From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5110EE49B0 for ; Wed, 23 Aug 2023 06:54:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E54D928005A; Wed, 23 Aug 2023 02:54:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E04F5280059; Wed, 23 Aug 2023 02:54:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CCD6428005A; Wed, 23 Aug 2023 02:54:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id BC86F280059 for ; Wed, 23 Aug 2023 02:54:04 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 804E6C0538 for ; Wed, 23 Aug 2023 06:54:04 +0000 (UTC) X-FDA: 81154454808.05.B1D6EAB Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by imf04.hostedemail.com (Postfix) with ESMTP id CC1E440022 for ; Wed, 23 Aug 2023 06:54:02 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=GbBYjN1A; spf=pass (imf04.hostedemail.com: domain of kamrankhadijadj@gmail.com designates 209.85.221.49 as permitted sender) smtp.mailfrom=kamrankhadijadj@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1692773642; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=sRJbu2VWppGYKNpBHFTEv9Y+VuI16n9z+Mb3bjCacWM=; b=gW/Q6vcBcr9xAt/nCVZalwhy+AYCHw1o4ATYC1cgEiV+XDz5g836tu0fL6p15b1ZMEh9Dt /6zCs3jVPb/xWxk1O12goh3nSiuXQG8DEy4pXGYi2MzlHwQzIUJ8jDrYjBfERRknHUzLqZ lBRKgkjeei0x8K3+Hdq4EFKTCk7odJw= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=GbBYjN1A; spf=pass (imf04.hostedemail.com: domain of kamrankhadijadj@gmail.com designates 209.85.221.49 as permitted sender) smtp.mailfrom=kamrankhadijadj@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1692773642; a=rsa-sha256; cv=none; b=HtN08ogcseK++12yrRnijbBMkS6dCS/U3JuLgYLW3Ina5DdJrTkY0YIdRslLeG3TIWRn0r HCesQqXZMwitoQnv19M3JTS+YvuuY4AbTa6MLf36syxQkfcui8TMLBGv+f7Smb2kkq5Fuo xsq3rzvtHTsfyb2qp7VUtFuyxeRgStc= Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-317f1c480eeso4676391f8f.2 for ; Tue, 22 Aug 2023 23:54:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692773641; x=1693378441; h=content-disposition:mime-version:message-id:subject:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=sRJbu2VWppGYKNpBHFTEv9Y+VuI16n9z+Mb3bjCacWM=; b=GbBYjN1AhGbgv25zzxmtNaQj3+u05ygAFTtl9LQ/2ozXaFj0W+wJn7ZPDvE56geNle ndXVXmp7qUWIERbSm3jFMryyGOWkouvBOH/h5NKvPxncaIk+jxMyK6L0a+H+INV114w0 E4wgO/HgU408UaLk+zM5jtzwnApAwkdEQKJcMgEy/kk3P93WOK1ZTkQ6+5ZZBfmsj7TZ F5SImDkAyfjt9Z7Db8XlwKp7vNnQV/tcvGmZvGtvspClmR06qoeqrQLu5D0MzmtXQNIF K9xALmqrZPOq6QtSuv58VJZD28tUS6FWebRtafqHUgb3MwsosyiARClnsBUECsCyIno/ Nurg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692773641; x=1693378441; h=content-disposition:mime-version:message-id:subject:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sRJbu2VWppGYKNpBHFTEv9Y+VuI16n9z+Mb3bjCacWM=; b=SyxNbQPpZcrv2jUku/LyO4TQ5NNclY136YvZc0cY74L2nqiHbftUfL6K8ddBsxCa2W BBE24+PUiaxTefUMpWUXHtNcDjPxExa6YP65rkjB/Lk6MNfXl21zEO7ZdjjP3AvZV9Pj aM3wL6wkKojblwT65yf8G1wWkBmk4/+utLO8U6zA+jJs59rhExLb+OjfgNeN4QwlQAan AYCh7QGeBw/tXAXvKP6riPXbEytVufvErxFrlcOwmIU5s1pfRIN17mCc34gCHwHOfNAq 0jjQ1DFaJ/WmUROrE53M39TRpyW6wJB+6E2ts8q0iBQMTN1j8eZZt8TLqlDvySI+FBdC 0CCg== X-Gm-Message-State: AOJu0YxZMGB53NXn3wnsK3Pe29VgSAnEuhWvsW5XCPn2iM2fwehtEHpC glKnv+J5lAFcnvbwBkjKi5o= X-Google-Smtp-Source: AGHT+IE8B7x2NLCXkn9XsQOgy6nerf/jeibqut1EJ8tEH1t0fMQXHBGYPaDB0Df0Qb80oWqBrQNlCQ== X-Received: by 2002:a05:6000:234:b0:317:67bf:337f with SMTP id l20-20020a056000023400b0031767bf337fmr11255411wrz.2.1692773640972; Tue, 22 Aug 2023 23:54:00 -0700 (PDT) Received: from khadija-virtual-machine ([124.29.208.67]) by smtp.gmail.com with ESMTPSA id f8-20020adfdb48000000b0031934b035d2sm18068477wrj.52.2023.08.22.23.53.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Aug 2023 23:54:00 -0700 (PDT) Date: Wed, 23 Aug 2023 11:53:57 +0500 From: Khadija Kamran To: linux-kernel@vger.kernel.org, Andrew Morton , linux-mm@kvack.org, Serge Hallyn , Paul Moore , James Morris , linux-security-module@vger.kernel.org, Stephen Smalley , Eric Paris , selinux@vger.kernel.org, ztarkhani@microsoft.com, alison.schofield@intel.com Subject: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm() Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Rspamd-Queue-Id: CC1E440022 X-Rspam-User: X-Stat-Signature: bmmtnsw7hzh4b6qpwae6rd5sttyqua4p X-Rspamd-Server: rspam01 X-HE-Tag: 1692773642-935163 X-HE-Meta: U2FsdGVkX18HcHRJcQS5P6pw4BbdKwAFuPocAR7zSlVMjKnNpsWCUjxW9Fq7t7Rz7bIaqii4CkX6hA72gQYpZfjJcGxgg5AgjCaycc/lyRjNXgiUB2eYdXDepl50+8iQb1TR/YVYrqzwAUS4MZqDEf6YLGhruoLPa7fEA30eIfc1G3v1KG1tlQAS01jVr3EhYcEBZCT6P2qfz21JB0snmr9dLiVK5wRZCGq2kshhOy4QzMwJ4D+xx5e8TLvrlG1jREsnaSQwNlRSiQdCrdE6BKBKFK9ljFm54k2y+QGBZqp94bFIeaNLZ7pClPDtNDYuHldagk3Asm5KxyMqubUEmNjx8ReoVz8SUhRDO/mIjIRPoLFQ4lRM1OcnIqW0atSHlhKFr/X5XJB70HOoSeQNNimC59KhWcUOw5SPxRJw2OjmuxJgbgpFKv2tpsVAPaZanrwj7otf6F91B0msyrypgHkCTWIMlZKjLlCwUuhvwxGywZoudxafOzivbdA5SabUpGFa1E7UrG1MRoNAHY0pTGVS2hk5ju3TMM7++oiEe0cJZgDbqfE07T3co5ef/hls2CJ1Hp23/8KZ1p3ABhgI9au8VMhcvbgDBiwBsIBiANQZGZhvu0WcuONweARSs06fg++WhYlpZxkSiX/MnthB64pv4yzkpOeGlObDC4JMakVnE7Y2a/qV+pFY7sFj5v5EkPptRALBnOhJE/+CvmSU+MbE+j/CbrV12vK7cvDj54z2IYnFic9cKPG7F+2JAVTW/UoghrXs7gdvmGg5xlWL0xxvs1YIjInz7Juh5QLXAexSzpCawddOB08Zwf+hV+FOFlqhKByQwdP+DLPjzObroYEJnbYB+kYQjgG5Y2gUZzX7kdmWFI1ENtxzk8lTKYpPYp/2y4rbtnOMa9DvwXisqDcpDNi38fHyxATrGY61Iar4WJ3awCJN0kG0pjOQ3YkdfZNfpz93Ifqt5XPeg3i dn/WrRVX uHWPGRW/6PV+l8lw54c7/NsD2VwtQpZP1M1e790gxaAALVDznmgnqMkDuwJzLaAzEMCV4MYN0WRzIDlYy2bxPaV0B1XLRmXud/JL5Ydopl0i/Qzk9QwLhAu5IWAmksEv9A/e114eP2UuhVvqHn+EzRzKuxTm8qtdHE9z8oAc2yRpLdRd77pf+b12TSB2lZEgijIpGch5ZOKFNLcD5QSrgHc213zb5gEChpWF6JyxbrD/sJojJwI8j6dfupvTcSSNeB153wLUsoaV/EmSe6cSDqCHdRyWQ0deKgrNxarHMcPRGPaVMuWa9AZRbNULsZLWa9YNVXI/C4J80xTovUlQhc7yJNHJ4XwOA2tTmGKcRJQJEl1OOpJsBX9IlnCdkZMNJqenwKFKriuJ4y9uXaA0UB4bkgR1jfAIuY/70uMRiK0HcCqCwuyBtjKfYt0D9xSBUu8s44gT9NwUlOCd95quaF5KplqG2/SymunvnEkehfecxmNW4VxPnj/EtQe4ZSNhaA06lkG/g136gRUFIG1yR1+1Yhrfg4xchpF6fQdjOK2wOEcHkJ88IHpNi8Q4NY3I1WWXsxdu9DDD8/XA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The 'vm_enough_memory' hook has implementations registered in SELinux and commoncap. Looking at the function implementations we observe that the 'mm' parameter is not changing. Mark the 'mm' parameter of LSM hook security_vm_enough_memory_mm() as 'const' since it will not be changing in the LSM hook. Signed-off-by: Khadija Kamran --- include/linux/lsm_hook_defs.h | 2 +- include/linux/mm.h | 2 +- include/linux/security.h | 6 +++--- security/commoncap.c | 2 +- security/security.c | 2 +- security/selinux/hooks.c | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 6bb55e61e8e8..aabf13482721 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -48,7 +48,7 @@ LSM_HOOK(int, 0, quota_on, struct dentry *dentry) LSM_HOOK(int, 0, syslog, int type) LSM_HOOK(int, 0, settime, const struct timespec64 *ts, const struct timezone *tz) -LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages) +LSM_HOOK(int, 0, vm_enough_memory, const struct mm_struct *mm, long pages) LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm) LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, struct file *file) LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm) diff --git a/include/linux/mm.h b/include/linux/mm.h index 27ce77080c79..52d43c5c20cd 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node); avc; avc = anon_vma_interval_tree_iter_next(avc, start, last)) /* mmap.c */ -extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin); +extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin); extern int vma_expand(struct vma_iterator *vmi, struct vm_area_struct *vma, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *next); diff --git a/include/linux/security.h b/include/linux/security.h index e2734e9e44d5..442495335ffd 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -169,7 +169,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, extern int cap_task_setscheduler(struct task_struct *p); extern int cap_task_setioprio(struct task_struct *p, int ioprio); extern int cap_task_setnice(struct task_struct *p, int nice); -extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); +extern int cap_vm_enough_memory(const struct mm_struct *mm, long pages); struct msghdr; struct sk_buff; @@ -287,7 +287,7 @@ int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); int security_syslog(int type); int security_settime64(const struct timespec64 *ts, const struct timezone *tz); -int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); +int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages); int security_bprm_creds_for_exec(struct linux_binprm *bprm); int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file); int security_bprm_check(struct linux_binprm *bprm); @@ -600,7 +600,7 @@ static inline int security_settime64(const struct timespec64 *ts, return cap_settime(ts, tz); } -static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +static inline int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages) { return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); } diff --git a/security/commoncap.c b/security/commoncap.c index 0b3fc2f3afe7..b7193f916b2c 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1397,7 +1397,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, * * Return: 1 if permission is granted, 0 if not. */ -int cap_vm_enough_memory(struct mm_struct *mm, long pages) +int cap_vm_enough_memory(const struct mm_struct *mm, long pages) { int cap_sys_admin = 0; diff --git a/security/security.c b/security/security.c index d5ff7ff45b77..f9c3dbc2376b 100644 --- a/security/security.c +++ b/security/security.c @@ -1017,7 +1017,7 @@ int security_settime64(const struct timespec64 *ts, const struct timezone *tz) * Return: Returns 0 if permission is granted by the LSM infrastructure to the * caller. */ -int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages) { struct security_hook_list *hp; int cap_sys_admin = 1; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 79b4890e9936..8ae9cc81902c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2158,7 +2158,7 @@ static int selinux_syslog(int type) * Do not audit the selinux permission check, as this is applied to all * processes that allocate mappings. */ -static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) +static int selinux_vm_enough_memory(const struct mm_struct *mm, long pages) { int rc, cap_sys_admin = 0; -- 2.34.1