[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241101095620.2526421-1-aliceryhl@google.com>
Date: Fri, 1 Nov 2024 09:56:20 +0000
From: Alice Ryhl <aliceryhl@...gle.com>
To: naresh.kamboju@...aro.org, casey@...aufler-ca.com, paul@...l-moore.com
Cc: anders.roxell@...aro.org, arnd@...db.de, brauner@...nel.org,
dan.carpenter@...aro.org, kees@...nel.org, linux-kernel@...r.kernel.org,
lkft-triage@...ts.linaro.org, ojeda@...nel.org, regressions@...ts.linux.dev,
rust-for-linux@...r.kernel.org, linux-security-module@...r.kernel.org,
lkft@...aro.org, aliceryhl@...gle.com
Subject: [PATCH] rust: lsm: replace context+len with lsm_context
This brings the Rust SecurityCtx abstraction [1] up to date with the new
API where context+len is replaced with an lsm_context [2] struct.
Link: https://lore.kernel.org/r/20240915-alice-file-v10-5-88484f7a3dcf@google.com [1]
Link: https://lore.kernel.org/r/20241023212158.18718-3-casey@schaufler-ca.com [2]
Reported-by: Linux Kernel Functional Testing <lkft@...aro.org>
Closes: https://lore.kernel.org/r/CA+G9fYv_Y2tzs+uYhMGtfUK9dSYV2mFr6WyKEzJazDsdk9o5zw@mail.gmail.com
Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
---
rust/helpers/security.c | 8 ++++----
rust/kernel/security.rs | 38 +++++++++++++++++---------------------
2 files changed, 21 insertions(+), 25 deletions(-)
diff --git a/rust/helpers/security.c b/rust/helpers/security.c
index 239e5b4745fe..0c4c2065df28 100644
--- a/rust/helpers/security.c
+++ b/rust/helpers/security.c
@@ -8,13 +8,13 @@ void rust_helper_security_cred_getsecid(const struct cred *c, u32 *secid)
security_cred_getsecid(c, secid);
}
-int rust_helper_security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+int rust_helper_security_secid_to_secctx(u32 secid, struct lsm_context *cp)
{
- return security_secid_to_secctx(secid, secdata, seclen);
+ return security_secid_to_secctx(secid, cp);
}
-void rust_helper_security_release_secctx(char *secdata, u32 seclen)
+void rust_helper_security_release_secctx(struct lsm_context *cp)
{
- security_release_secctx(secdata, seclen);
+ security_release_secctx(cp);
}
#endif
diff --git a/rust/kernel/security.rs b/rust/kernel/security.rs
index 2522868862a1..25d2b1ac3833 100644
--- a/rust/kernel/security.rs
+++ b/rust/kernel/security.rs
@@ -15,60 +15,56 @@
///
/// # Invariants
///
-/// The `secdata` and `seclen` fields correspond to a valid security context as returned by a
-/// successful call to `security_secid_to_secctx`, that has not yet been destroyed by calling
-/// `security_release_secctx`.
+/// The `ctx` field corresponds to a valid security context as returned by a successful call to
+/// `security_secid_to_secctx`, that has not yet been destroyed by `security_release_secctx`.
pub struct SecurityCtx {
- secdata: *mut core::ffi::c_char,
- seclen: usize,
+ ctx: bindings::lsm_context,
}
impl SecurityCtx {
/// Get the security context given its id.
pub fn from_secid(secid: u32) -> Result<Self> {
- let mut secdata = core::ptr::null_mut();
- let mut seclen = 0u32;
- // SAFETY: Just a C FFI call. The pointers are valid for writes.
- to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut secdata, &mut seclen) })?;
+ // SAFETY: `struct lsm_context` can be initialized to all zeros.
+ let mut ctx: bindings::lsm_context = unsafe { core::mem::zeroed() };
+
+ // SAFETY: Just a C FFI call. The pointer is valid for writes.
+ to_result(unsafe { bindings::security_secid_to_secctx(secid, &mut ctx) })?;
// INVARIANT: If the above call did not fail, then we have a valid security context.
- Ok(Self {
- secdata,
- seclen: seclen as usize,
- })
+ Ok(Self { ctx })
}
/// Returns whether the security context is empty.
pub fn is_empty(&self) -> bool {
- self.seclen == 0
+ self.ctx.len == 0
}
/// Returns the length of this security context.
pub fn len(&self) -> usize {
- self.seclen
+ self.ctx.len as usize
}
/// Returns the bytes for this security context.
pub fn as_bytes(&self) -> &[u8] {
- let ptr = self.secdata;
+ let ptr = self.ctx.context;
if ptr.is_null() {
- debug_assert_eq!(self.seclen, 0);
+ debug_assert_eq!(self.len(), 0);
// We can't pass a null pointer to `slice::from_raw_parts` even if the length is zero.
return &[];
}
// SAFETY: The call to `security_secid_to_secctx` guarantees that the pointer is valid for
- // `seclen` bytes. Furthermore, if the length is zero, then we have ensured that the
+ // `self.len()` bytes. Furthermore, if the length is zero, then we have ensured that the
// pointer is not null.
- unsafe { core::slice::from_raw_parts(ptr.cast(), self.seclen) }
+ unsafe { core::slice::from_raw_parts(ptr.cast(), self.len()) }
}
}
impl Drop for SecurityCtx {
fn drop(&mut self) {
- // SAFETY: By the invariant of `Self`, this frees a pointer that came from a successful
+ // SAFETY: By the invariant of `Self`, this frees a context that came from a successful
// call to `security_secid_to_secctx` and has not yet been destroyed by
// `security_release_secctx`.
- unsafe { bindings::security_release_secctx(self.secdata, self.seclen as u32) };
+ unsafe { bindings::security_release_secctx(&mut self.ctx) };
}
}
base-commit: c88416ba074a8913cf6d61b789dd834bbca6681c
--
2.47.0.199.ga7371fff76-goog
Powered by blists - more mailing lists