| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m21pvdj6zv.fsf@kloenk.dev>
Date: Tue, 04 Mar 2025 13:49:24 +0100
From: Fiona Behrens <me@...enk.dev>
To: Alice Ryhl <aliceryhl@...gle.com>
Cc: Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>, Miguel Ojeda <ojeda@...nel.org>,
Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin
<benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>,
Trevor Gross <tmgross@...ch.edu>, rust-for-linux@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] lsm: rust: mark SecurityCtx methods inline
Alice Ryhl <aliceryhl@...gle.com> writes:
> When you build the kernel using the llvm-19.1.4-rust-1.83.0-x86_64
> toolchain provided by kernel.org with ARCH=arm64, the following symbols
> are generated:
>
> $ nm vmlinux | grep ' _R'.*SecurityCtx | rustfilt
> ffffffc0808fe8a0 T <kernel::security::SecurityCtx>::from_secid
> ffffffc0808fe9a4 T <kernel::security::SecurityCtx as core::ops::drop::Drop>::drop
>
> However, these Rust symbols are trivial wrappers around the functions
> security_secid_to_secctx and security_release_secctx respectively. It
> doesn't make sense to go through a trivial wrapper for these functions,
> so mark them inline. Also mark other trivial methods inline to prevent
> similar cases in the future.
>
> After applying this patch, the above command will produce no output.
>
> Reviewed-by: Andreas Hindborg <a.hindborg@...nel.org>
> Signed-off-by: Alice Ryhl <aliceryhl@...gle.com>
Reviewed-by: Fiona Behrens <me@...enk.dev>
> ---
> Changes in v2:
> - Reword commit message.
> - Link to v1: https://lore.kernel.org/r/20250303-inline-securityctx-v1-1-fb7b9b641fdf@google.com
> ---
> I will also reword "destroy"/"free" to "release" as suggested by Casey,
> but I'll send a separate patch for that change.
> ---
> rust/kernel/security.rs | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/rust/kernel/security.rs b/rust/kernel/security.rs
> index 25d2b1ac383355941ecbe86bd3c505eb6517c180..24321105052648e150f2875bcfa5ef29f4249516 100644
> --- a/rust/kernel/security.rs
> +++ b/rust/kernel/security.rs
> @@ -23,6 +23,7 @@ pub struct SecurityCtx {
>
> impl SecurityCtx {
> /// Get the security context given its id.
> + #[inline]
> pub fn from_secid(secid: u32) -> Result<Self> {
> // SAFETY: `struct lsm_context` can be initialized to all zeros.
> let mut ctx: bindings::lsm_context = unsafe { core::mem::zeroed() };
> @@ -35,16 +36,19 @@ pub fn from_secid(secid: u32) -> Result<Self> {
> }
>
> /// Returns whether the security context is empty.
> + #[inline]
> pub fn is_empty(&self) -> bool {
> self.ctx.len == 0
> }
>
> /// Returns the length of this security context.
> + #[inline]
> pub fn len(&self) -> usize {
> self.ctx.len as usize
> }
>
> /// Returns the bytes for this security context.
> + #[inline]
> pub fn as_bytes(&self) -> &[u8] {
> let ptr = self.ctx.context;
> if ptr.is_null() {
> @@ -61,6 +65,7 @@ pub fn as_bytes(&self) -> &[u8] {
> }
>
> impl Drop for SecurityCtx {
> + #[inline]
> fn drop(&mut self) {
> // SAFETY: By the invariant of `Self`, this frees a context that came from a successful
> // call to `security_secid_to_secctx` and has not yet been destroyed by
>
> ---
> base-commit: a64dcfb451e254085a7daee5fe51bf22959d52d3
> change-id: 20250303-inline-securityctx-6fc1ca669156
>
> Best regards,
Powered by blists - more mailing lists