From patchwork Mon Feb 26 20:37:47 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexey Dobriyan <adobriyan@gmail.com>
X-Patchwork-Id: 10243401
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	1415B60208
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 26 Feb 2018 20:37:58 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ED3E02A38F
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 26 Feb 2018 20:37:57 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E8F372A35E; Mon, 26 Feb 2018 20:37:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F07582A380
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Mon, 26 Feb 2018 20:37:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752813AbeBZUhz (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Mon, 26 Feb 2018 15:37:55 -0500
Received: from mail-wm0-f66.google.com ([74.125.82.66]:55259 "EHLO
	mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752801AbeBZUhv (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Mon, 26 Feb 2018 15:37:51 -0500
Received: by mail-wm0-f66.google.com with SMTP id z81so19945584wmb.4
	for <linux-security-module@vger.kernel.org>;
	Mon, 26 Feb 2018 12:37:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=Tax3a46ALTko1kemRz048tize+cBh72gfZwevSp5rkQ=;
	b=LUjAEEdSpRB8SwFpUvEB3DTqD2hRzTZHGQJmtzD1nhPJSvwhvJXiiqVoT+RIxilJ57
	UfSx6ZG+T5Di1hMwbpUoztK+SU/G/KW1dQcgyeHwBUtLEtEqo7SKtOxYPuW71Z7Fprab
	zwUMthravIQAW309rhz9gjLOjvkkaS1a9IQwXJXFKerHG42Bjr83vHImBdDiR571ycsN
	Usl4aTjxtyFTZihAaetb2O+7gtdCL5/yGoWOEoXJufzx6+Ks7Kz/UFKseusLE3h924hn
	cSGcOIB1d5J5NmiARLj70fXINTnJympUR/7de3BLw2VNsdwGUZgWFsd5JUxwSDRdu9FD
	Ndag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=Tax3a46ALTko1kemRz048tize+cBh72gfZwevSp5rkQ=;
	b=l50ED/kAIeDw8jks4Oct0LsiwBRfZtOqXdNzcoVm2GgAn+DnNJagI6dVFjCxZyUVRc
	BbHLMwJWRWRZrvnSd/BJ05rjzROQ54a90bmdN5EfYh/9mCLjqnEW158xHbo4SG884xNe
	jMsu6NxiZzo6QPiUc9ZIhnM+DXerwk0TGl5J/T/ic4Q5c/muS6pfJtduDBx9+7AGPJJ7
	SiJVtRk+ALhS045gVAHF3VjYo2IbIW34Ox6m24gBYnO8Ip97VoCWLV7Hose4Dzb06k/9
	AbvuzMYPpyWJX3HO8XGffySONAz7zLp+Qvn5n5ThgTH9A3H++O/DmRZ5huZ48bgOt8w6
	RhzA==
X-Gm-Message-State: APf1xPC+R0I21fSxG4LTpjnAZ+Z17zmDShR0ahp073NH+BP4IFIBXV17
	yfORzqQY8VB42/JyP1L/Gz/f
X-Google-Smtp-Source: 
 AH8x224zmDH1Kp8QsrFXmqbUdExV9cc/NyESOq62AgPnvGVM2kAkt20fQxK7Z/UTU9LwYkIhJlDXqA==
X-Received: by 10.28.235.23 with SMTP id j23mr8675386wmh.71.1519677470001;
	Mon, 26 Feb 2018 12:37:50 -0800 (PST)
Received: from avx2 (nat4-minsk-pool-46-53-177-92.telecom.by. [46.53.177.92])
	by smtp.gmail.com with ESMTPSA id
	o10sm400391wra.12.2018.02.26.12.37.48
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 26 Feb 2018 12:37:49 -0800 (PST)
Date: Mon, 26 Feb 2018 23:37:47 +0300
From: Alexey Dobriyan <adobriyan@gmail.com>
To: jmorris@namei.org, serge@hallyn.com
Cc: linux-security-module@vger.kernel.org, paul@paul-moore.com,
	sds@tycho.nsa.gov, eparis@parisplace.org, casey@schaufler-ca.com,
	zohar@linux.vnet.ibm.com, dmitry.kasatkin@gmail.com
Subject: [PATCH] security: mark kmem caches as __ro_after_init
Message-ID: <20180226203747.GB6886@avx2>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.7.2 (2016-11-26)
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Kmem caches are never reallocated once set up.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---

 security/integrity/iint.c     |    3 ++-
 security/selinux/avc.c        |    9 +++++----
 security/selinux/hooks.c      |    5 +++--
 security/selinux/ss/avtab.c   |    5 +++--
 security/selinux/ss/ebitmap.c |    3 ++-
 security/selinux/ss/hashtab.c |    3 ++-
 security/smack/smack_lsm.c    |    3 ++-
 7 files changed, 19 insertions(+), 12 deletions(-)

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -15,6 +15,7 @@
  *	- cache integrity information associated with an inode
  *	  using a rbtree tree.
  */
+#include <linux/cache.h>
 #include <linux/slab.h>
 #include <linux/module.h>
 #include <linux/spinlock.h>
@@ -25,7 +26,7 @@
 
 static struct rb_root integrity_iint_tree = RB_ROOT;
 static DEFINE_RWLOCK(integrity_iint_lock);
-static struct kmem_cache *iint_cache __read_mostly;
+static struct kmem_cache *iint_cache __ro_after_init;
 
 /*
  * __integrity_iint_find - return the iint associated with an inode
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -13,6 +13,7 @@
  *	it under the terms of the GNU General Public License version 2,
  *	as published by the Free Software Foundation.
  */
+#include <linux/cache.h>
 #include <linux/types.h>
 #include <linux/stddef.h>
 #include <linux/kernel.h>
@@ -91,10 +92,10 @@ DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats) = { 0 };
 
 static struct avc_cache avc_cache;
 static struct avc_callback_node *avc_callbacks;
-static struct kmem_cache *avc_node_cachep;
-static struct kmem_cache *avc_xperms_data_cachep;
-static struct kmem_cache *avc_xperms_decision_cachep;
-static struct kmem_cache *avc_xperms_cachep;
+static struct kmem_cache *avc_node_cachep __ro_after_init;
+static struct kmem_cache *avc_xperms_data_cachep __ro_after_init;
+static struct kmem_cache *avc_xperms_decision_cachep __ro_after_init;
+static struct kmem_cache *avc_xperms_cachep __ro_after_init;
 
 static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass)
 {
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -24,6 +24,7 @@
  *	as published by the Free Software Foundation.
  */
 
+#include <linux/cache.h>
 #include <linux/init.h>
 #include <linux/kd.h>
 #include <linux/kernel.h>
@@ -129,8 +130,8 @@ __setup("selinux=", selinux_enabled_setup);
 int selinux_enabled = 1;
 #endif
 
-static struct kmem_cache *sel_inode_cache;
-static struct kmem_cache *file_security_cache;
+static struct kmem_cache *sel_inode_cache __ro_after_init;
+static struct kmem_cache *file_security_cache __ro_after_init;
 
 /**
  * selinux_secmark_enabled - Check to see if SECMARK is currently enabled
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -17,14 +17,15 @@
  *	Tuned number of hash slots for avtab to reduce memory usage
  */
 
+#include <linux/cache.h>
 #include <linux/kernel.h>
 #include <linux/slab.h>
 #include <linux/errno.h>
 #include "avtab.h"
 #include "policydb.h"
 
-static struct kmem_cache *avtab_node_cachep;
-static struct kmem_cache *avtab_xperms_cachep;
+static struct kmem_cache *avtab_node_cachep __ro_after_init;
+static struct kmem_cache *avtab_xperms_cachep __ro_after_init;
 
 /* Based on MurmurHash3, written by Austin Appleby and placed in the
  * public domain.
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -16,6 +16,7 @@
  *      Applied standard bit operations to improve bitmap scanning.
  */
 
+#include <linux/cache.h>
 #include <linux/kernel.h>
 #include <linux/slab.h>
 #include <linux/errno.h>
@@ -25,7 +26,7 @@
 
 #define BITS_PER_U64	(sizeof(u64) * 8)
 
-static struct kmem_cache *ebitmap_node_cachep;
+static struct kmem_cache *ebitmap_node_cachep __ro_after_init;
 
 int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
 {
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -4,13 +4,14 @@
  *
  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
  */
+#include <linux/cache.h>
 #include <linux/kernel.h>
 #include <linux/slab.h>
 #include <linux/errno.h>
 #include <linux/sched.h>
 #include "hashtab.h"
 
-static struct kmem_cache *hashtab_node_cachep;
+static struct kmem_cache *hashtab_node_cachep __ro_after_init;
 
 struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key),
 			       int (*keycmp)(struct hashtab *h, const void *key1, const void *key2),
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -18,6 +18,7 @@
  *      as published by the Free Software Foundation.
  */
 
+#include <linux/cache.h>
 #include <linux/xattr.h>
 #include <linux/pagemap.h>
 #include <linux/mount.h>
@@ -55,7 +56,7 @@
 DEFINE_MUTEX(smack_ipv6_lock);
 static LIST_HEAD(smk_ipv6_port_list);
 #endif
-static struct kmem_cache *smack_inode_cache;
+static struct kmem_cache *smack_inode_cache __ro_after_init;
 int smack_enabled;
 
 static const match_table_t smk_mount_tokens = {