-- security/integrity/evm/evm_crypto.c | 4 +- security/integrity/evm/evm_main.c | 6 +- security/integrity/evm/evm_secfs.c | 6 +- security/integrity/ima/ima_crypto.c | 4 +- security/integrity/ima/ima_init.c | 5 +- security/integrity/ima/ima_queue.c | 8 +- security/integrity/ima/ima_template.c | 5 +- security/keys/encrypted-keys/encrypted.c | 70 ++++++++--------- security/keys/encrypted-keys/encrypted.h | 2 +- security/keys/key.c | 2 + security/keys/trusted.c | 42 +++++----- security/keys/trusted.h | 20 ++--- security/security.c | 4 +- security/selinux/avc.c | 7 +- security/selinux/hooks.c | 130 +++++++++++++------------------ security/selinux/netif.c | 14 ++-- security/selinux/netlink.c | 5 +- security/selinux/netnode.c | 6 +- security/selinux/netport.c | 7 +- security/selinux/selinuxfs.c | 19 ++--- security/selinux/ss/avtab.c | 39 +++++----- security/selinux/ss/conditional.c | 18 +++-- security/selinux/ss/ebitmap.c | 21 +++-- security/selinux/ss/policydb.c | 109 ++++++++++++-------------- security/selinux/ss/services.c | 101 ++++++++++-------------- security/selinux/ss/sidtab.c | 8 +- security/smack/smack_lsm.c | 7 +- security/smack/smackfs.c | 25 +++--- security/tomoyo/common.c | 23 +++--- security/tomoyo/domain.c | 8 +- security/tomoyo/load_policy.c | 9 ++- security/tomoyo/memory.c | 7 +- security/tomoyo/tomoyo.c | 4 +- security/tomoyo/util.c | 7 +- security/yama/yama_lsm.c | 18 ++--- 45 files changed, 404 insertions(+), 418 deletions(-) -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 1/8] security: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches @ 2014-02-24 21:59 ` Joe Perches 2014-02-25 19:10 ` Serge Hallyn 2014-02-24 21:59 ` [PATCH 2/8] security: apparmor: " Joe Perches ` (6 subsequent siblings) 7 siblings, 1 reply; 25+ messages in thread From: Joe Perches @ 2014-02-24 21:59 UTC (permalink / raw) To: linux-kernel; +Cc: Serge Hallyn, James Morris, linux-security-module Convert printks to pr_<level>. Add pr_fmt to prefix output with "security: " or "capability: " Coalesce formats. Use a generic string for pr_debug to reduce object size. Signed-off-by: Joe Perches <joe@perches.com> --- security/capability.c | 16 +++++++++------- security/commoncap.c | 15 ++++++++------- security/security.c | 4 +++- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/security/capability.c b/security/capability.c index 8b4f24a..086af9b 100644 --- a/security/capability.c +++ b/security/capability.c @@ -10,6 +10,8 @@ * */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/security.h> static int cap_syslog(int type) @@ -914,13 +916,13 @@ static void cap_audit_rule_free(void *lsmrule) #endif /* CONFIG_AUDIT */ #define set_to_cap_if_null(ops, function) \ - do { \ - if (!ops->function) { \ - ops->function = cap_##function; \ - pr_debug("Had to override the " #function \ - " security operation with the default.\n");\ - } \ - } while (0) +do { \ + if (!ops->function) { \ + ops->function = cap_##function; \ + pr_debug("Had to override the %s security operation with the default\n", \ + #function); \ + } \ +} while (0) void __init security_fixup_ops(struct security_operations *ops) { diff --git a/security/commoncap.c b/security/commoncap.c index b9d613e..b5c3bc4 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -7,6 +7,8 @@ * */ +#define pr_fmt(fmt) "capability: " fmt + #include <linux/capability.h> #include <linux/audit.h> #include <linux/module.h> @@ -46,9 +48,8 @@ static void warn_setuid_and_fcaps_mixed(const char *fname) { static int warned; if (!warned) { - printk(KERN_INFO "warning: `%s' has both setuid-root and" - " effective capabilities. Therefore not raising all" - " capabilities.\n", fname); + pr_info("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n", + fname); warned = 1; } } @@ -448,8 +449,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c rc = get_vfs_caps_from_disk(dentry, &vcaps); if (rc < 0) { if (rc == -EINVAL) - printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n", - __func__, rc, bprm->filename); + pr_notice("%s: get_vfs_caps_from_disk returned %d for %s\n", + __func__, rc, bprm->filename); else if (rc == -ENODATA) rc = 0; goto out; @@ -457,8 +458,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap); if (rc == -EINVAL) - printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", - __func__, rc, bprm->filename); + pr_notice("%s: cap_from_disk returned %d for %s\n", + __func__, rc, bprm->filename); out: dput(dentry); diff --git a/security/security.c b/security/security.c index 15b6928..53d1885 100644 --- a/security/security.c +++ b/security/security.c @@ -11,6 +11,8 @@ * (at your option) any later version. */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/capability.h> #include <linux/dcache.h> #include <linux/module.h> @@ -64,7 +66,7 @@ static void __init do_security_initcalls(void) */ int __init security_init(void) { - printk(KERN_INFO "Security Framework initialized\n"); + pr_info("Security Framework initialized\n"); security_fixup_ops(&default_security_ops); security_ops = &default_security_ops; -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 1/8] security: Use a more current logging style 2014-02-24 21:59 ` [PATCH 1/8] " Joe Perches @ 2014-02-25 19:10 ` Serge Hallyn 2014-02-25 19:34 ` Joe Perches 2014-02-25 19:41 ` [PATCH V2 " Joe Perches 0 siblings, 2 replies; 25+ messages in thread From: Serge Hallyn @ 2014-02-25 19:10 UTC (permalink / raw) To: Joe Perches Cc: linux-kernel, Serge Hallyn, James Morris, linux-security-module Quoting Joe Perches (joe@perches.com): > Convert printks to pr_<level>. > Add pr_fmt to prefix output with "security: " or "capability: " > Coalesce formats. > Use a generic string for pr_debug to reduce object size. > > Signed-off-by: Joe Perches <joe@perches.com> > --- Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Though should warn_setuid_and_fcaps_mixed be using pr_info_once()? > security/capability.c | 16 +++++++++------- > security/commoncap.c | 15 ++++++++------- > security/security.c | 4 +++- > 3 files changed, 20 insertions(+), 15 deletions(-) > > diff --git a/security/capability.c b/security/capability.c > index 8b4f24a..086af9b 100644 > --- a/security/capability.c > +++ b/security/capability.c > @@ -10,6 +10,8 @@ > * > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/security.h> > > static int cap_syslog(int type) > @@ -914,13 +916,13 @@ static void cap_audit_rule_free(void *lsmrule) > #endif /* CONFIG_AUDIT */ > > #define set_to_cap_if_null(ops, function) \ > - do { \ > - if (!ops->function) { \ > - ops->function = cap_##function; \ > - pr_debug("Had to override the " #function \ > - " security operation with the default.\n");\ > - } \ > - } while (0) > +do { \ > + if (!ops->function) { \ > + ops->function = cap_##function; \ > + pr_debug("Had to override the %s security operation with the default\n", \ > + #function); \ > + } \ > +} while (0) > > void __init security_fixup_ops(struct security_operations *ops) > { > diff --git a/security/commoncap.c b/security/commoncap.c > index b9d613e..b5c3bc4 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -7,6 +7,8 @@ > * > */ > > +#define pr_fmt(fmt) "capability: " fmt > + > #include <linux/capability.h> > #include <linux/audit.h> > #include <linux/module.h> > @@ -46,9 +48,8 @@ static void warn_setuid_and_fcaps_mixed(const char *fname) > { > static int warned; > if (!warned) { > - printk(KERN_INFO "warning: `%s' has both setuid-root and" > - " effective capabilities. Therefore not raising all" > - " capabilities.\n", fname); > + pr_info("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n", > + fname); > warned = 1; > } > } > @@ -448,8 +449,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c > rc = get_vfs_caps_from_disk(dentry, &vcaps); > if (rc < 0) { > if (rc == -EINVAL) > - printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n", > - __func__, rc, bprm->filename); > + pr_notice("%s: get_vfs_caps_from_disk returned %d for %s\n", > + __func__, rc, bprm->filename); > else if (rc == -ENODATA) > rc = 0; > goto out; > @@ -457,8 +458,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c > > rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap); > if (rc == -EINVAL) > - printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", > - __func__, rc, bprm->filename); > + pr_notice("%s: cap_from_disk returned %d for %s\n", > + __func__, rc, bprm->filename); > > out: > dput(dentry); > diff --git a/security/security.c b/security/security.c > index 15b6928..53d1885 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -11,6 +11,8 @@ > * (at your option) any later version. > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/capability.h> > #include <linux/dcache.h> > #include <linux/module.h> > @@ -64,7 +66,7 @@ static void __init do_security_initcalls(void) > */ > int __init security_init(void) > { > - printk(KERN_INFO "Security Framework initialized\n"); > + pr_info("Security Framework initialized\n"); > > security_fixup_ops(&default_security_ops); > security_ops = &default_security_ops; > -- > 1.8.1.2.459.gbcd45b4.dirty > ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 1/8] security: Use a more current logging style 2014-02-25 19:10 ` Serge Hallyn @ 2014-02-25 19:34 ` Joe Perches 2014-02-25 19:41 ` [PATCH V2 " Joe Perches 1 sibling, 0 replies; 25+ messages in thread From: Joe Perches @ 2014-02-25 19:34 UTC (permalink / raw) To: Serge Hallyn Cc: linux-kernel, Serge Hallyn, James Morris, linux-security-module On Tue, 2014-02-25 at 13:10 -0600, Serge Hallyn wrote: > Quoting Joe Perches (joe@perches.com): > > Convert printks to pr_<level>. [] > Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> > > Though should warn_setuid_and_fcaps_mixed be using > pr_info_once()? Yup, thanks. I'll send a follow-on with your reported-by if/after this is applied and I'll send a V2 now so James could apply that instead if that's what he prefers. > > diff --git a/security/commoncap.c b/security/commoncap.c [] > > @@ -46,9 +48,8 @@ static void warn_setuid_and_fcaps_mixed(const char *fname) > > { > > static int warned; > > if (!warned) { > > - printk(KERN_INFO "warning: `%s' has both setuid-root and" > > - " effective capabilities. Therefore not raising all" > > - " capabilities.\n", fname); > > + pr_info("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n", > > + fname); pr_info_once(etc... > > warned = 1; > > } > > } ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH V2 1/8] security: Use a more current logging style 2014-02-25 19:10 ` Serge Hallyn 2014-02-25 19:34 ` Joe Perches @ 2014-02-25 19:41 ` Joe Perches 1 sibling, 0 replies; 25+ messages in thread From: Joe Perches @ 2014-02-25 19:41 UTC (permalink / raw) To: linux-kernel; +Cc: Serge Hallyn, James Morris, linux-security-module Convert printks to pr_<level>. Convert printk with single time guard to pr_info_once. Add pr_fmt to prefix output with "security: " or "capability: " Coalesce formats. Use a generic string for pr_debug to reduce object size. Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> Reported-by: Serge Hallyn <serge.hallyn@ubuntu.com> (pr_info_once) --- security/capability.c | 16 +++++++++------- security/commoncap.c | 19 ++++++++----------- security/security.c | 4 +++- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/security/capability.c b/security/capability.c index 8b4f24a..086af9b 100644 --- a/security/capability.c +++ b/security/capability.c @@ -10,6 +10,8 @@ * */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/security.h> static int cap_syslog(int type) @@ -914,13 +916,13 @@ static void cap_audit_rule_free(void *lsmrule) #endif /* CONFIG_AUDIT */ #define set_to_cap_if_null(ops, function) \ - do { \ - if (!ops->function) { \ - ops->function = cap_##function; \ - pr_debug("Had to override the " #function \ - " security operation with the default.\n");\ - } \ - } while (0) +do { \ + if (!ops->function) { \ + ops->function = cap_##function; \ + pr_debug("Had to override the %s security operation with the default\n", \ + #function); \ + } \ +} while (0) void __init security_fixup_ops(struct security_operations *ops) { diff --git a/security/commoncap.c b/security/commoncap.c index b9d613e..09da086 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -7,6 +7,8 @@ * */ +#define pr_fmt(fmt) "capability: " fmt + #include <linux/capability.h> #include <linux/audit.h> #include <linux/module.h> @@ -44,13 +46,8 @@ */ static void warn_setuid_and_fcaps_mixed(const char *fname) { - static int warned; - if (!warned) { - printk(KERN_INFO "warning: `%s' has both setuid-root and" - " effective capabilities. Therefore not raising all" - " capabilities.\n", fname); - warned = 1; - } + pr_info_once("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n", + fname); } int cap_netlink_send(struct sock *sk, struct sk_buff *skb) @@ -448,8 +445,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c rc = get_vfs_caps_from_disk(dentry, &vcaps); if (rc < 0) { if (rc == -EINVAL) - printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n", - __func__, rc, bprm->filename); + pr_notice("%s: get_vfs_caps_from_disk returned %d for %s\n", + __func__, rc, bprm->filename); else if (rc == -ENODATA) rc = 0; goto out; @@ -457,8 +454,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap); if (rc == -EINVAL) - printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n", - __func__, rc, bprm->filename); + pr_notice("%s: cap_from_disk returned %d for %s\n", + __func__, rc, bprm->filename); out: dput(dentry); diff --git a/security/security.c b/security/security.c index 15b6928..53d1885 100644 --- a/security/security.c +++ b/security/security.c @@ -11,6 +11,8 @@ * (at your option) any later version. */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/capability.h> #include <linux/dcache.h> #include <linux/module.h> @@ -64,7 +66,7 @@ static void __init do_security_initcalls(void) */ int __init security_init(void) { - printk(KERN_INFO "Security Framework initialized\n"); + pr_info("Security Framework initialized\n"); security_fixup_ops(&default_security_ops); security_ops = &default_security_ops; -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [PATCH 2/8] security: apparmor: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches 2014-02-24 21:59 ` [PATCH 1/8] " Joe Perches @ 2014-02-24 21:59 ` Joe Perches 2014-02-26 7:31 ` John Johansen 2014-02-24 21:59 ` [PATCH 3/8] security: integrity: " Joe Perches ` (5 subsequent siblings) 7 siblings, 1 reply; 25+ messages in thread From: Joe Perches @ 2014-02-24 21:59 UTC (permalink / raw) To: linux-kernel; +Cc: John Johansen, James Morris, linux-security-module Convert printks to pr_<level>. Add pr_fmt. Coalesce formats. Remove embedded prefixes from logging. Signed-off-by: Joe Perches <joe@perches.com> --- security/apparmor/apparmorfs.c | 2 ++ security/apparmor/crypto.c | 2 ++ security/apparmor/include/apparmor.h | 2 +- security/apparmor/lib.c | 4 +++- security/apparmor/lsm.c | 2 ++ security/apparmor/match.c | 5 +++-- security/apparmor/policy.c | 2 ++ security/apparmor/procattr.c | 2 ++ 8 files changed, 17 insertions(+), 4 deletions(-) diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 7db9954..d4b65cc 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -12,6 +12,8 @@ * License. */ +#define pr_fmt(fmt) "AppArmor: " fmt + #include <linux/ctype.h> #include <linux/security.h> #include <linux/vmalloc.h> diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c index 532471d..9506544 100644 --- a/security/apparmor/crypto.c +++ b/security/apparmor/crypto.c @@ -15,6 +15,8 @@ * it should be. */ +#define pr_fmt(fmt) "AppArmor: " fmt + #include <crypto/hash.h> #include "include/apparmor.h" diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h index 8fb1488..3065025 100644 --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -56,7 +56,7 @@ extern unsigned int aa_g_path_max; #define AA_ERROR(fmt, args...) \ do { \ if (printk_ratelimit()) \ - printk(KERN_ERR "AppArmor: " fmt, ##args); \ + pr_err(fmt, ##args); \ } while (0) /* Flag indicating whether initialization completed */ diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 6968992..432b1b6 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -12,6 +12,8 @@ * License. */ +#define pr_fmt(fmt) "AppArmor: " fmt + #include <linux/mm.h> #include <linux/slab.h> #include <linux/string.h> @@ -73,7 +75,7 @@ void aa_info_message(const char *str) aad.info = str; aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); } - printk(KERN_INFO "AppArmor: %s\n", str); + pr_info("%s\n", str); } /** diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 9981000..49f0180 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -12,6 +12,8 @@ * License. */ +#define pr_fmt(fmt) "AppArmor: " fmt + #include <linux/security.h> #include <linux/moduleparam.h> #include <linux/mm.h> diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 727eb42..688482a 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -12,6 +12,8 @@ * License. */ +#define pr_fmt(fmt) "AppArmor: " fmt + #include <linux/errno.h> #include <linux/kernel.h> #include <linux/mm.h> @@ -140,8 +142,7 @@ static int verify_dfa(struct aa_dfa *dfa, int flags) if (DEFAULT_TABLE(dfa)[i] >= state_count) goto out; if (base_idx(BASE_TABLE(dfa)[i]) + 255 >= trans_count) { - printk(KERN_ERR "AppArmor DFA next/check upper " - "bounds error\n"); + pr_err("DFA next/check upper bounds error\n"); goto out; } } diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 705c287..4e20c1f 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -73,6 +73,8 @@ * FIXME: move profile lists to using rcu_lists */ +#define pr_fmt(fmt) "AppArmor: " fmt + #include <linux/slab.h> #include <linux/spinlock.h> #include <linux/string.h> diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index b125acc..c105fc5 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -12,6 +12,8 @@ * License. */ +#define pr_fmt(fmt) "AppArmor: " fmt + #include "include/apparmor.h" #include "include/context.h" #include "include/policy.h" -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 2/8] security: apparmor: Use a more current logging style 2014-02-24 21:59 ` [PATCH 2/8] security: apparmor: " Joe Perches @ 2014-02-26 7:31 ` John Johansen 2014-02-26 14:43 ` Joe Perches 0 siblings, 1 reply; 25+ messages in thread From: John Johansen @ 2014-02-26 7:31 UTC (permalink / raw) To: Joe Perches, linux-kernel; +Cc: James Morris, linux-security-module On 02/24/2014 01:59 PM, Joe Perches wrote: > Convert printks to pr_<level>. > Add pr_fmt. > Coalesce formats. > Remove embedded prefixes from logging. > you missed one place, --- a/security/apparmor/include/apparmor.h +++ b/security/apparmor/include/apparmor.h @@ -50,7 +50,7 @@ extern unsigned int aa_g_path_max; #define AA_DEBUG(fmt, args...) \ do { \ if (aa_g_debug && printk_ratelimit()) \ - printk(KERN_DEBUG "AppArmor: " fmt, ##args); \ + pr_debug(fmt, ##args); \ } while (0) #define AA_ERROR(fmt, args...) \ other than that looks good. > Signed-off-by: Joe Perches <joe@perches.com> Acked-by: John Johansen <john.johansen@canonical.com> > --- > security/apparmor/apparmorfs.c | 2 ++ > security/apparmor/crypto.c | 2 ++ > security/apparmor/include/apparmor.h | 2 +- > security/apparmor/lib.c | 4 +++- > security/apparmor/lsm.c | 2 ++ > security/apparmor/match.c | 5 +++-- > security/apparmor/policy.c | 2 ++ > security/apparmor/procattr.c | 2 ++ > 8 files changed, 17 insertions(+), 4 deletions(-) > > diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c > index 7db9954..d4b65cc 100644 > --- a/security/apparmor/apparmorfs.c > +++ b/security/apparmor/apparmorfs.c > @@ -12,6 +12,8 @@ > * License. > */ > > +#define pr_fmt(fmt) "AppArmor: " fmt > + > #include <linux/ctype.h> > #include <linux/security.h> > #include <linux/vmalloc.h> > diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c > index 532471d..9506544 100644 > --- a/security/apparmor/crypto.c > +++ b/security/apparmor/crypto.c > @@ -15,6 +15,8 @@ > * it should be. > */ > > +#define pr_fmt(fmt) "AppArmor: " fmt > + > #include <crypto/hash.h> > > #include "include/apparmor.h" > diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h > index 8fb1488..3065025 100644 > --- a/security/apparmor/include/apparmor.h > +++ b/security/apparmor/include/apparmor.h > @@ -56,7 +56,7 @@ extern unsigned int aa_g_path_max; > #define AA_ERROR(fmt, args...) \ > do { \ > if (printk_ratelimit()) \ > - printk(KERN_ERR "AppArmor: " fmt, ##args); \ > + pr_err(fmt, ##args); \ > } while (0) > > /* Flag indicating whether initialization completed */ > diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c > index 6968992..432b1b6 100644 > --- a/security/apparmor/lib.c > +++ b/security/apparmor/lib.c > @@ -12,6 +12,8 @@ > * License. > */ > > +#define pr_fmt(fmt) "AppArmor: " fmt > + > #include <linux/mm.h> > #include <linux/slab.h> > #include <linux/string.h> > @@ -73,7 +75,7 @@ void aa_info_message(const char *str) > aad.info = str; > aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL); > } > - printk(KERN_INFO "AppArmor: %s\n", str); > + pr_info("%s\n", str); > } > > /** > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index 9981000..49f0180 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -12,6 +12,8 @@ > * License. > */ > > +#define pr_fmt(fmt) "AppArmor: " fmt > + > #include <linux/security.h> > #include <linux/moduleparam.h> > #include <linux/mm.h> > diff --git a/security/apparmor/match.c b/security/apparmor/match.c > index 727eb42..688482a 100644 > --- a/security/apparmor/match.c > +++ b/security/apparmor/match.c > @@ -12,6 +12,8 @@ > * License. > */ > > +#define pr_fmt(fmt) "AppArmor: " fmt > + > #include <linux/errno.h> > #include <linux/kernel.h> > #include <linux/mm.h> > @@ -140,8 +142,7 @@ static int verify_dfa(struct aa_dfa *dfa, int flags) > if (DEFAULT_TABLE(dfa)[i] >= state_count) > goto out; > if (base_idx(BASE_TABLE(dfa)[i]) + 255 >= trans_count) { > - printk(KERN_ERR "AppArmor DFA next/check upper " > - "bounds error\n"); > + pr_err("DFA next/check upper bounds error\n"); > goto out; > } > } > diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c > index 705c287..4e20c1f 100644 > --- a/security/apparmor/policy.c > +++ b/security/apparmor/policy.c > @@ -73,6 +73,8 @@ > * FIXME: move profile lists to using rcu_lists > */ > > +#define pr_fmt(fmt) "AppArmor: " fmt > + > #include <linux/slab.h> > #include <linux/spinlock.h> > #include <linux/string.h> > diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c > index b125acc..c105fc5 100644 > --- a/security/apparmor/procattr.c > +++ b/security/apparmor/procattr.c > @@ -12,6 +12,8 @@ > * License. > */ > > +#define pr_fmt(fmt) "AppArmor: " fmt > + > #include "include/apparmor.h" > #include "include/context.h" > #include "include/policy.h" > ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 2/8] security: apparmor: Use a more current logging style 2014-02-26 7:31 ` John Johansen @ 2014-02-26 14:43 ` Joe Perches 0 siblings, 0 replies; 25+ messages in thread From: Joe Perches @ 2014-02-26 14:43 UTC (permalink / raw) To: John Johansen; +Cc: linux-kernel, James Morris, linux-security-module On Tue, 2014-02-25 at 23:31 -0800, John Johansen wrote: > On 02/24/2014 01:59 PM, Joe Perches wrote: > > Convert printks to pr_<level>. > > Add pr_fmt. > > Coalesce formats. > > Remove embedded prefixes from logging. > > > > you missed one place, No, not really. pr_debug differs from printk(KERN_DEBUG in that pr_debug is only enabled with a #define DEBUG or CONFIG_DYNAMIC_DEBUG setting. I did not want to convert any of the printks with KERN_DEBUG in this pass as that would change the message logging by requiring dynamic debugging be included in the CONFIG. A subsequent pass converting these uses will be done if or after these initial patches are applied. thanks, Joe > --- a/security/apparmor/include/apparmor.h > +++ b/security/apparmor/include/apparmor.h > @@ -50,7 +50,7 @@ extern unsigned int aa_g_path_max; > #define AA_DEBUG(fmt, args...) \ > do { \ > if (aa_g_debug && printk_ratelimit()) \ > - printk(KERN_DEBUG "AppArmor: " fmt, ##args); \ > + pr_debug(fmt, ##args); \ > } while (0) > > #define AA_ERROR(fmt, args...) \ > > other than that looks good. > > > Signed-off-by: Joe Perches <joe@perches.com> > Acked-by: John Johansen <john.johansen@canonical.com> ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 3/8] security: integrity: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches 2014-02-24 21:59 ` [PATCH 1/8] " Joe Perches 2014-02-24 21:59 ` [PATCH 2/8] security: apparmor: " Joe Perches @ 2014-02-24 21:59 ` Joe Perches 2014-02-25 2:59 ` Mimi Zohar 2014-02-24 21:59 ` [PATCH 4/8] security: keys: " Joe Perches ` (4 subsequent siblings) 7 siblings, 1 reply; 25+ messages in thread From: Joe Perches @ 2014-02-24 21:59 UTC (permalink / raw) To: linux-kernel Cc: Mimi Zohar, James Morris, Dmitry Kasatkin, linux-security-module Convert printks to pr_<level>. Add pr_fmt. Remove embedded prefixes. Signed-off-by: Joe Perches <joe@perches.com> --- security/integrity/evm/evm_crypto.c | 4 +++- security/integrity/evm/evm_main.c | 6 ++++-- security/integrity/evm/evm_secfs.c | 6 ++++-- security/integrity/ima/ima_crypto.c | 4 +++- security/integrity/ima/ima_init.c | 5 ++++- security/integrity/ima/ima_queue.c | 8 +++++--- security/integrity/ima/ima_template.c | 5 ++++- 7 files changed, 27 insertions(+), 11 deletions(-) diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 3bab89e..9bd329f 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -13,6 +13,8 @@ * Using root's kernel master key (kmk), calculate the HMAC */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/module.h> #include <linux/crypto.h> #include <linux/xattr.h> @@ -221,7 +223,7 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, desc = init_desc(EVM_XATTR_HMAC); if (IS_ERR(desc)) { - printk(KERN_INFO "init_desc failed\n"); + pr_info("init_desc failed\n"); return PTR_ERR(desc); } diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 336b3dd..996092f 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -14,6 +14,8 @@ * evm_inode_removexattr, and evm_verifyxattr */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/module.h> #include <linux/crypto.h> #include <linux/audit.h> @@ -432,7 +434,7 @@ static int __init init_evm(void) error = evm_init_secfs(); if (error < 0) { - printk(KERN_INFO "EVM: Error registering secfs\n"); + pr_info("Error registering secfs\n"); goto err; } @@ -449,7 +451,7 @@ static int __init evm_display_config(void) char **xattrname; for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) - printk(KERN_INFO "EVM: %s\n", *xattrname); + pr_info("%s\n", *xattrname); return 0; } diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index 30f670a..cf12a04 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -13,6 +13,8 @@ * - Get the key and enable EVM */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/uaccess.h> #include <linux/module.h> #include "evm.h" @@ -79,9 +81,9 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf, error = evm_init_key(); if (!error) { evm_initialized = 1; - pr_info("EVM: initialized\n"); + pr_info("initialized\n"); } else - pr_err("EVM: initialization failed\n"); + pr_err("initialization failed\n"); return count; } diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index fdf60de..972df659 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -13,6 +13,8 @@ * Calculates md5/sha1 file hash, template hash, boot-aggreate hash */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/kernel.h> #include <linux/file.h> #include <linux/crypto.h> @@ -205,7 +207,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) return; if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0) - pr_err("IMA: Error Communicating to TPM chip\n"); + pr_err("Error Communicating to TPM chip\n"); } /* diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c index 3712276..b3bc313 100644 --- a/security/integrity/ima/ima_init.c +++ b/security/integrity/ima/ima_init.c @@ -14,6 +14,9 @@ * File: ima_init.c * initialization and cleanup functions */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/module.h> #include <linux/scatterlist.h> #include <linux/slab.h> @@ -93,7 +96,7 @@ int __init ima_init(void) ima_used_chip = 1; if (!ima_used_chip) - pr_info("IMA: No TPM chip found, activating TPM-bypass!\n"); + pr_info("No TPM chip found, activating TPM-bypass!\n"); rc = ima_init_crypto(); if (rc) diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index d85e997..91128b4 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -18,6 +18,9 @@ * The measurement list is append-only. No entry is * ever removed or changed during the boot-cycle. */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/module.h> #include <linux/rculist.h> #include <linux/slab.h> @@ -72,7 +75,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) qe = kmalloc(sizeof(*qe), GFP_KERNEL); if (qe == NULL) { - pr_err("IMA: OUT OF MEMORY ERROR creating queue entry.\n"); + pr_err("OUT OF MEMORY ERROR creating queue entry\n"); return -ENOMEM; } qe->entry = entry; @@ -95,8 +98,7 @@ static int ima_pcr_extend(const u8 *hash) result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); if (result != 0) - pr_err("IMA: Error Communicating to TPM chip, result: %d\n", - result); + pr_err("Error Communicating to TPM chip, result: %d\n", result); return result; } diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 635695f..9a4a0d1 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -12,6 +12,9 @@ * File: ima_template.c * Helpers to manage template descriptors. */ + +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <crypto/hash_info.h> #include "ima.h" @@ -58,7 +61,7 @@ static int __init ima_template_setup(char *str) */ if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 && ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) { - pr_err("IMA: template does not support hash alg\n"); + pr_err("template does not support hash alg\n"); return 1; } -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 3/8] security: integrity: Use a more current logging style 2014-02-24 21:59 ` [PATCH 3/8] security: integrity: " Joe Perches @ 2014-02-25 2:59 ` Mimi Zohar 0 siblings, 0 replies; 25+ messages in thread From: Mimi Zohar @ 2014-02-25 2:59 UTC (permalink / raw) To: Joe Perches Cc: linux-kernel, Mimi Zohar, James Morris, Dmitry Kasatkin, linux-security-module On Mon, 2014-02-24 at 13:59 -0800, Joe Perches wrote: > Convert printks to pr_<level>. > Add pr_fmt. > Remove embedded prefixes. > > Signed-off-by: Joe Perches <joe@perches.com> Thanks Joe, both this and the keys patch look good. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> > --- > security/integrity/evm/evm_crypto.c | 4 +++- > security/integrity/evm/evm_main.c | 6 ++++-- > security/integrity/evm/evm_secfs.c | 6 ++++-- > security/integrity/ima/ima_crypto.c | 4 +++- > security/integrity/ima/ima_init.c | 5 ++++- > security/integrity/ima/ima_queue.c | 8 +++++--- > security/integrity/ima/ima_template.c | 5 ++++- > 7 files changed, 27 insertions(+), 11 deletions(-) > > diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c > index 3bab89e..9bd329f 100644 > --- a/security/integrity/evm/evm_crypto.c > +++ b/security/integrity/evm/evm_crypto.c > @@ -13,6 +13,8 @@ > * Using root's kernel master key (kmk), calculate the HMAC > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/module.h> > #include <linux/crypto.h> > #include <linux/xattr.h> > @@ -221,7 +223,7 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr, > > desc = init_desc(EVM_XATTR_HMAC); > if (IS_ERR(desc)) { > - printk(KERN_INFO "init_desc failed\n"); > + pr_info("init_desc failed\n"); > return PTR_ERR(desc); > } > > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > index 336b3dd..996092f 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -14,6 +14,8 @@ > * evm_inode_removexattr, and evm_verifyxattr > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/module.h> > #include <linux/crypto.h> > #include <linux/audit.h> > @@ -432,7 +434,7 @@ static int __init init_evm(void) > > error = evm_init_secfs(); > if (error < 0) { > - printk(KERN_INFO "EVM: Error registering secfs\n"); > + pr_info("Error registering secfs\n"); > goto err; > } > > @@ -449,7 +451,7 @@ static int __init evm_display_config(void) > char **xattrname; > > for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) > - printk(KERN_INFO "EVM: %s\n", *xattrname); > + pr_info("%s\n", *xattrname); > return 0; > } > > diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c > index 30f670a..cf12a04 100644 > --- a/security/integrity/evm/evm_secfs.c > +++ b/security/integrity/evm/evm_secfs.c > @@ -13,6 +13,8 @@ > * - Get the key and enable EVM > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/uaccess.h> > #include <linux/module.h> > #include "evm.h" > @@ -79,9 +81,9 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf, > error = evm_init_key(); > if (!error) { > evm_initialized = 1; > - pr_info("EVM: initialized\n"); > + pr_info("initialized\n"); > } else > - pr_err("EVM: initialization failed\n"); > + pr_err("initialization failed\n"); > return count; > } > > diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c > index fdf60de..972df659 100644 > --- a/security/integrity/ima/ima_crypto.c > +++ b/security/integrity/ima/ima_crypto.c > @@ -13,6 +13,8 @@ > * Calculates md5/sha1 file hash, template hash, boot-aggreate hash > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/kernel.h> > #include <linux/file.h> > #include <linux/crypto.h> > @@ -205,7 +207,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) > return; > > if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0) > - pr_err("IMA: Error Communicating to TPM chip\n"); > + pr_err("Error Communicating to TPM chip\n"); > } > > /* > diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c > index 3712276..b3bc313 100644 > --- a/security/integrity/ima/ima_init.c > +++ b/security/integrity/ima/ima_init.c > @@ -14,6 +14,9 @@ > * File: ima_init.c > * initialization and cleanup functions > */ > + > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/module.h> > #include <linux/scatterlist.h> > #include <linux/slab.h> > @@ -93,7 +96,7 @@ int __init ima_init(void) > ima_used_chip = 1; > > if (!ima_used_chip) > - pr_info("IMA: No TPM chip found, activating TPM-bypass!\n"); > + pr_info("No TPM chip found, activating TPM-bypass!\n"); > > rc = ima_init_crypto(); > if (rc) > diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c > index d85e997..91128b4 100644 > --- a/security/integrity/ima/ima_queue.c > +++ b/security/integrity/ima/ima_queue.c > @@ -18,6 +18,9 @@ > * The measurement list is append-only. No entry is > * ever removed or changed during the boot-cycle. > */ > + > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/module.h> > #include <linux/rculist.h> > #include <linux/slab.h> > @@ -72,7 +75,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) > > qe = kmalloc(sizeof(*qe), GFP_KERNEL); > if (qe == NULL) { > - pr_err("IMA: OUT OF MEMORY ERROR creating queue entry.\n"); > + pr_err("OUT OF MEMORY ERROR creating queue entry\n"); > return -ENOMEM; > } > qe->entry = entry; > @@ -95,8 +98,7 @@ static int ima_pcr_extend(const u8 *hash) > > result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); > if (result != 0) > - pr_err("IMA: Error Communicating to TPM chip, result: %d\n", > - result); > + pr_err("Error Communicating to TPM chip, result: %d\n", result); > return result; > } > > diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c > index 635695f..9a4a0d1 100644 > --- a/security/integrity/ima/ima_template.c > +++ b/security/integrity/ima/ima_template.c > @@ -12,6 +12,9 @@ > * File: ima_template.c > * Helpers to manage template descriptors. > */ > + > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <crypto/hash_info.h> > > #include "ima.h" > @@ -58,7 +61,7 @@ static int __init ima_template_setup(char *str) > */ > if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 && > ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) { > - pr_err("IMA: template does not support hash alg\n"); > + pr_err("template does not support hash alg\n"); > return 1; > } > ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 4/8] security: keys: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches ` (2 preceding siblings ...) 2014-02-24 21:59 ` [PATCH 3/8] security: integrity: " Joe Perches @ 2014-02-24 21:59 ` Joe Perches 2014-02-24 21:59 ` [PATCH 5/8] security: selinux: " Joe Perches ` (3 subsequent siblings) 7 siblings, 0 replies; 25+ messages in thread From: Joe Perches @ 2014-02-24 21:59 UTC (permalink / raw) To: linux-kernel Cc: Mimi Zohar, David Safford, David Howells, James Morris, linux-security-module, keyrings Add pr_fmt and remove embedded prefixes. Add missing newline '\n' terminations. Coalesce formats. Signed-off-by: Joe Perches <joe@perches.com> --- security/keys/encrypted-keys/encrypted.c | 70 +++++++++++++++----------------- security/keys/encrypted-keys/encrypted.h | 2 +- security/keys/key.c | 2 + security/keys/trusted.c | 42 +++++++++---------- security/keys/trusted.h | 20 ++++----- 5 files changed, 66 insertions(+), 70 deletions(-) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 5fe443d..82d2dd7 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -14,6 +14,8 @@ * See Documentation/security/keys-trusted-encrypted.txt */ +#define pr_fmt(fmt) "encrypted_key: " fmt + #include <linux/uaccess.h> #include <linux/module.h> #include <linux/init.h> @@ -89,8 +91,7 @@ static int aes_get_sizes(void) tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(tfm)) { - pr_err("encrypted_key: failed to alloc_cipher (%ld)\n", - PTR_ERR(tfm)); + pr_err("failed to alloc_cipher (%ld)\n", PTR_ERR(tfm)); return PTR_ERR(tfm); } ivsize = crypto_blkcipher_ivsize(tfm); @@ -111,15 +112,14 @@ static int valid_ecryptfs_desc(const char *ecryptfs_desc) int i; if (strlen(ecryptfs_desc) != KEY_ECRYPTFS_DESC_LEN) { - pr_err("encrypted_key: key description must be %d hexadecimal " - "characters long\n", KEY_ECRYPTFS_DESC_LEN); + pr_err("key description must be %d hexadecimal characters long\n", + KEY_ECRYPTFS_DESC_LEN); return -EINVAL; } for (i = 0; i < KEY_ECRYPTFS_DESC_LEN; i++) { if (!isxdigit(ecryptfs_desc[i])) { - pr_err("encrypted_key: key description must contain " - "only hexadecimal characters\n"); + pr_err("key description must contain only hexadecimal characters\n"); return -EINVAL; } } @@ -186,7 +186,7 @@ static int datablob_parse(char *datablob, const char **format, keyword = strsep(&datablob, " \t"); if (!keyword) { - pr_info("encrypted_key: insufficient parameters specified\n"); + pr_info("insufficient parameters specified\n"); return ret; } key_cmd = match_token(keyword, key_tokens, args); @@ -194,7 +194,7 @@ static int datablob_parse(char *datablob, const char **format, /* Get optional format: default | ecryptfs */ p = strsep(&datablob, " \t"); if (!p) { - pr_err("encrypted_key: insufficient parameters specified\n"); + pr_err("insufficient parameters specified\n"); return ret; } @@ -211,20 +211,20 @@ static int datablob_parse(char *datablob, const char **format, } if (!*master_desc) { - pr_info("encrypted_key: master key parameter is missing\n"); + pr_info("master key parameter is missing\n"); goto out; } if (valid_master_desc(*master_desc, NULL) < 0) { - pr_info("encrypted_key: master key parameter \'%s\' " - "is invalid\n", *master_desc); + pr_info("master key parameter \'%s\' is invalid\n", + *master_desc); goto out; } if (decrypted_datalen) { *decrypted_datalen = strsep(&datablob, " \t"); if (!*decrypted_datalen) { - pr_info("encrypted_key: keylen parameter is missing\n"); + pr_info("keylen parameter is missing\n"); goto out; } } @@ -232,37 +232,35 @@ static int datablob_parse(char *datablob, const char **format, switch (key_cmd) { case Opt_new: if (!decrypted_datalen) { - pr_info("encrypted_key: keyword \'%s\' not allowed " - "when called from .update method\n", keyword); + pr_info("keyword \'%s\' not allowed when called from .update method\n", + keyword); break; } ret = 0; break; case Opt_load: if (!decrypted_datalen) { - pr_info("encrypted_key: keyword \'%s\' not allowed " - "when called from .update method\n", keyword); + pr_info("keyword \'%s\' not allowed when called from .update method\n", + keyword); break; } *hex_encoded_iv = strsep(&datablob, " \t"); if (!*hex_encoded_iv) { - pr_info("encrypted_key: hex blob is missing\n"); + pr_info("hex blob is missing\n"); break; } ret = 0; break; case Opt_update: if (decrypted_datalen) { - pr_info("encrypted_key: keyword \'%s\' not allowed " - "when called from .instantiate method\n", + pr_info("keyword \'%s\' not allowed when called from .instantiate method\n", keyword); break; } ret = 0; break; case Opt_err: - pr_info("encrypted_key: keyword \'%s\' not recognized\n", - keyword); + pr_info("keyword \'%s\' not recognized\n", keyword); break; } out: @@ -343,7 +341,7 @@ static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen, sdesc = alloc_sdesc(hmacalg); if (IS_ERR(sdesc)) { - pr_info("encrypted_key: can't alloc %s\n", hmac_alg); + pr_info("can't alloc %s\n", hmac_alg); return PTR_ERR(sdesc); } @@ -361,7 +359,7 @@ static int calc_hash(u8 *digest, const u8 *buf, unsigned int buflen) sdesc = alloc_sdesc(hashalg); if (IS_ERR(sdesc)) { - pr_info("encrypted_key: can't alloc %s\n", hash_alg); + pr_info("can't alloc %s\n", hash_alg); return PTR_ERR(sdesc); } @@ -386,7 +384,7 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, derived_buf = kzalloc(derived_buf_len, GFP_KERNEL); if (!derived_buf) { - pr_err("encrypted_key: out of memory\n"); + pr_err("out of memory\n"); return -ENOMEM; } if (key_type) @@ -409,7 +407,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key, desc->tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(desc->tfm)) { - pr_err("encrypted_key: failed to load %s transform (%ld)\n", + pr_err("failed to load %s transform (%ld)\n", blkcipher_alg, PTR_ERR(desc->tfm)); return PTR_ERR(desc->tfm); } @@ -417,7 +415,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key, ret = crypto_blkcipher_setkey(desc->tfm, key, key_len); if (ret < 0) { - pr_err("encrypted_key: failed to setkey (%d)\n", ret); + pr_err("failed to setkey (%d)\n", ret); crypto_free_blkcipher(desc->tfm); return ret; } @@ -447,11 +445,10 @@ static struct key *request_master_key(struct encrypted_key_payload *epayload, int ret = PTR_ERR(mkey); if (ret == -ENOTSUPP) - pr_info("encrypted_key: key %s not supported", + pr_info("key %s not supported\n", epayload->master_desc); else - pr_info("encrypted_key: key %s not found", - epayload->master_desc); + pr_info("key %s not found\n", epayload->master_desc); goto out; } @@ -494,7 +491,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload, ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, encrypted_datalen); crypto_free_blkcipher(desc.tfm); if (ret < 0) - pr_err("encrypted_key: failed to encrypt (%d)\n", ret); + pr_err("failed to encrypt (%d)\n", ret); else dump_encrypted_data(epayload, encrypted_datalen); out: @@ -618,8 +615,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key, payload_datalen = decrypted_datalen; if (format && !strcmp(format, key_format_ecryptfs)) { if (dlen != ECRYPTFS_MAX_KEY_BYTES) { - pr_err("encrypted_key: keylen for the ecryptfs format " - "must be equal to %d bytes\n", + pr_err("keylen for the ecryptfs format must be equal to %d bytes\n", ECRYPTFS_MAX_KEY_BYTES); return ERR_PTR(-EINVAL); } @@ -687,7 +683,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, ret = datablob_hmac_verify(epayload, format, master_key, master_keylen); if (ret < 0) { - pr_err("encrypted_key: bad hmac (%d)\n", ret); + pr_err("bad hmac (%d)\n", ret); goto out; } @@ -697,7 +693,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload, ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key); if (ret < 0) - pr_err("encrypted_key: failed to decrypt key (%d)\n", ret); + pr_err("failed to decrypt key (%d)\n", ret); out: up_read(&mkey->sem); key_put(mkey); @@ -991,15 +987,13 @@ static int __init encrypted_shash_alloc(void) hmacalg = crypto_alloc_shash(hmac_alg, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(hmacalg)) { - pr_info("encrypted_key: could not allocate crypto %s\n", - hmac_alg); + pr_info("could not allocate crypto %s\n", hmac_alg); return PTR_ERR(hmacalg); } hashalg = crypto_alloc_shash(hash_alg, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(hashalg)) { - pr_info("encrypted_key: could not allocate crypto %s\n", - hash_alg); + pr_info("could not allocate crypto %s\n", hash_alg); ret = PTR_ERR(hashalg); goto hashalg_fail; } diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h index 8136a2d..1244aaa 100644 --- a/security/keys/encrypted-keys/encrypted.h +++ b/security/keys/encrypted-keys/encrypted.h @@ -40,7 +40,7 @@ static inline void dump_hmac(const char *str, const u8 *digest, unsigned int hmac_size) { if (str) - pr_info("encrypted_key: %s", str); + pr_info("%s", str); print_hex_dump(KERN_ERR, "hmac: ", DUMP_PREFIX_NONE, 32, 1, digest, hmac_size, 0); } diff --git a/security/keys/key.c b/security/keys/key.c index 6e21c11..16e26c7 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -9,6 +9,8 @@ * 2 of the License, or (at your option) any later version. */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/module.h> #include <linux/init.h> #include <linux/poison.h> diff --git a/security/keys/trusted.c b/security/keys/trusted.c index 6b804aa..6d3dd37 100644 --- a/security/keys/trusted.c +++ b/security/keys/trusted.c @@ -11,6 +11,8 @@ * See Documentation/security/keys-trusted-encrypted.txt */ +#define pr_fmt(fmt) "trusted_key: " fmt + #include <linux/uaccess.h> #include <linux/module.h> #include <linux/init.h> @@ -64,7 +66,7 @@ static int TSS_sha1(const unsigned char *data, unsigned int datalen, sdesc = init_sdesc(hashalg); if (IS_ERR(sdesc)) { - pr_info("trusted_key: can't alloc %s\n", hash_alg); + pr_info("can't alloc %s\n", hash_alg); return PTR_ERR(sdesc); } @@ -84,7 +86,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key, sdesc = init_sdesc(hmacalg); if (IS_ERR(sdesc)) { - pr_info("trusted_key: can't alloc %s\n", hmac_alg); + pr_info("can't alloc %s\n", hmac_alg); return PTR_ERR(sdesc); } @@ -134,7 +136,7 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key, sdesc = init_sdesc(hashalg); if (IS_ERR(sdesc)) { - pr_info("trusted_key: can't alloc %s\n", hash_alg); + pr_info("can't alloc %s\n", hash_alg); return PTR_ERR(sdesc); } @@ -206,7 +208,7 @@ static int TSS_checkhmac1(unsigned char *buffer, sdesc = init_sdesc(hashalg); if (IS_ERR(sdesc)) { - pr_info("trusted_key: can't alloc %s\n", hash_alg); + pr_info("can't alloc %s\n", hash_alg); return PTR_ERR(sdesc); } ret = crypto_shash_init(&sdesc->shash); @@ -298,7 +300,7 @@ static int TSS_checkhmac2(unsigned char *buffer, sdesc = init_sdesc(hashalg); if (IS_ERR(sdesc)) { - pr_info("trusted_key: can't alloc %s\n", hash_alg); + pr_info("can't alloc %s\n", hash_alg); return PTR_ERR(sdesc); } ret = crypto_shash_init(&sdesc->shash); @@ -591,12 +593,12 @@ static int tpm_unseal(struct tpm_buf *tb, /* sessions for unsealing key and data */ ret = oiap(tb, &authhandle1, enonce1); if (ret < 0) { - pr_info("trusted_key: oiap failed (%d)\n", ret); + pr_info("oiap failed (%d)\n", ret); return ret; } ret = oiap(tb, &authhandle2, enonce2); if (ret < 0) { - pr_info("trusted_key: oiap failed (%d)\n", ret); + pr_info("oiap failed (%d)\n", ret); return ret; } @@ -604,7 +606,7 @@ static int tpm_unseal(struct tpm_buf *tb, keyhndl = htonl(SRKHANDLE); ret = tpm_get_random(TPM_ANY_NUM, nonceodd, TPM_NONCE_SIZE); if (ret != TPM_NONCE_SIZE) { - pr_info("trusted_key: tpm_get_random failed (%d)\n", ret); + pr_info("tpm_get_random failed (%d)\n", ret); return ret; } ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE, @@ -636,7 +638,7 @@ static int tpm_unseal(struct tpm_buf *tb, ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE); if (ret < 0) { - pr_info("trusted_key: authhmac failed (%d)\n", ret); + pr_info("authhmac failed (%d)\n", ret); return ret; } @@ -648,7 +650,7 @@ static int tpm_unseal(struct tpm_buf *tb, *datalen, TPM_DATA_OFFSET + sizeof(uint32_t), 0, 0); if (ret < 0) { - pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret); + pr_info("TSS_checkhmac2 failed (%d)\n", ret); return ret; } memcpy(data, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t), *datalen); @@ -675,7 +677,7 @@ static int key_seal(struct trusted_key_payload *p, p->key, p->key_len + 1, p->blob, &p->blob_len, o->blobauth, o->pcrinfo, o->pcrinfo_len); if (ret < 0) - pr_info("trusted_key: srkseal failed (%d)\n", ret); + pr_info("srkseal failed (%d)\n", ret); kfree(tb); return ret; @@ -697,7 +699,7 @@ static int key_unseal(struct trusted_key_payload *p, ret = tpm_unseal(tb, o->keyhandle, o->keyauth, p->blob, p->blob_len, o->blobauth, p->key, &p->key_len); if (ret < 0) - pr_info("trusted_key: srkunseal failed (%d)\n", ret); + pr_info("srkunseal failed (%d)\n", ret); else /* pull migratable flag out of sealed key */ p->migratable = p->key[--p->key_len]; @@ -941,18 +943,18 @@ static int trusted_instantiate(struct key *key, dump_payload(payload); dump_options(options); if (ret < 0) - pr_info("trusted_key: key_unseal failed (%d)\n", ret); + pr_info("key_unseal failed (%d)\n", ret); break; case Opt_new: key_len = payload->key_len; ret = tpm_get_random(TPM_ANY_NUM, payload->key, key_len); if (ret != key_len) { - pr_info("trusted_key: key_create failed (%d)\n", ret); + pr_info("key_create failed (%d)\n", ret); goto out; } ret = key_seal(payload, options); if (ret < 0) - pr_info("trusted_key: key_seal failed (%d)\n", ret); + pr_info("key_seal failed (%d)\n", ret); break; default: ret = -EINVAL; @@ -1027,14 +1029,14 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep) ret = key_seal(new_p, new_o); if (ret < 0) { - pr_info("trusted_key: key_seal failed (%d)\n", ret); + pr_info("key_seal failed (%d)\n", ret); kfree(new_p); goto out; } if (new_o->pcrlock) { ret = pcrlock(new_o->pcrlock); if (ret < 0) { - pr_info("trusted_key: pcrlock failed (%d)\n", ret); + pr_info("pcrlock failed (%d)\n", ret); kfree(new_p); goto out; } @@ -1118,15 +1120,13 @@ static int __init trusted_shash_alloc(void) hmacalg = crypto_alloc_shash(hmac_alg, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(hmacalg)) { - pr_info("trusted_key: could not allocate crypto %s\n", - hmac_alg); + pr_info("could not allocate crypto %s\n", hmac_alg); return PTR_ERR(hmacalg); } hashalg = crypto_alloc_shash(hash_alg, 0, CRYPTO_ALG_ASYNC); if (IS_ERR(hashalg)) { - pr_info("trusted_key: could not allocate crypto %s\n", - hash_alg); + pr_info("could not allocate crypto %s\n", hash_alg); ret = PTR_ERR(hashalg); goto hashalg_fail; } diff --git a/security/keys/trusted.h b/security/keys/trusted.h index 3249fbd..babe4fb 100644 --- a/security/keys/trusted.h +++ b/security/keys/trusted.h @@ -51,33 +51,33 @@ struct trusted_key_options { #if TPM_DEBUG static inline void dump_options(struct trusted_key_options *o) { - pr_info("trusted_key: sealing key type %d\n", o->keytype); - pr_info("trusted_key: sealing key handle %0X\n", o->keyhandle); - pr_info("trusted_key: pcrlock %d\n", o->pcrlock); - pr_info("trusted_key: pcrinfo %d\n", o->pcrinfo_len); + pr_info("sealing key type %d\n", o->keytype); + pr_info("sealing key handle %0X\n", o->keyhandle); + pr_info("pcrlock %d\n", o->pcrlock); + pr_info("pcrinfo %d\n", o->pcrinfo_len); print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE, 16, 1, o->pcrinfo, o->pcrinfo_len, 0); } static inline void dump_payload(struct trusted_key_payload *p) { - pr_info("trusted_key: key_len %d\n", p->key_len); + pr_info("key_len %d\n", p->key_len); print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE, 16, 1, p->key, p->key_len, 0); - pr_info("trusted_key: bloblen %d\n", p->blob_len); + pr_info("bloblen %d\n", p->blob_len); print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE, 16, 1, p->blob, p->blob_len, 0); - pr_info("trusted_key: migratable %d\n", p->migratable); + pr_info("migratable %d\n", p->migratable); } static inline void dump_sess(struct osapsess *s) { print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE, 16, 1, &s->handle, 4, 0); - pr_info("trusted-key: secret:\n"); + pr_info("secret:\n"); print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, &s->secret, SHA1_DIGEST_SIZE, 0); - pr_info("trusted-key: enonce:\n"); + pr_info("enonce:\n"); print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0); } @@ -86,7 +86,7 @@ static inline void dump_tpm_buf(unsigned char *buf) { int len; - pr_info("\ntrusted-key: tpm buffer\n"); + pr_info("tpm buffer\n"); len = LOAD32(buf, TPM_SIZE_OFFSET); print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0); } -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* [PATCH 5/8] security: selinux: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches ` (3 preceding siblings ...) 2014-02-24 21:59 ` [PATCH 4/8] security: keys: " Joe Perches @ 2014-02-24 21:59 ` Joe Perches 2014-02-25 20:05 ` Paul Moore 2014-02-24 21:59 ` [PATCH 6/8] security: smack: " Joe Perches ` (2 subsequent siblings) 7 siblings, 1 reply; 25+ messages in thread From: Joe Perches @ 2014-02-24 21:59 UTC (permalink / raw) To: linux-kernel Cc: Paul Moore, Stephen Smalley, Eric Paris, James Morris, selinux, linux-security-module Convert printk to pr_<level>. Add pr_fmt. Coalesce formats, add missing space where appropriate. Standardize on one space after "SELinux: " prefix. Signed-off-by: Joe Perches <joe@perches.com> --- security/selinux/avc.c | 7 +- security/selinux/hooks.c | 130 ++++++++++++++++---------------------- security/selinux/netif.c | 14 ++-- security/selinux/netlink.c | 5 +- security/selinux/netnode.c | 6 +- security/selinux/netport.c | 7 +- security/selinux/selinuxfs.c | 19 +++--- security/selinux/ss/avtab.c | 39 ++++++------ security/selinux/ss/conditional.c | 18 +++--- security/selinux/ss/ebitmap.c | 21 +++--- security/selinux/ss/policydb.c | 109 ++++++++++++++------------------ security/selinux/ss/services.c | 101 ++++++++++++----------------- security/selinux/ss/sidtab.c | 8 ++- 13 files changed, 220 insertions(+), 264 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index fc3e662..f9bb683 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -13,6 +13,9 @@ * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ + +#define pr_fmt(fmt) "SELinux: " KBUILD_MODNAME ": " fmt + #include <linux/types.h> #include <linux/stddef.h> #include <linux/kernel.h> @@ -348,8 +351,8 @@ static int avc_latest_notif_update(int seqno, int is_insert) spin_lock_irqsave(¬if_lock, flag); if (is_insert) { if (seqno < avc_cache.latest_notif) { - printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n", - seqno, avc_cache.latest_notif); + pr_warn("seqno %d < latest_notif %d\n", + seqno, avc_cache.latest_notif); ret = -EAGAIN; } } else { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index d07413d..49a4a3d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -23,6 +23,8 @@ * as published by the Free Software Foundation. */ +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/init.h> #include <linux/kd.h> #include <linux/kernel.h> @@ -353,7 +355,7 @@ static const match_table_t tokens = { {Opt_error, NULL}, }; -#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n" +#define SEL_MOUNT_FAIL_MSG "duplicate or incompatible mount options\n" static int may_context_mount_sb_relabel(u32 sid, struct superblock_security_struct *sbsec, @@ -425,27 +427,25 @@ static int sb_finish_set_opts(struct super_block *sb) the first boot of the SELinux kernel before we have assigned xattr values to the filesystem. */ if (!root_inode->i_op->getxattr) { - printk(KERN_WARNING "SELinux: (dev %s, type %s) has no " - "xattr support\n", sb->s_id, sb->s_type->name); + pr_warn("(dev %s, type %s) has no xattr support\n", + sb->s_id, sb->s_type->name); rc = -EOPNOTSUPP; goto out; } rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0); if (rc < 0 && rc != -ENODATA) { if (rc == -EOPNOTSUPP) - printk(KERN_WARNING "SELinux: (dev %s, type " - "%s) has no security xattr handler\n", - sb->s_id, sb->s_type->name); + pr_warn("(dev %s, type %s) has no security xattr handler\n", + sb->s_id, sb->s_type->name); else - printk(KERN_WARNING "SELinux: (dev %s, type " - "%s) getxattr errno %d\n", sb->s_id, - sb->s_type->name, -rc); + pr_warn("(dev %s, type %s) getxattr errno %d\n", + sb->s_id, sb->s_type->name, -rc); goto out; } } if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) - printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n", + pr_err("initialized (dev %s, type %s), unknown behavior\n", sb->s_id, sb->s_type->name); else printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n", @@ -631,8 +631,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, goto out; } rc = -EINVAL; - printk(KERN_WARNING "SELinux: Unable to set superblock options " - "before the security server is initialized\n"); + pr_warn("Unable to set superblock options before the security server is initialized\n"); goto out; } if (kern_flags && !set_kern_flags) { @@ -670,9 +669,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, rc = security_context_to_sid(mount_options[i], strlen(mount_options[i]), &sid); if (rc) { - printk(KERN_WARNING "SELinux: security_context_to_sid" - "(%s) failed for (dev %s, type %s) errno=%d\n", - mount_options[i], sb->s_id, name, rc); + pr_warn("security_context_to_sid(%s) failed for (dev %s, type %s) errno=%d\n", + mount_options[i], sb->s_id, name, rc); goto out; } switch (flags[i]) { @@ -738,9 +736,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, */ rc = security_fs_use(sb); if (rc) { - printk(KERN_WARNING - "%s: security_fs_use(%s) returned %d\n", - __func__, sb->s_type->name, rc); + pr_warn("%s: security_fs_use(%s) returned %d\n", + __func__, sb->s_type->name, rc); goto out; } } @@ -797,8 +794,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, if (sbsec->behavior != SECURITY_FS_USE_XATTR && sbsec->behavior != SECURITY_FS_USE_NATIVE) { rc = -EINVAL; - printk(KERN_WARNING "SELinux: defcontext option is " - "invalid for this filesystem type\n"); + pr_warn("defcontext option is invalid for this filesystem type\n"); goto out; } @@ -818,8 +814,8 @@ out: return rc; out_double_mount: rc = -EINVAL; - printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different " - "security settings for (dev %s, type %s)\n", sb->s_id, name); + pr_warn("mount invalid - same superblock, different security settings for (dev %s, type %s)\n", + sb->s_id, name); goto out; } @@ -847,9 +843,8 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, } return 0; mismatch: - printk(KERN_WARNING "SELinux: mount invalid. Same superblock, " - "different security settings for (dev %s, " - "type %s)\n", newsb->s_id, newsb->s_type->name); + pr_warn("mount invalid - same superblock, different security settings for (dev %s, type %s)\n", + newsb->s_id, newsb->s_type->name); return -EBUSY; } @@ -935,7 +930,7 @@ static int selinux_parse_opts_str(char *options, case Opt_context: if (context || defcontext) { rc = -EINVAL; - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); + pr_warn(SEL_MOUNT_FAIL_MSG); goto out_err; } context = match_strdup(&args[0]); @@ -948,7 +943,7 @@ static int selinux_parse_opts_str(char *options, case Opt_fscontext: if (fscontext) { rc = -EINVAL; - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); + pr_warn(SEL_MOUNT_FAIL_MSG); goto out_err; } fscontext = match_strdup(&args[0]); @@ -961,7 +956,7 @@ static int selinux_parse_opts_str(char *options, case Opt_rootcontext: if (rootcontext) { rc = -EINVAL; - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); + pr_warn(SEL_MOUNT_FAIL_MSG); goto out_err; } rootcontext = match_strdup(&args[0]); @@ -974,7 +969,7 @@ static int selinux_parse_opts_str(char *options, case Opt_defcontext: if (context || defcontext) { rc = -EINVAL; - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG); + pr_warn(SEL_MOUNT_FAIL_MSG); goto out_err; } defcontext = match_strdup(&args[0]); @@ -987,7 +982,7 @@ static int selinux_parse_opts_str(char *options, break; default: rc = -EINVAL; - printk(KERN_WARNING "SELinux: unknown mount option\n"); + pr_warn("unknown mount option\n"); goto out_err; } @@ -1359,9 +1354,9 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent dput(dentry); if (rc < 0) { if (rc != -ENODATA) { - printk(KERN_WARNING "SELinux: %s: getxattr returned " - "%d for dev=%s ino=%ld\n", __func__, - -rc, inode->i_sb->s_id, inode->i_ino); + pr_warn("%s: getxattr returned %d for dev=%s ino=%ld\n", + __func__, + -rc, inode->i_sb->s_id, inode->i_ino); kfree(context); goto out_unlock; } @@ -1378,13 +1373,12 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent if (rc == -EINVAL) { if (printk_ratelimit()) - printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid " - "context=%s. This indicates you may need to relabel the inode or the " - "filesystem in question.\n", ino, dev, context); + pr_notice("inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n", + ino, dev, context); } else { - printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) " - "returned %d for dev=%s ino=%ld\n", - __func__, context, -rc, dev, ino); + pr_warn("%s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n", + __func__, + context, -rc, dev, ino); } kfree(context); /* Leave with the unlabeled SID */ @@ -1543,8 +1537,7 @@ static int cred_has_capability(const struct cred *cred, sclass = SECCLASS_CAPABILITY2; break; default: - printk(KERN_ERR - "SELinux: out of range capability %d\n", cap); + pr_err("out of range capability %d\n", cap); BUG(); return -EINVAL; } @@ -1762,8 +1755,7 @@ static int may_link(struct inode *dir, av = DIR__RMDIR; break; default: - printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", - __func__, kind); + pr_warn("%s: unrecognized kind %d\n", __func__, kind); return 0; } @@ -2491,9 +2483,9 @@ static int selinux_sb_remount(struct super_block *sb, void *data) len = strlen(mount_options[i]); rc = security_context_to_sid(mount_options[i], len, &sid); if (rc) { - printk(KERN_WARNING "SELinux: security_context_to_sid" - "(%s) failed for (dev %s, type %s) errno=%d\n", - mount_options[i], sb->s_id, sb->s_type->name, rc); + pr_warn("security_context_to_sid(%s) failed for (dev %s, type %s) errno=%d\n", + mount_options[i], sb->s_id, sb->s_type->name, + rc); goto out_free_opts; } rc = -EINVAL; @@ -2530,9 +2522,8 @@ out_free_secdata: free_secdata(secdata); return rc; out_bad_option: - printk(KERN_WARNING "SELinux: unable to change security options " - "during remount (dev %s, type=%s)\n", sb->s_id, - sb->s_type->name); + pr_warn("unable to change security options during remount (dev %s, type=%s)\n", + sb->s_id, sb->s_type->name); goto out_free_opts; } @@ -2624,9 +2615,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, name, &newsid); if (rc) { - printk(KERN_WARNING - "%s: security_transition_sid failed, rc=%d\n", - __func__, -rc); + pr_warn("%s: security_transition_sid failed, rc=%d\n", + __func__, -rc); return rc; } } @@ -2660,11 +2650,8 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, inode_mode_to_security_class(inode->i_mode), qstr, &newsid); if (rc) { - printk(KERN_WARNING "%s: " - "security_transition_sid failed, rc=%d (dev=%s " - "ino=%ld)\n", - __func__, - -rc, inode->i_sb->s_id, inode->i_ino); + pr_warn("%s: security_transition_sid failed, rc=%d (dev=%s ino=%ld)\n", + __func__, -rc, inode->i_sb->s_id, inode->i_ino); return rc; } } @@ -2957,8 +2944,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, rc = security_context_to_sid_force(value, size, &newsid); if (rc) { - printk(KERN_ERR "SELinux: unable to map context to SID" - "for (%s, %lu), rc=%d\n", + pr_err("unable to map context to SID for (%s, %lu), rc=%d\n", inode->i_sb->s_id, inode->i_ino, -rc); return; } @@ -3810,9 +3796,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad, } parse_error: - printk(KERN_WARNING - "SELinux: failure in selinux_parse_skb()," - " unable to parse packet\n"); + pr_warn("failure in selinux_parse_skb(), unable to parse packet\n"); return ret; okay: @@ -3852,9 +3836,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid); if (unlikely(err)) { - printk(KERN_WARNING - "SELinux: failure in selinux_skb_peerlbl_sid()," - " unable to determine packet's peer label\n"); + pr_warn("failure in selinux_skb_peerlbl_sid(), unable to determine packet's peer label\n"); return -EACCES; } @@ -5956,11 +5938,11 @@ static __init int selinux_init(void) } if (!selinux_enabled) { - printk(KERN_INFO "SELinux: Disabled at boot.\n"); + pr_info("Disabled at boot\n"); return 0; } - printk(KERN_INFO "SELinux: Initializing.\n"); + pr_info("Initializing\n"); /* Set the security state for the initial task. */ cred_init_security(); @@ -5976,9 +5958,9 @@ static __init int selinux_init(void) panic("SELinux: Unable to register with kernel.\n"); if (selinux_enforcing) - printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); + printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); else - printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); + printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); return 0; } @@ -5990,10 +5972,10 @@ static void delayed_superblock_init(struct super_block *sb, void *unused) void selinux_complete_init(void) { - printk(KERN_DEBUG "SELinux: Completing initialization.\n"); + printk(KERN_DEBUG "SELinux: Completing initialization\n"); /* Set up any superblocks initialized prior to the policy load. */ - printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); + printk(KERN_DEBUG "SELinux: Setting up existing superblocks\n"); iterate_supers(delayed_superblock_init, NULL); } @@ -6055,7 +6037,7 @@ static int __init selinux_nf_ip_init(void) if (!selinux_enabled) goto out; - printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); + printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); if (err) @@ -6076,7 +6058,7 @@ __initcall(selinux_nf_ip_init); #ifdef CONFIG_SECURITY_SELINUX_DISABLE static void selinux_nf_ip_exit(void) { - printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); + printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) @@ -6108,7 +6090,7 @@ int selinux_disable(void) return -EINVAL; } - printk(KERN_INFO "SELinux: Disabled at runtime.\n"); + pr_info("Disabled at runtime\n"); selinux_disabled = 1; selinux_enabled = 0; diff --git a/security/selinux/netif.c b/security/selinux/netif.c index 694e9e4..17001cc 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -14,6 +14,9 @@ * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ + +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/init.h> #include <linux/types.h> #include <linux/slab.h> @@ -142,9 +145,8 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid) dev = dev_get_by_index(&init_net, ifindex); if (unlikely(dev == NULL)) { - printk(KERN_WARNING - "SELinux: failure in sel_netif_sid_slow()," - " invalid network interface (%d)\n", ifindex); + pr_warn("failure in sel_netif_sid_slow(), invalid network interface (%d)\n", + ifindex); return -ENOENT; } @@ -173,10 +175,8 @@ out: spin_unlock_bh(&sel_netif_lock); dev_put(dev); if (unlikely(ret)) { - printk(KERN_WARNING - "SELinux: failure in sel_netif_sid_slow()," - " unable to determine network interface label (%d)\n", - ifindex); + pr_warn("failure in sel_netif_sid_slow(), unable to determine network interface label (%d)\n", + ifindex); kfree(new); } return ret; diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index 828fb6a..50bc253 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c @@ -9,6 +9,9 @@ * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ + +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/init.h> #include <linux/types.h> #include <linux/slab.h> @@ -94,7 +97,7 @@ out: out_kfree_skb: kfree_skb(skb); oom: - printk(KERN_ERR "SELinux: OOM in %s\n", __func__); + pr_err("OOM in %s\n", __func__); goto out; } diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 03a72c3..9f8fd79 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c @@ -28,6 +28,8 @@ * */ +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/types.h> #include <linux/rcupdate.h> #include <linux/list.h> @@ -238,9 +240,7 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid) out: spin_unlock_bh(&sel_netnode_lock); if (unlikely(ret)) { - printk(KERN_WARNING - "SELinux: failure in sel_netnode_sid_slow()," - " unable to determine network node label\n"); + pr_warn("failure in sel_netnode_sid_slow(), unable to determine network node label\n"); kfree(new); } return ret; diff --git a/security/selinux/netport.c b/security/selinux/netport.c index d353797..20a4ed0 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c @@ -12,7 +12,6 @@ * (see security/selinux/netif.c for more information) * */ - /* * (c) Copyright Hewlett-Packard Development Company, L.P., 2008 * @@ -27,6 +26,8 @@ * */ +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/types.h> #include <linux/rcupdate.h> #include <linux/list.h> @@ -173,9 +174,7 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid) out: spin_unlock_bh(&sel_netport_lock); if (unlikely(ret)) { - printk(KERN_WARNING - "SELinux: failure in sel_netport_sid_slow()," - " unable to determine network port label\n"); + pr_warn("failure in sel_netport_sid_slow(), unable to determine network port label\n"); kfree(new); } return ret; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 170b4b1..78ced2a 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -14,6 +14,8 @@ * the Free Software Foundation, version 2. */ +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/kernel.h> #include <linux/pagemap.h> #include <linux/slab.h> @@ -586,8 +588,8 @@ static ssize_t sel_write_context(struct file *file, char *buf, size_t size) length = -ERANGE; if (len > SIMPLE_TRANSACTION_LIMIT) { - printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " - "payload max\n", __func__, len); + pr_err("%s: context size (%u) exceeds payload max\n", + __func__, len); goto out; } @@ -836,8 +838,8 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) length = -ERANGE; if (len > SIMPLE_TRANSACTION_LIMIT) { - printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " - "payload max\n", __func__, len); + pr_err("%s: context size (%u) exceeds payload max\n", + __func__, len); goto out; } @@ -1012,8 +1014,8 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size) length = -ERANGE; if (len > SIMPLE_TRANSACTION_LIMIT) { - printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " - "payload max\n", __func__, len); + pr_err("%s: context size (%u) exceeds payload max\n", + __func__, len); goto out; } @@ -1873,8 +1875,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent) } return 0; err: - printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", - __func__); + pr_err("%s: failed while creating inodes\n", __func__); return ret; } @@ -1912,7 +1913,7 @@ static int __init init_sel_fs(void) selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); if (IS_ERR(selinuxfs_mount)) { - printk(KERN_ERR "selinuxfs: could not mount!\n"); + pr_err("selinuxfs: could not mount!\n"); err = PTR_ERR(selinuxfs_mount); selinuxfs_mount = NULL; } diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index a3dd9fa..b805fe2 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -17,6 +17,8 @@ * Tuned number of hash slots for avtab to reduce memory usage */ +#define pr_fmt(fmt) "SELinux: avtab: " fmt + #include <linux/kernel.h> #include <linux/slab.h> #include <linux/errno.h> @@ -343,18 +345,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, if (vers < POLICYDB_VERSION_AVTAB) { rc = next_entry(buf32, fp, sizeof(u32)); if (rc) { - printk(KERN_ERR "SELinux: avtab: truncated entry\n"); + pr_err("truncated entry\n"); return rc; } items2 = le32_to_cpu(buf32[0]); if (items2 > ARRAY_SIZE(buf32)) { - printk(KERN_ERR "SELinux: avtab: entry overflow\n"); + pr_err("entry overflow\n"); return -EINVAL; } rc = next_entry(buf32, fp, sizeof(u32)*items2); if (rc) { - printk(KERN_ERR "SELinux: avtab: truncated entry\n"); + pr_err("truncated entry\n"); return rc; } items = 0; @@ -362,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, val = le32_to_cpu(buf32[items++]); key.source_type = (u16)val; if (key.source_type != val) { - printk(KERN_ERR "SELinux: avtab: truncated source type\n"); + pr_err("truncated source type\n"); return -EINVAL; } val = le32_to_cpu(buf32[items++]); key.target_type = (u16)val; if (key.target_type != val) { - printk(KERN_ERR "SELinux: avtab: truncated target type\n"); + pr_err("truncated target type\n"); return -EINVAL; } val = le32_to_cpu(buf32[items++]); key.target_class = (u16)val; if (key.target_class != val) { - printk(KERN_ERR "SELinux: avtab: truncated target class\n"); + pr_err("truncated target class\n"); return -EINVAL; } @@ -382,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; if (!(val & (AVTAB_AV | AVTAB_TYPE))) { - printk(KERN_ERR "SELinux: avtab: null entry\n"); + pr_err("null entry\n"); return -EINVAL; } if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) { - printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n"); + pr_err("entry has both access vectors and types\n"); return -EINVAL; } @@ -402,7 +404,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, } if (items != items2) { - printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items); + pr_err("entry only had %d items, expected %d\n", + items2, items); return -EINVAL; } return 0; @@ -410,7 +413,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, rc = next_entry(buf16, fp, sizeof(u16)*4); if (rc) { - printk(KERN_ERR "SELinux: avtab: truncated entry\n"); + pr_err("truncated entry\n"); return rc; } @@ -423,7 +426,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, if (!policydb_type_isvalid(pol, key.source_type) || !policydb_type_isvalid(pol, key.target_type) || !policydb_class_isvalid(pol, key.target_class)) { - printk(KERN_ERR "SELinux: avtab: invalid type or class\n"); + pr_err("invalid type or class\n"); return -EINVAL; } @@ -433,19 +436,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, set++; } if (!set || set > 1) { - printk(KERN_ERR "SELinux: avtab: more than one specifier\n"); + pr_err("more than one specifier\n"); return -EINVAL; } rc = next_entry(buf32, fp, sizeof(u32)); if (rc) { - printk(KERN_ERR "SELinux: avtab: truncated entry\n"); + pr_err("truncated entry\n"); return rc; } datum.data = le32_to_cpu(*buf32); if ((key.specified & AVTAB_TYPE) && !policydb_type_isvalid(pol, datum.data)) { - printk(KERN_ERR "SELinux: avtab: invalid type\n"); + pr_err("invalid type\n"); return -EINVAL; } return insertf(a, &key, &datum, p); @@ -466,12 +469,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) rc = next_entry(buf, fp, sizeof(u32)); if (rc < 0) { - printk(KERN_ERR "SELinux: avtab: truncated table\n"); + pr_err("truncated table\n"); goto bad; } nel = le32_to_cpu(buf[0]); if (!nel) { - printk(KERN_ERR "SELinux: avtab: table is empty\n"); + pr_err("table is empty\n"); rc = -EINVAL; goto bad; } @@ -484,9 +487,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL); if (rc) { if (rc == -ENOMEM) - printk(KERN_ERR "SELinux: avtab: out of memory\n"); + pr_err("out of memory\n"); else if (rc == -EEXIST) - printk(KERN_ERR "SELinux: avtab: duplicate entry\n"); + pr_err("duplicate entry\n"); goto bad; } diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 377d148..9bb2dde 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -7,6 +7,8 @@ * the Free Software Foundation, version 2. */ +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/kernel.h> #include <linux/errno.h> #include <linux/string.h> @@ -95,7 +97,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node) if (new_state != node->cur_state) { node->cur_state = new_state; if (new_state == -1) - printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n"); + pr_err("expression result was undefined - disabling all rules\n"); /* turn the rules on or off */ for (cur = node->true_list; cur; cur = cur->next) { if (new_state <= 0) @@ -283,7 +285,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum */ if (k->specified & AVTAB_TYPE) { if (avtab_search(&p->te_avtab, k)) { - printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n"); + pr_err("type rule already exists outside of a conditional\n"); goto err; } /* @@ -298,7 +300,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum node_ptr = avtab_search_node(&p->te_cond_avtab, k); if (node_ptr) { if (avtab_search_node_next(node_ptr, k->specified)) { - printk(KERN_ERR "SELinux: too many conflicting type rules.\n"); + pr_err("too many conflicting type rules\n"); goto err; } found = 0; @@ -309,13 +311,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum } } if (!found) { - printk(KERN_ERR "SELinux: conflicting type rules.\n"); + pr_err("conflicting type rules\n"); goto err; } } } else { if (avtab_search(&p->te_cond_avtab, k)) { - printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n"); + pr_err("conflicting type rules when adding type rule for true\n"); goto err; } } @@ -323,7 +325,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); if (!node_ptr) { - printk(KERN_ERR "SELinux: could not insert rule.\n"); + pr_err("could not insert rule\n"); rc = -ENOMEM; goto err; } @@ -384,12 +386,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * static int expr_isvalid(struct policydb *p, struct cond_expr *expr) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { - printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n"); + pr_err("conditional expressions uses unknown operator\n"); return 0; } if (expr->bool > p->p_bools.nprim) { - printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n"); + pr_err("conditional expressions uses unknown bool\n"); return 0; } return 1; diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 820313a..0ea9bbc 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -15,6 +15,8 @@ * Applied standard bit operations to improve bitmap scanning. */ +#define pr_fmt(fmt) "SELinux: ebitmap: " fmt + #include <linux/kernel.h> #include <linux/slab.h> #include <linux/errno.h> @@ -382,8 +384,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) count = le32_to_cpu(buf[2]); if (mapunit != BITS_PER_U64) { - printk(KERN_ERR "SELinux: ebitmap: map size %u does not " - "match my size %Zd (high bit was %d)\n", + pr_err("map size %u does not match my size %Zd (high bit was %d)\n", mapunit, BITS_PER_U64, e->highbit); goto bad; } @@ -400,20 +401,18 @@ int ebitmap_read(struct ebitmap *e, void *fp) for (i = 0; i < count; i++) { rc = next_entry(&startbit, fp, sizeof(u32)); if (rc < 0) { - printk(KERN_ERR "SELinux: ebitmap: truncated map\n"); + pr_err("truncated map\n"); goto bad; } startbit = le32_to_cpu(startbit); if (startbit & (mapunit - 1)) { - printk(KERN_ERR "SELinux: ebitmap start bit (%d) is " - "not a multiple of the map unit size (%u)\n", + pr_err("start bit (%d) is not a multiple of the map unit size (%u)\n", startbit, mapunit); goto bad; } if (startbit > e->highbit - mapunit) { - printk(KERN_ERR "SELinux: ebitmap start bit (%d) is " - "beyond the end of the bitmap (%u)\n", + pr_err("start bit (%d) is beyond the end of the bitmap (%u)\n", startbit, (e->highbit - mapunit)); goto bad; } @@ -422,8 +421,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) struct ebitmap_node *tmp; tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); if (!tmp) { - printk(KERN_ERR - "SELinux: ebitmap: out of memory\n"); + pr_err("out of memory\n"); rc = -ENOMEM; goto bad; } @@ -435,15 +433,14 @@ int ebitmap_read(struct ebitmap *e, void *fp) e->node = tmp; n = tmp; } else if (startbit <= n->startbit) { - printk(KERN_ERR "SELinux: ebitmap: start bit %d" - " comes after start bit %d\n", + pr_err("start bit %d comes after start bit %d\n", startbit, n->startbit); goto bad; } rc = next_entry(&map, fp, sizeof(u64)); if (rc < 0) { - printk(KERN_ERR "SELinux: ebitmap: truncated map\n"); + pr_err("truncated map\n"); goto bad; } map = le64_to_cpu(map); diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index c0f4988..ff9e193 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -25,6 +25,8 @@ * the Free Software Foundation, version 2. */ +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/kernel.h> #include <linux/sched.h> #include <linux/slab.h> @@ -515,14 +517,14 @@ static int policydb_index(struct policydb *p) { int i, rc; - printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", + printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); if (p->mls_enabled) printk(", %d sens, %d cats", p->p_levels.nprim, p->p_cats.nprim); printk("\n"); - printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", + printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", p->p_classes.nprim, p->te_avtab.nel); #ifdef DEBUG_HASHES @@ -886,7 +888,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) rc = sidtab_init(s); if (rc) { - printk(KERN_ERR "SELinux: out of memory on SID table init\n"); + pr_err("out of memory on SID table init\n"); goto out; } @@ -894,15 +896,13 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) for (c = head; c; c = c->next) { rc = -EINVAL; if (!c->context[0].user) { - printk(KERN_ERR "SELinux: SID %s was never defined.\n", - c->u.name); + pr_err("SID %s was never defined\n", c->u.name); goto out; } rc = sidtab_insert(s, c->sid[0], &c->context[0]); if (rc) { - printk(KERN_ERR "SELinux: unable to load initial SID %s.\n", - c->u.name); + pr_err("unable to load initial SID %s\n", c->u.name); goto out; } } @@ -994,13 +994,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp) rc = -EINVAL; items = le32_to_cpu(buf[0]); if (items > ARRAY_SIZE(buf)) { - printk(KERN_ERR "SELinux: mls: range overflow\n"); + pr_err("mls: range overflow\n"); goto out; } rc = next_entry(buf, fp, sizeof(u32) * items); if (rc) { - printk(KERN_ERR "SELinux: mls: truncated range\n"); + pr_err("mls: truncated range\n"); goto out; } @@ -1012,19 +1012,19 @@ static int mls_read_range_helper(struct mls_range *r, void *fp) rc = ebitmap_read(&r->level[0].cat, fp); if (rc) { - printk(KERN_ERR "SELinux: mls: error reading low categories\n"); + pr_err("mls: error reading low categories\n"); goto out; } if (items > 1) { rc = ebitmap_read(&r->level[1].cat, fp); if (rc) { - printk(KERN_ERR "SELinux: mls: error reading high categories\n"); + pr_err("mls: error reading high categories\n"); goto bad_high; } } else { rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); if (rc) { - printk(KERN_ERR "SELinux: mls: out of memory\n"); + pr_err("mls: out of memory\n"); goto bad_high; } } @@ -1049,7 +1049,7 @@ static int context_read_and_validate(struct context *c, rc = next_entry(buf, fp, sizeof buf); if (rc) { - printk(KERN_ERR "SELinux: context truncated\n"); + pr_err("context truncated\n"); goto out; } c->user = le32_to_cpu(buf[0]); @@ -1058,14 +1058,14 @@ static int context_read_and_validate(struct context *c, if (p->policyvers >= POLICYDB_VERSION_MLS) { rc = mls_read_range_helper(&c->range, fp); if (rc) { - printk(KERN_ERR "SELinux: error reading MLS range of context\n"); + pr_err("error reading MLS range of context\n"); goto out; } } rc = -EINVAL; if (!policydb_context_isvalid(p, c)) { - printk(KERN_ERR "SELinux: invalid security context\n"); + pr_err("invalid security context\n"); context_destroy(c); goto out; } @@ -1344,7 +1344,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) rc = -EINVAL; cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey); if (!cladatum->comdatum) { - printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey); + pr_err("unknown common %s\n", cladatum->comkey); goto bad; } } @@ -1443,7 +1443,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) if (strcmp(key, OBJECT_R) == 0) { rc = -EINVAL; if (role->value != OBJECT_R_VAL) { - printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", + pr_err("Role %s has wrong value %d\n", OBJECT_R, role->value); goto bad; } @@ -1527,14 +1527,14 @@ static int mls_read_level(struct mls_level *lp, void *fp) rc = next_entry(buf, fp, sizeof buf); if (rc) { - printk(KERN_ERR "SELinux: mls: truncated level\n"); + pr_err("mls: truncated level\n"); return rc; } lp->sens = le32_to_cpu(buf[0]); rc = ebitmap_read(&lp->cat, fp); if (rc) { - printk(KERN_ERR "SELinux: mls: error reading level categories\n"); + pr_err("mls: error reading level categories\n"); return rc; } return 0; @@ -1706,8 +1706,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) unsigned long bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { - printk(KERN_ERR "SELinux: user %s: " - "too deep or looped boundary", + pr_err("user %s: too deep or looped boundary\n", (char *) key); return -EINVAL; } @@ -1717,9 +1716,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) if (ebitmap_get_bit(&upper->roles, bit)) continue; - printk(KERN_ERR - "SELinux: boundary violated policy: " - "user=%s role=%s bounds=%s\n", + pr_err("boundary violated policy: user=%s role=%s bounds=%s\n", sym_name(p, SYM_USERS, user->value - 1), sym_name(p, SYM_ROLES, bit), sym_name(p, SYM_USERS, upper->value - 1)); @@ -1743,8 +1740,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) unsigned long bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { - printk(KERN_ERR "SELinux: role %s: " - "too deep or looped bounds\n", + pr_err("role %s: too deep or looped bounds\n", (char *) key); return -EINVAL; } @@ -1754,9 +1750,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) if (ebitmap_get_bit(&upper->types, bit)) continue; - printk(KERN_ERR - "SELinux: boundary violated policy: " - "role=%s type=%s bounds=%s\n", + pr_err("boundary violated policy: role=%s type=%s bounds=%s\n", sym_name(p, SYM_ROLES, role->value - 1), sym_name(p, SYM_TYPES, bit), sym_name(p, SYM_ROLES, upper->value - 1)); @@ -1777,8 +1771,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap) upper = datum; while (upper->bounds) { if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { - printk(KERN_ERR "SELinux: type %s: " - "too deep or looped boundary\n", + pr_err("type %s: too deep or looped boundary\n", (char *) key); return -EINVAL; } @@ -1788,8 +1781,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap) BUG_ON(!upper); if (upper->attribute) { - printk(KERN_ERR "SELinux: type %s: " - "bounded by attribute %s", + pr_err("type %s: bounded by attribute %s\n", (char *) key, sym_name(p, SYM_TYPES, upper->value - 1)); return -EINVAL; @@ -1911,7 +1903,7 @@ static int range_read(struct policydb *p, void *fp) rc = -EINVAL; if (!mls_range_isvalid(p, r)) { - printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); + pr_warn("rangetrans: invalid range\n"); goto out; } @@ -2060,7 +2052,7 @@ static int genfs_read(struct policydb *p, void *fp) genfs_p = genfs, genfs = genfs->next) { rc = -EINVAL; if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { - printk(KERN_ERR "SELinux: dup genfs fstype %s\n", + pr_err("dup genfs fstype %s\n", newgenfs->fstype); goto out; } @@ -2116,7 +2108,7 @@ static int genfs_read(struct policydb *p, void *fp) if (!strcmp(newc->u.name, c->u.name) && (!c->v.sclass || !newc->v.sclass || newc->v.sclass == c->v.sclass)) { - printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n", + pr_err("dup genfs entry (%s,%s)\n", genfs->fstype, c->u.name); goto out; } @@ -2303,8 +2295,7 @@ int policydb_read(struct policydb *p, void *fp) rc = -EINVAL; if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { - printk(KERN_ERR "SELinux: policydb magic number 0x%x does " - "not match expected magic number 0x%x\n", + pr_err("policydb magic number 0x%x does not match expected magic number 0x%x\n", le32_to_cpu(buf[0]), POLICYDB_MAGIC); goto bad; } @@ -2312,8 +2303,7 @@ int policydb_read(struct policydb *p, void *fp) rc = -EINVAL; len = le32_to_cpu(buf[1]); if (len != strlen(POLICYDB_STRING)) { - printk(KERN_ERR "SELinux: policydb string length %d does not " - "match expected length %Zu\n", + pr_err("policydb string length %d does not match expected length %Zu\n", len, strlen(POLICYDB_STRING)); goto bad; } @@ -2321,14 +2311,14 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; policydb_str = kmalloc(len + 1, GFP_KERNEL); if (!policydb_str) { - printk(KERN_ERR "SELinux: unable to allocate memory for policydb " - "string of length %d\n", len); + pr_err("unable to allocate memory for policydb string of length %d\n", + len); goto bad; } rc = next_entry(policydb_str, fp, len); if (rc) { - printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); + pr_err("truncated policydb string identifier\n"); kfree(policydb_str); goto bad; } @@ -2336,8 +2326,8 @@ int policydb_read(struct policydb *p, void *fp) rc = -EINVAL; policydb_str[len] = '\0'; if (strcmp(policydb_str, POLICYDB_STRING)) { - printk(KERN_ERR "SELinux: policydb string %s does not match " - "my string %s\n", policydb_str, POLICYDB_STRING); + pr_err("policydb string %s does not match my string %s\n", + policydb_str, POLICYDB_STRING); kfree(policydb_str); goto bad; } @@ -2354,9 +2344,9 @@ int policydb_read(struct policydb *p, void *fp) p->policyvers = le32_to_cpu(buf[0]); if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX) { - printk(KERN_ERR "SELinux: policydb version %d does not match " - "my version range %d-%d\n", - le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); + pr_err("policydb version %d does not match my version range %d-%d\n", + le32_to_cpu(buf[0]), + POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); goto bad; } @@ -2365,9 +2355,8 @@ int policydb_read(struct policydb *p, void *fp) rc = -EINVAL; if (p->policyvers < POLICYDB_VERSION_MLS) { - printk(KERN_ERR "SELinux: security policydb version %d " - "(MLS) not backwards compatible\n", - p->policyvers); + pr_err("security policydb version %d (MLS) not backwards compatible\n", + p->policyvers); goto bad; } } @@ -2389,17 +2378,16 @@ int policydb_read(struct policydb *p, void *fp) rc = -EINVAL; info = policydb_lookup_compat(p->policyvers); if (!info) { - printk(KERN_ERR "SELinux: unable to find policy compat info " - "for version %d\n", p->policyvers); + pr_err("unable to find policy compat info for version %d\n", + p->policyvers); goto bad; } rc = -EINVAL; if (le32_to_cpu(buf[2]) != info->sym_num || le32_to_cpu(buf[3]) != info->ocon_num) { - printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " - "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), - le32_to_cpu(buf[3]), + pr_err("policydb table sizes (%d,%d) do not match mine (%d,%d)\n", + le32_to_cpu(buf[2]), le32_to_cpu(buf[3]), info->sym_num, info->ocon_num); goto bad; } @@ -3397,9 +3385,8 @@ int policydb_write(struct policydb *p, void *fp) * careful if you ever try to remove this restriction */ if (p->policyvers < POLICYDB_VERSION_AVTAB) { - printk(KERN_ERR "SELinux: refusing to write policy version %d." - " Because it is less than version %d\n", p->policyvers, - POLICYDB_VERSION_AVTAB); + pr_err("refusing to write policy version %d because it is less than version %d\n", + p->policyvers, POLICYDB_VERSION_AVTAB); return -EINVAL; } @@ -3426,8 +3413,8 @@ int policydb_write(struct policydb *p, void *fp) /* Write the version, config, and table sizes. */ info = policydb_lookup_compat(p->policyvers); if (!info) { - printk(KERN_ERR "SELinux: compatibility lookup failed for policy " - "version %d", p->policyvers); + pr_err("compatibility lookup failed for policy version %d\n", + p->policyvers); return -EINVAL; } diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 5d0144e..3cbeff3 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -39,6 +39,9 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. */ + +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/kernel.h> #include <linux/slab.h> #include <linux/string.h> @@ -143,9 +146,7 @@ static int selinux_set_mapping(struct policydb *pol, p_out->value = string_to_security_class(pol, p_in->name); if (!p_out->value) { - printk(KERN_INFO - "SELinux: Class %s not defined in policy.\n", - p_in->name); + pr_info("Class %s not defined in policy\n", p_in->name); if (pol->reject_unknown) goto err; p_out->num_perms = 0; @@ -163,9 +164,8 @@ static int selinux_set_mapping(struct policydb *pol, p_out->perms[k] = string_to_av_perm(pol, p_out->value, p_in->perms[k]); if (!p_out->perms[k]) { - printk(KERN_INFO - "SELinux: Permission %s in class %s not defined in policy.\n", - p_in->perms[k], p_in->name); + pr_info("Permission %s in class %s not defined in policy\n", + p_in->perms[k], p_in->name); if (pol->reject_unknown) goto err; print_unknown_handle = true; @@ -177,8 +177,8 @@ static int selinux_set_mapping(struct policydb *pol, } if (print_unknown_handle) - printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n", - pol->allow_unknown ? "allowed" : "denied"); + pr_info("the above unknown classes and permissions will be %s\n", + pol->allow_unknown ? "allowed" : "denied"); *out_map_p = out_map; *out_map_size = i; @@ -636,7 +636,7 @@ static void context_struct_compute_av(struct context *scontext, if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) { if (printk_ratelimit()) - printk(KERN_WARNING "SELinux: Invalid class %hu\n", tclass); + pr_warn("Invalid class %hu\n", tclass); return; } @@ -760,8 +760,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, tclass = unmap_class(orig_tclass); if (!tclass || tclass > policydb.p_classes.nprim) { - printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", - __func__, tclass); + pr_err("%s: unrecognized class %d\n", __func__, tclass); rc = -EINVAL; goto out; } @@ -769,24 +768,21 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, ocontext = sidtab_search(&sidtab, oldsid); if (!ocontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, oldsid); + pr_err("%s: unrecognized SID %d\n", __func__, oldsid); rc = -EINVAL; goto out; } ncontext = sidtab_search(&sidtab, newsid); if (!ncontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, newsid); + pr_err("%s: unrecognized SID %d\n", __func__, newsid); rc = -EINVAL; goto out; } tcontext = sidtab_search(&sidtab, tasksid); if (!tcontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, tasksid); + pr_err("%s: unrecognized SID %d\n", __func__, tasksid); rc = -EINVAL; goto out; } @@ -828,16 +824,14 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) rc = -EINVAL; old_context = sidtab_search(&sidtab, old_sid); if (!old_context) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n", - __func__, old_sid); + pr_err("%s: unrecognized SID %u\n", __func__, old_sid); goto out; } rc = -EINVAL; new_context = sidtab_search(&sidtab, new_sid); if (!new_context) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n", - __func__, new_sid); + pr_err("%s: unrecognized SID %u\n", __func__, new_sid); goto out; } @@ -925,8 +919,7 @@ void security_compute_av(u32 ssid, scontext = sidtab_search(&sidtab, ssid); if (!scontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, ssid); + pr_err("%s: unrecognized SID %d\n", __func__, ssid); goto out; } @@ -936,8 +929,7 @@ void security_compute_av(u32 ssid, tcontext = sidtab_search(&sidtab, tsid); if (!tcontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, tsid); + pr_err("%s: unrecognized SID %d\n", __func__, tsid); goto out; } @@ -971,8 +963,7 @@ void security_compute_av_user(u32 ssid, scontext = sidtab_search(&sidtab, ssid); if (!scontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, ssid); + pr_err("%s: unrecognized SID %d\n", __func__, ssid); goto out; } @@ -982,8 +973,7 @@ void security_compute_av_user(u32 ssid, tcontext = sidtab_search(&sidtab, tsid); if (!tcontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, tsid); + pr_err("%s: unrecognized SID %d\n", __func__, tsid); goto out; } @@ -1095,8 +1085,8 @@ static int security_sid_to_context_core(u32 sid, char **scontext, *scontext = scontextp; goto out; } - printk(KERN_ERR "SELinux: %s: called before initial " - "load_policy on unknown SID %d\n", __func__, sid); + pr_err("%s: called before initial load_policy on unknown SID %d\n", + __func__, sid); rc = -EINVAL; goto out; } @@ -1106,8 +1096,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext, else context = sidtab_search(&sidtab, sid); if (!context) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, sid); + pr_err("%s: unrecognized SID %d\n", __func__, sid); rc = -EINVAL; goto out_unlock; } @@ -1432,15 +1421,13 @@ static int security_compute_sid(u32 ssid, scontext = sidtab_search(&sidtab, ssid); if (!scontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, ssid); + pr_err("%s: unrecognized SID %d\n", __func__, ssid); rc = -EINVAL; goto out_unlock; } tcontext = sidtab_search(&sidtab, tsid); if (!tcontext) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, tsid); + pr_err("%s: unrecognized SID %d\n", __func__, tsid); rc = -EINVAL; goto out_unlock; } @@ -1653,7 +1640,7 @@ static inline int convert_context_handle_invalid_context(struct context *context return -EINVAL; if (!context_struct_to_string(context, &s, &len)) { - printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s); + pr_warn("Context %s would be invalid if enforcing\n", s); kfree(s); } return 0; @@ -1703,8 +1690,7 @@ static int convert_context(u32 key, c->len, &ctx, SECSID_NULL); kfree(s); if (!rc) { - printk(KERN_INFO "SELinux: Context %s became valid (mapped).\n", - c->str); + pr_info("Context %s became valid (mapped)\n", c->str); /* Replace string with mapped representation. */ kfree(c->str); memcpy(c, &ctx, sizeof(*c)); @@ -1715,7 +1701,7 @@ static int convert_context(u32 key, goto out; } else { /* Other error condition, e.g. ENOMEM. */ - printk(KERN_ERR "SELinux: Unable to map context %s, rc = %d.\n", + pr_err("Unable to map context %s, rc = %d\n", c->str, -rc); goto out; } @@ -1774,8 +1760,7 @@ static int convert_context(u32 key, oc = oc->next; rc = -EINVAL; if (!oc) { - printk(KERN_ERR "SELinux: unable to look up" - " the initial SIDs list\n"); + pr_err("unable to look up the initial SIDs list\n"); goto bad; } range = &oc->context[0].range; @@ -1805,8 +1790,7 @@ bad: context_destroy(c); c->str = s; c->len = len; - printk(KERN_INFO "SELinux: Context %s became invalid (unmapped).\n", - c->str); + pr_info("Context %s became invalid (unmapped)\n", c->str); rc = 0; goto out; } @@ -1899,13 +1883,13 @@ int security_load_policy(void *data, size_t len) newpolicydb->len = len; /* If switching between different policy types, log MLS status */ if (policydb.mls_enabled && !newpolicydb->mls_enabled) - printk(KERN_INFO "SELinux: Disabling MLS support...\n"); + pr_info("Disabling MLS support...\n"); else if (!policydb.mls_enabled && newpolicydb->mls_enabled) - printk(KERN_INFO "SELinux: Enabling MLS support...\n"); + pr_info("Enabling MLS support...\n"); rc = policydb_load_isids(newpolicydb, &newsidtab); if (rc) { - printk(KERN_ERR "SELinux: unable to load the initial SIDs\n"); + pr_err("unable to load the initial SIDs\n"); policydb_destroy(newpolicydb); goto out; } @@ -1916,7 +1900,7 @@ int security_load_policy(void *data, size_t len) rc = security_preserve_bools(newpolicydb); if (rc) { - printk(KERN_ERR "SELinux: unable to preserve booleans\n"); + pr_err("unable to preserve booleans\n"); goto err; } @@ -1935,9 +1919,7 @@ int security_load_policy(void *data, size_t len) args.newp = newpolicydb; rc = sidtab_map(&newsidtab, convert_context, &args); if (rc) { - printk(KERN_ERR "SELinux: unable to convert the internal" - " representation of contexts in the new SID" - " table\n"); + pr_err("unable to convert the internal representation of contexts in the new SID table\n"); goto err; } @@ -2557,16 +2539,14 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) rc = -EINVAL; context1 = sidtab_search(&sidtab, sid); if (!context1) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, sid); + pr_err("%s: unrecognized SID %d\n", __func__, sid); goto out_unlock; } rc = -EINVAL; context2 = sidtab_search(&sidtab, mls_sid); if (!context2) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, mls_sid); + pr_err("%s: unrecognized SID %d\n", __func__, mls_sid); goto out_unlock; } @@ -2654,15 +2634,13 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, rc = -EINVAL; nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); if (!nlbl_ctx) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, nlbl_sid); + pr_err("%s: unrecognized SID %d\n", __func__, nlbl_sid); goto out; } rc = -EINVAL; xfrm_ctx = sidtab_search(&sidtab, xfrm_sid); if (!xfrm_ctx) { - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", - __func__, xfrm_sid); + pr_err("%s: unrecognized SID %d\n", __func__, xfrm_sid); goto out; } rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); @@ -2742,8 +2720,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms) rc = -EINVAL; match = hashtab_search(policydb.p_classes.table, class); if (!match) { - printk(KERN_ERR "SELinux: %s: unrecognized class %s\n", - __func__, class); + pr_err("%s: unrecognized class %s\n", __func__, class); goto out; } diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index 5840a35..aef422a 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -3,6 +3,9 @@ * * Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ + +#define pr_fmt(fmt) "SELinux: " fmt + #include <linux/kernel.h> #include <linux/slab.h> #include <linux/spinlock.h> @@ -220,9 +223,8 @@ int sidtab_context_to_sid(struct sidtab *s, } sid = s->next_sid++; if (context->len) - printk(KERN_INFO - "SELinux: Context %s is not valid (left unmapped).\n", - context->str); + pr_info("Context %s is not valid (left unmapped)\n", + context->str); ret = sidtab_insert(s, sid, context); if (ret) s->next_sid--; -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 5/8] security: selinux: Use a more current logging style 2014-02-24 21:59 ` [PATCH 5/8] security: selinux: " Joe Perches @ 2014-02-25 20:05 ` Paul Moore 2014-02-25 20:20 ` Joe Perches 0 siblings, 1 reply; 25+ messages in thread From: Paul Moore @ 2014-02-25 20:05 UTC (permalink / raw) To: Joe Perches Cc: linux-kernel, Stephen Smalley, Eric Paris, James Morris, selinux, linux-security-module On Monday, February 24, 2014 01:59:58 PM Joe Perches wrote: > Convert printk to pr_<level>. > Add pr_fmt. > Coalesce formats, add missing space where appropriate. > Standardize on one space after "SELinux: " prefix. > > Signed-off-by: Joe Perches <joe@perches.com> A few minor comments inline ... > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index fc3e662..f9bb683 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -13,6 +13,9 @@ > * it under the terms of the GNU General Public License version 2, > * as published by the Free Software Foundation. > */ > + > +#define pr_fmt(fmt) "SELinux: " KBUILD_MODNAME ": " fmt > + Wouldn't this result in "SELinux: selinux: ..."? If not great, if so, let's just specify "avc" the old fashioned way. > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index d07413d..49a4a3d 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > /* Set the security state for the initial task. */ > cred_init_security(); > @@ -5976,9 +5958,9 @@ static __init int selinux_init(void) > panic("SELinux: Unable to register with kernel.\n"); > > if (selinux_enforcing) > - printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); > + printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); > else > - printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); > + printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); > > return 0; > } What about using 'pr_fmt("...")' in the printks above? Seems like it would help with consistency. > @@ -5990,10 +5972,10 @@ static void delayed_superblock_init(struct > super_block *sb, void *unused) > > void selinux_complete_init(void) > { > - printk(KERN_DEBUG "SELinux: Completing initialization.\n"); > + printk(KERN_DEBUG "SELinux: Completing initialization\n"); > > /* Set up any superblocks initialized prior to the policy load. */ > - printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); > + printk(KERN_DEBUG "SELinux: Setting up existing superblocks\n"); > iterate_supers(delayed_superblock_init, NULL); > } Same. > @@ -6055,7 +6037,7 @@ static int __init selinux_nf_ip_init(void) > if (!selinux_enabled) > goto out; > > - printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); > + printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n"); > > err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops)); > if (err) > @@ -6076,7 +6058,7 @@ __initcall(selinux_nf_ip_init); > #ifdef CONFIG_SECURITY_SELINUX_DISABLE > static void selinux_nf_ip_exit(void) > { > - printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); > + printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n"); Same. > diff --git a/security/selinux/netport.c b/security/selinux/netport.c > index d353797..20a4ed0 100644 > --- a/security/selinux/netport.c > +++ b/security/selinux/netport.c > @@ -12,7 +12,6 @@ > * (see security/selinux/netif.c for more information) > * > */ > - > /* > * (c) Copyright Hewlett-Packard Development Company, L.P., 2008 > * Whitespace noise. > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c > index c0f4988..ff9e193 100644 > --- a/security/selinux/ss/policydb.c > +++ b/security/selinux/ss/policydb.c > @@ -25,6 +25,8 @@ > * the Free Software Foundation, version 2. > */ > > +#define pr_fmt(fmt) "SELinux: " fmt > + > #include <linux/kernel.h> > #include <linux/sched.h> > #include <linux/slab.h> > @@ -515,14 +517,14 @@ static int policydb_index(struct policydb *p) > { > int i, rc; > > - printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", > + printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", > p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, > p->p_bools.nprim); if (p->mls_enabled) > printk(", %d sens, %d cats", p->p_levels.nprim, > p->p_cats.nprim); > printk("\n"); > > - printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", > + printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", > p->p_classes.nprim, p->te_avtab.nel); More potential 'pr_fmt(x)' uses ... -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 5/8] security: selinux: Use a more current logging style 2014-02-25 20:05 ` Paul Moore @ 2014-02-25 20:20 ` Joe Perches 0 siblings, 0 replies; 25+ messages in thread From: Joe Perches @ 2014-02-25 20:20 UTC (permalink / raw) To: Paul Moore Cc: linux-kernel, Stephen Smalley, Eric Paris, James Morris, selinux, linux-security-module On Tue, 2014-02-25 at 15:05 -0500, Paul Moore wrote: > On Monday, February 24, 2014 01:59:58 PM Joe Perches wrote: > > Convert printk to pr_<level>. > > Add pr_fmt. > > Coalesce formats, add missing space where appropriate. > > Standardize on one space after "SELinux: " prefix. > > > > Signed-off-by: Joe Perches <joe@perches.com> > > A few minor comments inline ... > > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c [] > > @@ -13,6 +13,9 @@ > > * it under the terms of the GNU General Public License version 2, > > * as published by the Free Software Foundation. > > */ > > + > > +#define pr_fmt(fmt) "SELinux: " KBUILD_MODNAME ": " fmt > > + > > Wouldn't this result in "SELinux: selinux: ..."? If not great, if so, let's > just specify "avc" the old fashioned way. Yup, you're right. Thanks. I stuffed that one up. $ strings security/selinux/avc.o | grep "^[0-6]" 4SELinux: selinux: seqno %d < latest_notif %d I'll send a v2. > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c [] > > @@ -5976,9 +5958,9 @@ static __init int selinux_init(void) > > panic("SELinux: Unable to register with kernel.\n"); > > > > if (selinux_enforcing) > > - printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); > > + printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n"); > > else > > - printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); > > + printk(KERN_DEBUG "SELinux: Starting in permissive mode\n"); These printks should/will be converted to pr_debug in a separate patch. I didn't want to mix these conversions with the other pr_<level> ones. ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 6/8] security: smack: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches ` (4 preceding siblings ...) 2014-02-24 21:59 ` [PATCH 5/8] security: selinux: " Joe Perches @ 2014-02-24 21:59 ` Joe Perches 2014-02-24 22:16 ` Casey Schaufler 2014-02-24 22:35 ` Casey Schaufler 2014-02-24 22:00 ` [PATCH 7/8] security: tomoyo: " Joe Perches 2014-02-24 22:00 ` [PATCH 8/8] security: yama: " Joe Perches 7 siblings, 2 replies; 25+ messages in thread From: Joe Perches @ 2014-02-24 21:59 UTC (permalink / raw) To: linux-kernel; +Cc: Casey Schaufler, James Morris, linux-security-module Convert printks to pr_<level> Add pr_fmt. Signed-off-by: Joe Perches <joe@perches.com> --- security/smack/smack_lsm.c | 7 ++++--- security/smack/smackfs.c | 25 +++++++++++-------------- 2 files changed, 15 insertions(+), 17 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 14f52be..a273aad 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -18,6 +18,8 @@ * as published by the Free Software Foundation. */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/xattr.h> #include <linux/pagemap.h> #include <linux/mount.h> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, if (sock->sk->sk_family == PF_INET) { rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); if (rc != 0) - printk(KERN_WARNING - "Smack: \"%s\" netlbl error %d.\n", + pr_warn("\"%s\" netlbl error %d\n", __func__, -rc); } } else @@ -3916,7 +3917,7 @@ static __init int smack_init(void) if (tsp == NULL) return -ENOMEM; - printk(KERN_INFO "Smack: Initializing.\n"); + pr_info("Initializing\n"); /* * Set the security state for the initial task. diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 3198cfe..2e25220 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -16,6 +16,8 @@ * */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/kernel.h> #include <linux/vmalloc.h> #include <linux/security.h> @@ -698,8 +700,7 @@ static void smk_cipso_doi(void) rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); if (rc != 0) - printk(KERN_WARNING "%s:%d remove rc = %d\n", - __func__, __LINE__, rc); + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc); doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); if (doip == NULL) @@ -713,15 +714,13 @@ static void smk_cipso_doi(void) rc = netlbl_cfg_cipsov4_add(doip, &nai); if (rc != 0) { - printk(KERN_WARNING "%s:%d cipso add rc = %d\n", - __func__, __LINE__, rc); + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc); kfree(doip); return; } rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); if (rc != 0) { - printk(KERN_WARNING "%s:%d map add rc = %d\n", - __func__, __LINE__, rc); + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc); kfree(doip); return; } @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient) if (oldambient != NULL) { rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); if (rc != 0) - printk(KERN_WARNING "%s:%d remove rc = %d\n", - __func__, __LINE__, rc); + pr_warn("%s:%d remove rc = %d\n", + __func__, __LINE__, rc); } if (smack_net_ambient == NULL) smack_net_ambient = &smack_known_floor; @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient) rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET, NULL, NULL, &nai); if (rc != 0) - printk(KERN_WARNING "%s:%d add rc = %d\n", - __func__, __LINE__, rc); + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc); } /* @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); if (rc != 0) { - printk(KERN_ERR "%s failed %d while creating inodes\n", - __func__, rc); + pr_err("%s failed %d while creating inodes\n", __func__, rc); return rc; } @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void) err = smk_init_sysfs(); if (err) - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n"); + pr_err("smackfs: sysfs mountpoint problem\n"); err = register_filesystem(&smk_fs_type); if (!err) { smackfs_mount = kern_mount(&smk_fs_type); if (IS_ERR(smackfs_mount)) { - printk(KERN_ERR "smackfs: could not mount!\n"); + pr_err("smackfs: could not mount!\n"); err = PTR_ERR(smackfs_mount); smackfs_mount = NULL; } -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 6/8] security: smack: Use a more current logging style 2014-02-24 21:59 ` [PATCH 6/8] security: smack: " Joe Perches @ 2014-02-24 22:16 ` Casey Schaufler 2014-02-24 22:23 ` Joe Perches 2014-02-24 22:35 ` Casey Schaufler 1 sibling, 1 reply; 25+ messages in thread From: Casey Schaufler @ 2014-02-24 22:16 UTC (permalink / raw) To: Joe Perches, linux-kernel Cc: James Morris, linux-security-module, Casey Schaufler On 2/24/2014 1:59 PM, Joe Perches wrote: > Convert printks to pr_<level> > Add pr_fmt. > > Signed-off-by: Joe Perches <joe@perches.com> > --- > security/smack/smack_lsm.c | 7 ++++--- > security/smack/smackfs.c | 25 +++++++++++-------------- > 2 files changed, 15 insertions(+), 17 deletions(-) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 14f52be..a273aad 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -18,6 +18,8 @@ > * as published by the Free Software Foundation. > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + What is pr_fmt() for? > #include <linux/xattr.h> > #include <linux/pagemap.h> > #include <linux/mount.h> > @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, > if (sock->sk->sk_family == PF_INET) { > rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); > if (rc != 0) > - printk(KERN_WARNING > - "Smack: \"%s\" netlbl error %d.\n", > + pr_warn("\"%s\" netlbl error %d\n", > __func__, -rc); > } > } else > @@ -3916,7 +3917,7 @@ static __init int smack_init(void) > if (tsp == NULL) > return -ENOMEM; > > - printk(KERN_INFO "Smack: Initializing.\n"); > + pr_info("Initializing\n"); > > /* > * Set the security state for the initial task. > diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c > index 3198cfe..2e25220 100644 > --- a/security/smack/smackfs.c > +++ b/security/smack/smackfs.c > @@ -16,6 +16,8 @@ > * > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/kernel.h> > #include <linux/vmalloc.h> > #include <linux/security.h> > @@ -698,8 +700,7 @@ static void smk_cipso_doi(void) > > rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); > if (rc != 0) > - printk(KERN_WARNING "%s:%d remove rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc); > > doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); > if (doip == NULL) > @@ -713,15 +714,13 @@ static void smk_cipso_doi(void) > > rc = netlbl_cfg_cipsov4_add(doip, &nai); > if (rc != 0) { > - printk(KERN_WARNING "%s:%d cipso add rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc); > kfree(doip); > return; > } > rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); > if (rc != 0) { > - printk(KERN_WARNING "%s:%d map add rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc); > kfree(doip); > return; > } > @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient) > if (oldambient != NULL) { > rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); > if (rc != 0) > - printk(KERN_WARNING "%s:%d remove rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d remove rc = %d\n", > + __func__, __LINE__, rc); > } > if (smack_net_ambient == NULL) > smack_net_ambient = &smack_known_floor; > @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient) > rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET, > NULL, NULL, &nai); > if (rc != 0) > - printk(KERN_WARNING "%s:%d add rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc); > } > > /* > @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) > > rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); > if (rc != 0) { > - printk(KERN_ERR "%s failed %d while creating inodes\n", > - __func__, rc); > + pr_err("%s failed %d while creating inodes\n", __func__, rc); > return rc; > } > > @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void) > > err = smk_init_sysfs(); > if (err) > - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n"); > + pr_err("smackfs: sysfs mountpoint problem\n"); > > err = register_filesystem(&smk_fs_type); > if (!err) { > smackfs_mount = kern_mount(&smk_fs_type); > if (IS_ERR(smackfs_mount)) { > - printk(KERN_ERR "smackfs: could not mount!\n"); > + pr_err("smackfs: could not mount!\n"); > err = PTR_ERR(smackfs_mount); > smackfs_mount = NULL; > } ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 6/8] security: smack: Use a more current logging style 2014-02-24 22:16 ` Casey Schaufler @ 2014-02-24 22:23 ` Joe Perches 2014-02-24 22:33 ` Casey Schaufler 0 siblings, 1 reply; 25+ messages in thread From: Joe Perches @ 2014-02-24 22:23 UTC (permalink / raw) To: Casey Schaufler; +Cc: linux-kernel, James Morris, linux-security-module On Mon, 2014-02-24 at 14:16 -0800, Casey Schaufler wrote: > On 2/24/2014 1:59 PM, Joe Perches wrote: > > Convert printks to pr_<level> > > Add pr_fmt. > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c [] > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > > + > > What is pr_fmt() for? Prefixing "smack: " to the pr_<level> uses. > > @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, > > if (sock->sk->sk_family == PF_INET) { > > rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); > > if (rc != 0) > > - printk(KERN_WARNING > > - "Smack: \"%s\" netlbl error %d.\n", > > + pr_warn("\"%s\" netlbl error %d\n", > > __func__, -rc); This will be now be emitted as <4>smack: "smack_inode_setsecurity" netlbl error -<d> instead of <4>Smack: "smack_inode_setsecurity" netlbl error -<d> Though it'd be a lot more common to use: pr_warn("%s: netlbl error: %d\n", __func__, -rc); so the output would be: <4>smack: smack_inode_setsecurity: netlbl error: -<d> ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 6/8] security: smack: Use a more current logging style 2014-02-24 22:23 ` Joe Perches @ 2014-02-24 22:33 ` Casey Schaufler 0 siblings, 0 replies; 25+ messages in thread From: Casey Schaufler @ 2014-02-24 22:33 UTC (permalink / raw) To: Joe Perches; +Cc: linux-kernel, James Morris, linux-security-module On 2/24/2014 2:23 PM, Joe Perches wrote: > On Mon, 2014-02-24 at 14:16 -0800, Casey Schaufler wrote: >> On 2/24/2014 1:59 PM, Joe Perches wrote: >>> Convert printks to pr_<level> >>> Add pr_fmt. >>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > [] >>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt >>> + >> What is pr_fmt() for? > Prefixing "smack: " to the pr_<level> uses. OK. I didn't see where it was used. I understand now. I'll go back and ACK the changes. > >>> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, >>> if (sock->sk->sk_family == PF_INET) { >>> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); >>> if (rc != 0) >>> - printk(KERN_WARNING >>> - "Smack: \"%s\" netlbl error %d.\n", >>> + pr_warn("\"%s\" netlbl error %d\n", >>> __func__, -rc); > This will be now be emitted as > > <4>smack: "smack_inode_setsecurity" netlbl error -<d> > > instead of > > <4>Smack: "smack_inode_setsecurity" netlbl error -<d> > > Though it'd be a lot more common to use: > > pr_warn("%s: netlbl error: %d\n", > __func__, -rc); > > so the output would be: > > <4>smack: smack_inode_setsecurity: netlbl error: -<d> > > > ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 6/8] security: smack: Use a more current logging style 2014-02-24 21:59 ` [PATCH 6/8] security: smack: " Joe Perches 2014-02-24 22:16 ` Casey Schaufler @ 2014-02-24 22:35 ` Casey Schaufler 2014-02-24 23:01 ` Casey Schaufler 1 sibling, 1 reply; 25+ messages in thread From: Casey Schaufler @ 2014-02-24 22:35 UTC (permalink / raw) To: Joe Perches, linux-kernel; +Cc: James Morris, linux-security-module On 2/24/2014 1:59 PM, Joe Perches wrote: > Convert printks to pr_<level> > Add pr_fmt. > > Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> I will take this into the smack-next tree. > --- > security/smack/smack_lsm.c | 7 ++++--- > security/smack/smackfs.c | 25 +++++++++++-------------- > 2 files changed, 15 insertions(+), 17 deletions(-) > > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 14f52be..a273aad 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -18,6 +18,8 @@ > * as published by the Free Software Foundation. > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/xattr.h> > #include <linux/pagemap.h> > #include <linux/mount.h> > @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, > if (sock->sk->sk_family == PF_INET) { > rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); > if (rc != 0) > - printk(KERN_WARNING > - "Smack: \"%s\" netlbl error %d.\n", > + pr_warn("\"%s\" netlbl error %d\n", > __func__, -rc); > } > } else > @@ -3916,7 +3917,7 @@ static __init int smack_init(void) > if (tsp == NULL) > return -ENOMEM; > > - printk(KERN_INFO "Smack: Initializing.\n"); > + pr_info("Initializing\n"); > > /* > * Set the security state for the initial task. > diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c > index 3198cfe..2e25220 100644 > --- a/security/smack/smackfs.c > +++ b/security/smack/smackfs.c > @@ -16,6 +16,8 @@ > * > */ > > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > + > #include <linux/kernel.h> > #include <linux/vmalloc.h> > #include <linux/security.h> > @@ -698,8 +700,7 @@ static void smk_cipso_doi(void) > > rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); > if (rc != 0) > - printk(KERN_WARNING "%s:%d remove rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc); > > doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); > if (doip == NULL) > @@ -713,15 +714,13 @@ static void smk_cipso_doi(void) > > rc = netlbl_cfg_cipsov4_add(doip, &nai); > if (rc != 0) { > - printk(KERN_WARNING "%s:%d cipso add rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc); > kfree(doip); > return; > } > rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); > if (rc != 0) { > - printk(KERN_WARNING "%s:%d map add rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc); > kfree(doip); > return; > } > @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient) > if (oldambient != NULL) { > rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); > if (rc != 0) > - printk(KERN_WARNING "%s:%d remove rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d remove rc = %d\n", > + __func__, __LINE__, rc); > } > if (smack_net_ambient == NULL) > smack_net_ambient = &smack_known_floor; > @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient) > rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET, > NULL, NULL, &nai); > if (rc != 0) > - printk(KERN_WARNING "%s:%d add rc = %d\n", > - __func__, __LINE__, rc); > + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc); > } > > /* > @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) > > rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); > if (rc != 0) { > - printk(KERN_ERR "%s failed %d while creating inodes\n", > - __func__, rc); > + pr_err("%s failed %d while creating inodes\n", __func__, rc); > return rc; > } > > @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void) > > err = smk_init_sysfs(); > if (err) > - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n"); > + pr_err("smackfs: sysfs mountpoint problem\n"); > > err = register_filesystem(&smk_fs_type); > if (!err) { > smackfs_mount = kern_mount(&smk_fs_type); > if (IS_ERR(smackfs_mount)) { > - printk(KERN_ERR "smackfs: could not mount!\n"); > + pr_err("smackfs: could not mount!\n"); > err = PTR_ERR(smackfs_mount); > smackfs_mount = NULL; > } ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 6/8] security: smack: Use a more current logging style 2014-02-24 22:35 ` Casey Schaufler @ 2014-02-24 23:01 ` Casey Schaufler 2014-02-25 7:47 ` James Morris 0 siblings, 1 reply; 25+ messages in thread From: Casey Schaufler @ 2014-02-24 23:01 UTC (permalink / raw) To: Joe Perches, linux-kernel; +Cc: James Morris, linux-security-module On 2/24/2014 2:35 PM, Casey Schaufler wrote: > On 2/24/2014 1:59 PM, Joe Perches wrote: >> Convert printks to pr_<level> >> Add pr_fmt. >> >> Signed-off-by: Joe Perches <joe@perches.com> > Acked-by: Casey Schaufler <casey@schaufler-ca.com> > > I will take this into the smack-next tree. Unless James would rather take the whole set, that is. > >> --- >> security/smack/smack_lsm.c | 7 ++++--- >> security/smack/smackfs.c | 25 +++++++++++-------------- >> 2 files changed, 15 insertions(+), 17 deletions(-) >> >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c >> index 14f52be..a273aad 100644 >> --- a/security/smack/smack_lsm.c >> +++ b/security/smack/smack_lsm.c >> @@ -18,6 +18,8 @@ >> * as published by the Free Software Foundation. >> */ >> >> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt >> + >> #include <linux/xattr.h> >> #include <linux/pagemap.h> >> #include <linux/mount.h> >> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, >> if (sock->sk->sk_family == PF_INET) { >> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); >> if (rc != 0) >> - printk(KERN_WARNING >> - "Smack: \"%s\" netlbl error %d.\n", >> + pr_warn("\"%s\" netlbl error %d\n", >> __func__, -rc); >> } >> } else >> @@ -3916,7 +3917,7 @@ static __init int smack_init(void) >> if (tsp == NULL) >> return -ENOMEM; >> >> - printk(KERN_INFO "Smack: Initializing.\n"); >> + pr_info("Initializing\n"); >> >> /* >> * Set the security state for the initial task. >> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c >> index 3198cfe..2e25220 100644 >> --- a/security/smack/smackfs.c >> +++ b/security/smack/smackfs.c >> @@ -16,6 +16,8 @@ >> * >> */ >> >> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt >> + >> #include <linux/kernel.h> >> #include <linux/vmalloc.h> >> #include <linux/security.h> >> @@ -698,8 +700,7 @@ static void smk_cipso_doi(void) >> >> rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); >> if (rc != 0) >> - printk(KERN_WARNING "%s:%d remove rc = %d\n", >> - __func__, __LINE__, rc); >> + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc); >> >> doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); >> if (doip == NULL) >> @@ -713,15 +714,13 @@ static void smk_cipso_doi(void) >> >> rc = netlbl_cfg_cipsov4_add(doip, &nai); >> if (rc != 0) { >> - printk(KERN_WARNING "%s:%d cipso add rc = %d\n", >> - __func__, __LINE__, rc); >> + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc); >> kfree(doip); >> return; >> } >> rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); >> if (rc != 0) { >> - printk(KERN_WARNING "%s:%d map add rc = %d\n", >> - __func__, __LINE__, rc); >> + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc); >> kfree(doip); >> return; >> } >> @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient) >> if (oldambient != NULL) { >> rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); >> if (rc != 0) >> - printk(KERN_WARNING "%s:%d remove rc = %d\n", >> - __func__, __LINE__, rc); >> + pr_warn("%s:%d remove rc = %d\n", >> + __func__, __LINE__, rc); >> } >> if (smack_net_ambient == NULL) >> smack_net_ambient = &smack_known_floor; >> @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient) >> rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET, >> NULL, NULL, &nai); >> if (rc != 0) >> - printk(KERN_WARNING "%s:%d add rc = %d\n", >> - __func__, __LINE__, rc); >> + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc); >> } >> >> /* >> @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) >> >> rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); >> if (rc != 0) { >> - printk(KERN_ERR "%s failed %d while creating inodes\n", >> - __func__, rc); >> + pr_err("%s failed %d while creating inodes\n", __func__, rc); >> return rc; >> } >> >> @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void) >> >> err = smk_init_sysfs(); >> if (err) >> - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n"); >> + pr_err("smackfs: sysfs mountpoint problem\n"); >> >> err = register_filesystem(&smk_fs_type); >> if (!err) { >> smackfs_mount = kern_mount(&smk_fs_type); >> if (IS_ERR(smackfs_mount)) { >> - printk(KERN_ERR "smackfs: could not mount!\n"); >> + pr_err("smackfs: could not mount!\n"); >> err = PTR_ERR(smackfs_mount); >> smackfs_mount = NULL; >> } > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 25+ messages in thread
* Re: [PATCH 6/8] security: smack: Use a more current logging style 2014-02-24 23:01 ` Casey Schaufler @ 2014-02-25 7:47 ` James Morris [not found] ` <17D2BA68-5581-4326-B6DD-5EC959235B71@aol.com> 0 siblings, 1 reply; 25+ messages in thread From: James Morris @ 2014-02-25 7:47 UTC (permalink / raw) To: Casey Schaufler Cc: Joe Perches, linux-kernel, James Morris, linux-security-module On Mon, 24 Feb 2014, Casey Schaufler wrote: > On 2/24/2014 2:35 PM, Casey Schaufler wrote: > > On 2/24/2014 1:59 PM, Joe Perches wrote: > >> Convert printks to pr_<level> > >> Add pr_fmt. > >> > >> Signed-off-by: Joe Perches <joe@perches.com> > > Acked-by: Casey Schaufler <casey@schaufler-ca.com> > > > > I will take this into the smack-next tree. > > Unless James would rather take the whole set, that is. Yep, I'll take the whole set. > > > > >> --- > >> security/smack/smack_lsm.c | 7 ++++--- > >> security/smack/smackfs.c | 25 +++++++++++-------------- > >> 2 files changed, 15 insertions(+), 17 deletions(-) > >> > >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > >> index 14f52be..a273aad 100644 > >> --- a/security/smack/smack_lsm.c > >> +++ b/security/smack/smack_lsm.c > >> @@ -18,6 +18,8 @@ > >> * as published by the Free Software Foundation. > >> */ > >> > >> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > >> + > >> #include <linux/xattr.h> > >> #include <linux/pagemap.h> > >> #include <linux/mount.h> > >> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name, > >> if (sock->sk->sk_family == PF_INET) { > >> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET); > >> if (rc != 0) > >> - printk(KERN_WARNING > >> - "Smack: \"%s\" netlbl error %d.\n", > >> + pr_warn("\"%s\" netlbl error %d\n", > >> __func__, -rc); > >> } > >> } else > >> @@ -3916,7 +3917,7 @@ static __init int smack_init(void) > >> if (tsp == NULL) > >> return -ENOMEM; > >> > >> - printk(KERN_INFO "Smack: Initializing.\n"); > >> + pr_info("Initializing\n"); > >> > >> /* > >> * Set the security state for the initial task. > >> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c > >> index 3198cfe..2e25220 100644 > >> --- a/security/smack/smackfs.c > >> +++ b/security/smack/smackfs.c > >> @@ -16,6 +16,8 @@ > >> * > >> */ > >> > >> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > >> + > >> #include <linux/kernel.h> > >> #include <linux/vmalloc.h> > >> #include <linux/security.h> > >> @@ -698,8 +700,7 @@ static void smk_cipso_doi(void) > >> > >> rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai); > >> if (rc != 0) > >> - printk(KERN_WARNING "%s:%d remove rc = %d\n", > >> - __func__, __LINE__, rc); > >> + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc); > >> > >> doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL); > >> if (doip == NULL) > >> @@ -713,15 +714,13 @@ static void smk_cipso_doi(void) > >> > >> rc = netlbl_cfg_cipsov4_add(doip, &nai); > >> if (rc != 0) { > >> - printk(KERN_WARNING "%s:%d cipso add rc = %d\n", > >> - __func__, __LINE__, rc); > >> + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc); > >> kfree(doip); > >> return; > >> } > >> rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai); > >> if (rc != 0) { > >> - printk(KERN_WARNING "%s:%d map add rc = %d\n", > >> - __func__, __LINE__, rc); > >> + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc); > >> kfree(doip); > >> return; > >> } > >> @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient) > >> if (oldambient != NULL) { > >> rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai); > >> if (rc != 0) > >> - printk(KERN_WARNING "%s:%d remove rc = %d\n", > >> - __func__, __LINE__, rc); > >> + pr_warn("%s:%d remove rc = %d\n", > >> + __func__, __LINE__, rc); > >> } > >> if (smack_net_ambient == NULL) > >> smack_net_ambient = &smack_known_floor; > >> @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient) > >> rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET, > >> NULL, NULL, &nai); > >> if (rc != 0) > >> - printk(KERN_WARNING "%s:%d add rc = %d\n", > >> - __func__, __LINE__, rc); > >> + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc); > >> } > >> > >> /* > >> @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) > >> > >> rc = simple_fill_super(sb, SMACK_MAGIC, smack_files); > >> if (rc != 0) { > >> - printk(KERN_ERR "%s failed %d while creating inodes\n", > >> - __func__, rc); > >> + pr_err("%s failed %d while creating inodes\n", __func__, rc); > >> return rc; > >> } > >> > >> @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void) > >> > >> err = smk_init_sysfs(); > >> if (err) > >> - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n"); > >> + pr_err("smackfs: sysfs mountpoint problem\n"); > >> > >> err = register_filesystem(&smk_fs_type); > >> if (!err) { > >> smackfs_mount = kern_mount(&smk_fs_type); > >> if (IS_ERR(smackfs_mount)) { > >> - printk(KERN_ERR "smackfs: could not mount!\n"); > >> + pr_err("smackfs: could not mount!\n"); > >> err = PTR_ERR(smackfs_mount); > >> smackfs_mount = NULL; > >> } > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 25+ messages in thread
[parent not found: <17D2BA68-5581-4326-B6DD-5EC959235B71@aol.com>]
* Re: [PATCH 6/8] security: smack: Use a more current logging style [not found] ` <17D2BA68-5581-4326-B6DD-5EC959235B71@aol.com> @ 2014-02-26 0:56 ` Joe Perches 0 siblings, 0 replies; 25+ messages in thread From: Joe Perches @ 2014-02-26 0:56 UTC (permalink / raw) To: Kodiak Furr Cc: James Morris, Casey Schaufler, James Morris, linux-security-module, linux-kernel On Tue, 2014-02-25 at 18:53 -0600, Kodiak Furr wrote: > Chghf1111111111 Sorry, I can't read this. ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 7/8] security: tomoyo: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches ` (5 preceding siblings ...) 2014-02-24 21:59 ` [PATCH 6/8] security: smack: " Joe Perches @ 2014-02-24 22:00 ` Joe Perches 2014-02-25 12:58 ` Tetsuo Handa 2014-02-24 22:00 ` [PATCH 8/8] security: yama: " Joe Perches 7 siblings, 1 reply; 25+ messages in thread From: Joe Perches @ 2014-02-24 22:00 UTC (permalink / raw) To: linux-kernel Cc: Kentaro Takeda, Tetsuo Handa, James Morris, linux-security-module Convert printks to pr_<level> Add pr_fmt to prefix output with "tomoyo: " Coalesce formats. Signed-off-by: Joe Perches <joe@perches.com> --- security/tomoyo/common.c | 23 ++++++++++------------- security/tomoyo/domain.c | 8 ++++---- security/tomoyo/load_policy.c | 9 +++++---- security/tomoyo/memory.c | 7 ++++--- security/tomoyo/tomoyo.c | 4 +++- security/tomoyo/util.c | 7 ++++--- 6 files changed, 30 insertions(+), 28 deletions(-) diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 283862a..f18d73c 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -4,6 +4,8 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ +#define pr_fmt(fmt) "tomoyo: " fmt + #include <linux/uaccess.h> #include <linux/slab.h> #include <linux/security.h> @@ -945,8 +947,8 @@ static bool tomoyo_manager(void) static pid_t last_pid; const pid_t pid = current->pid; if (last_pid != pid) { - printk(KERN_WARNING "%s ( %s ) is not permitted to " - "update policies.\n", domainname->name, exe); + pr_warn("%s ( %s ) is not permitted to update policies\n", + domainname->name, exe); last_pid = pid; } } @@ -2702,29 +2704,24 @@ void tomoyo_check_profile(void) struct tomoyo_domain_info *domain; const int idx = tomoyo_read_lock(); tomoyo_policy_loaded = true; - printk(KERN_INFO "TOMOYO: 2.5.0\n"); + pr_info("TOMOYO: 2.5.0\n"); list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { const u8 profile = domain->profile; const struct tomoyo_policy_namespace *ns = domain->ns; if (ns->profile_version != 20110903) - printk(KERN_ERR - "Profile version %u is not supported.\n", + pr_err("Profile version %u is not supported\n", ns->profile_version); else if (!ns->profile_ptr[profile]) - printk(KERN_ERR - "Profile %u (used by '%s') is not defined.\n", + pr_err("Profile %u (used by '%s') is not defined\n", profile, domain->domainname->name); else continue; - printk(KERN_ERR - "Userland tools for TOMOYO 2.5 must be installed and " - "policy must be initialized.\n"); - printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.5/ " - "for more information.\n"); + pr_err("Userland tools for TOMOYO 2.5 must be installed and policy must be initialized\n"); + pr_err("Please see http://tomoyo.sourceforge.jp/2.5/ for more information\n"); panic("STOP!"); } tomoyo_read_unlock(idx); - printk(KERN_INFO "Mandatory Access Control activated.\n"); + pr_info("Mandatory Access Control activated\n"); } /** diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 3865145..a150642 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -4,6 +4,8 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ +#define pr_fmt(fmt) "tomoyo: " fmt + #include "common.h" #include <linux/binfmts.h> #include <linux/slab.h> @@ -819,8 +821,7 @@ force_jump_domain: if (domain) retval = 0; else if (reject_on_transition_failure) { - printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n", - ee->tmp); + pr_warn("ERROR: Domain '%s' not ready\n", ee->tmp); retval = -ENOMEM; } else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING) retval = -ENOMEM; @@ -831,8 +832,7 @@ force_jump_domain: ee->r.granted = false; tomoyo_write_log(&ee->r, "%s", tomoyo_dif [TOMOYO_DIF_TRANSITION_FAILED]); - printk(KERN_WARNING - "ERROR: Domain '%s' not defined.\n", ee->tmp); + pr_warn("ERROR: Domain '%s' not defined\n", ee->tmp); } } out: diff --git a/security/tomoyo/load_policy.c b/security/tomoyo/load_policy.c index 078fac0..f5f5a06 100644 --- a/security/tomoyo/load_policy.c +++ b/security/tomoyo/load_policy.c @@ -4,6 +4,8 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ +#define pr_fmt(fmt) "tomoyo: " fmt + #include "common.h" #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER @@ -39,8 +41,8 @@ static bool tomoyo_policy_loader_exists(void) if (!tomoyo_loader) tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER; if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) { - printk(KERN_INFO "Not activating Mandatory Access Control " - "as %s does not exist.\n", tomoyo_loader); + pr_info("Not activating Mandatory Access Control as %s does not exist\n", + tomoyo_loader); return false; } path_put(&path); @@ -95,8 +97,7 @@ void tomoyo_load_policy(const char *filename) if (!tomoyo_policy_loader_exists()) return; done = true; - printk(KERN_INFO "Calling %s to load policy. Please wait.\n", - tomoyo_loader); + pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader); argv[0] = (char *) tomoyo_loader; argv[1] = NULL; envp[0] = "HOME=/"; diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 0e99571..b9bc828 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c @@ -4,6 +4,8 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ +#define pr_fmt(fmt) "tomoyo: " fmt + #include <linux/hash.h> #include <linux/slab.h> #include "common.h" @@ -19,12 +21,11 @@ void tomoyo_warn_oom(const char *function) static pid_t tomoyo_last_pid; const pid_t pid = current->pid; if (tomoyo_last_pid != pid) { - printk(KERN_WARNING "ERROR: Out of memory at %s.\n", - function); + pr_warn("ERROR: Out of memory at %s\n", function); tomoyo_last_pid = pid; } if (!tomoyo_policy_loaded) - panic("MAC Initialization failed.\n"); + panic("MAC Initialization failed\n"); } /* Memoy currently used by policy/audit log/query. */ diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index f0b756e..d363805 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -4,6 +4,8 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ +#define pr_fmt(fmt) "tomoyo: " fmt + #include <linux/security.h> #include "common.h" @@ -552,7 +554,7 @@ static int __init tomoyo_init(void) /* register ourselves with the security framework */ if (register_security(&tomoyo_security_ops)) panic("Failure registering TOMOYO Linux"); - printk(KERN_INFO "TOMOYO Linux initialized\n"); + pr_info("TOMOYO Linux initialized\n"); cred->security = &tomoyo_kernel_domain; tomoyo_mm_init(); return 0; diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 2952ba5..4d4131c 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -4,6 +4,8 @@ * Copyright (C) 2005-2011 NTT DATA CORPORATION */ +#define pr_fmt(fmt) "tomoyo: " fmt + #include <linux/slab.h> #include "common.h" @@ -1077,9 +1079,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true; /* r->granted = false; */ tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]); - printk(KERN_WARNING "WARNING: " - "Domain '%s' has too many ACLs to hold. " - "Stopped learning mode.\n", domain->domainname->name); + pr_warn("WARNING: Domain '%s' has too many ACLs to hold - stopped learning mode\n", + domain->domainname->name); } return false; } -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
* Re: [PATCH 7/8] security: tomoyo: Use a more current logging style 2014-02-24 22:00 ` [PATCH 7/8] security: tomoyo: " Joe Perches @ 2014-02-25 12:58 ` Tetsuo Handa 0 siblings, 0 replies; 25+ messages in thread From: Tetsuo Handa @ 2014-02-25 12:58 UTC (permalink / raw) To: joe, james.l.morris; +Cc: takedakn, linux-security-module, linux-kernel Joe Perches wrote: > Convert printks to pr_<level> > Add pr_fmt to prefix output with "tomoyo: " > Coalesce formats. > > Signed-off-by: Joe Perches <joe@perches.com> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> ^ permalink raw reply [flat|nested] 25+ messages in thread
* [PATCH 8/8] security: yama: Use a more current logging style 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches ` (6 preceding siblings ...) 2014-02-24 22:00 ` [PATCH 7/8] security: tomoyo: " Joe Perches @ 2014-02-24 22:00 ` Joe Perches 7 siblings, 0 replies; 25+ messages in thread From: Joe Perches @ 2014-02-24 22:00 UTC (permalink / raw) To: linux-kernel; +Cc: James Morris, linux-security-module Convert printks to pr_<level>. Add pr_fmt to prefix with "yama: " Convert printk_ratelimited to pr_<level>_ratelimited. Signed-off-by: Joe Perches <joe@perches.com> --- security/yama/yama_lsm.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c index 13c88fbc..9de0f2b 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c @@ -12,6 +12,8 @@ * */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + #include <linux/security.h> #include <linux/sysctl.h> #include <linux/ptrace.h> @@ -319,9 +321,8 @@ int yama_ptrace_access_check(struct task_struct *child, } if (rc) { - printk_ratelimited(KERN_NOTICE - "ptrace of pid %d was attempted by: %s (pid %d)\n", - child->pid, current->comm, current->pid); + pr_notice_ratelimited("ptrace of pid %d was attempted by: %s (pid %d)\n", + child->pid, current->comm, current->pid); } return rc; @@ -356,9 +357,8 @@ int yama_ptrace_traceme(struct task_struct *parent) } if (rc) { - printk_ratelimited(KERN_NOTICE - "ptraceme of pid %d was attempted by: %s (pid %d)\n", - current->pid, parent->comm, parent->pid); + pr_notice_ratelimited("ptraceme of pid %d was attempted by: %s (pid %d)\n", + current->pid, parent->comm, parent->pid); } return rc; @@ -425,16 +425,16 @@ static __init int yama_init(void) return 0; #endif - printk(KERN_INFO "Yama: becoming mindful.\n"); + pr_info("becoming mindful\n"); #ifndef CONFIG_SECURITY_YAMA_STACKED if (register_security(&yama_ops)) - panic("Yama: kernel registration failed.\n"); + panic("Yama: kernel registration failed\n"); #endif #ifdef CONFIG_SYSCTL if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table)) - panic("Yama: sysctl registration failed.\n"); + panic("Yama: sysctl registration failed\n"); #endif return 0; -- 1.8.1.2.459.gbcd45b4.dirty ^ permalink raw reply related [flat|nested] 25+ messages in thread
end of thread, other threads:[~2014-02-26 14:43 UTC | newest] Thread overview: 25+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-02-24 21:59 [PATCH 0/8] security: Use a more current logging style Joe Perches 2014-02-24 21:59 ` [PATCH 1/8] " Joe Perches 2014-02-25 19:10 ` Serge Hallyn 2014-02-25 19:34 ` Joe Perches 2014-02-25 19:41 ` [PATCH V2 " Joe Perches 2014-02-24 21:59 ` [PATCH 2/8] security: apparmor: " Joe Perches 2014-02-26 7:31 ` John Johansen 2014-02-26 14:43 ` Joe Perches 2014-02-24 21:59 ` [PATCH 3/8] security: integrity: " Joe Perches 2014-02-25 2:59 ` Mimi Zohar 2014-02-24 21:59 ` [PATCH 4/8] security: keys: " Joe Perches 2014-02-24 21:59 ` [PATCH 5/8] security: selinux: " Joe Perches 2014-02-25 20:05 ` Paul Moore 2014-02-25 20:20 ` Joe Perches 2014-02-24 21:59 ` [PATCH 6/8] security: smack: " Joe Perches 2014-02-24 22:16 ` Casey Schaufler 2014-02-24 22:23 ` Joe Perches 2014-02-24 22:33 ` Casey Schaufler 2014-02-24 22:35 ` Casey Schaufler 2014-02-24 23:01 ` Casey Schaufler 2014-02-25 7:47 ` James Morris [not found] ` <17D2BA68-5581-4326-B6DD-5EC959235B71@aol.com> 2014-02-26 0:56 ` Joe Perches 2014-02-24 22:00 ` [PATCH 7/8] security: tomoyo: " Joe Perches 2014-02-25 12:58 ` Tetsuo Handa 2014-02-24 22:00 ` [PATCH 8/8] security: yama: " Joe Perches
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).