Message ID | ZOWtBTKkfcc8sKkY@gmail.com (mailing list archive) |
---|---|
State | Changes Requested |
Delegated to: | Paul Moore |
Headers | show |
Series | lsm: constify the 'mm' parameter in security_vm_enough_memory_mm() | expand |
On Wed, Aug 23, 2023 at 11:53:57AM +0500, Khadija Kamran wrote: > +++ b/include/linux/mm.h > @@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node); > avc; avc = anon_vma_interval_tree_iter_next(avc, start, last)) > > /* mmap.c */ > -extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin); > +extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin); Could you remove the 'extern' when you touch a function prototype?
Hi Khadija,
kernel test robot noticed the following build errors:
[auto build test ERROR on akpm-mm/mm-everything]
[also build test ERROR on pcmoore-selinux/next pcmoore-audit/next linus/master v6.5-rc7 next-20230824]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Khadija-Kamran/lsm-constify-the-mm-parameter-in-security_vm_enough_memory_mm/20230823-145455
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/r/ZOWtBTKkfcc8sKkY%40gmail.com
patch subject: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm()
config: arc-randconfig-001-20230824 (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/config)
compiler: arc-elf-gcc (GCC) 13.2.0
reproduce: (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202308242024.q4KF0YIN-lkp@intel.com/
All errors (new ones prefixed by >>):
>> mm/util.c:928:5: error: conflicting types for '__vm_enough_memory'; have 'int(struct mm_struct *, long int, int)'
928 | int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
| ^~~~~~~~~~~~~~~~~~
In file included from mm/util.c:2:
include/linux/mm.h:3199:12: note: previous declaration of '__vm_enough_memory' with type 'int(const struct mm_struct *, long int, int)'
3199 | extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin);
| ^~~~~~~~~~~~~~~~~~
vim +928 mm/util.c
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 911
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 912 /*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 913 * Check that a process has enough memory to allocate a new virtual
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 914 * mapping. 0 means there is enough memory for the allocation to
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 915 * succeed and -ENOMEM implies there is not.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 916 *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 917 * We currently support three overcommit policies, which are set via the
ee65728e103bb7 Mike Rapoport 2022-06-27 918 * vm.overcommit_memory sysctl. See Documentation/mm/overcommit-accounting.rst
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 919 *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 920 * Strict overcommit modes added 2002 Feb 26 by Alan Cox.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 921 * Additional code 2002 Jul 20 by Robert Love.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 922 *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 923 * cap_sys_admin is 1 if the process has admin privileges, 0 otherwise.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 924 *
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 925 * Note this is a helper function intended to be used by LSMs which
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 926 * wish to use this logic.
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 927 */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 @928 int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 929 {
8c7829b04c523c Johannes Weiner 2019-05-13 930 long allowed;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 931
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 932 vm_acct_memory(pages);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 933
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 934 /*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 935 * Sometimes we want to use more memory than we have
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 936 */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 937 if (sysctl_overcommit_memory == OVERCOMMIT_ALWAYS)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 938 return 0;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 939
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 940 if (sysctl_overcommit_memory == OVERCOMMIT_GUESS) {
8c7829b04c523c Johannes Weiner 2019-05-13 941 if (pages > totalram_pages() + total_swap_pages)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 942 goto error;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 943 return 0;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 944 }
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 945
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 946 allowed = vm_commit_limit();
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 947 /*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 948 * Reserve some for root
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 949 */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 950 if (!cap_sys_admin)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 951 allowed -= sysctl_admin_reserve_kbytes >> (PAGE_SHIFT - 10);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 952
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 953 /*
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 954 * Don't let a single process grow so big a user can't recover
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 955 */
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 956 if (mm) {
8c7829b04c523c Johannes Weiner 2019-05-13 957 long reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10);
8c7829b04c523c Johannes Weiner 2019-05-13 958
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 959 allowed -= min_t(long, mm->total_vm / 32, reserve);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 960 }
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 961
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 962 if (percpu_counter_read_positive(&vm_committed_as) < allowed)
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 963 return 0;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 964 error:
6bdfc60cf0f977 Jakub Wilk 2023-02-10 965 pr_warn_ratelimited("%s: pid: %d, comm: %s, not enough memory for the allocation\n",
44b414c8715c5d Kefeng Wang 2022-07-26 966 __func__, current->pid, current->comm);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 967 vm_unacct_memory(pages);
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 968
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 969 return -ENOMEM;
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 970 }
39a1aa8e194ab6 Andrey Ryabinin 2016-03-17 971
On Wed, Aug 23, 2023 at 8:07 AM Matthew Wilcox <willy@infradead.org> wrote: > On Wed, Aug 23, 2023 at 11:53:57AM +0500, Khadija Kamran wrote: > > +++ b/include/linux/mm.h > > @@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node); > > avc; avc = anon_vma_interval_tree_iter_next(avc, start, last)) > > > > /* mmap.c */ > > -extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin); > > +extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin); > > Could you remove the 'extern' when you touch a function prototype? Khadija, can you please make the change Matthew is requesting?
On Thu, Aug 24, 2023 at 9:04 AM kernel test robot <lkp@intel.com> wrote: > > Hi Khadija, > > kernel test robot noticed the following build errors: > > [auto build test ERROR on akpm-mm/mm-everything] > [also build test ERROR on pcmoore-selinux/next pcmoore-audit/next linus/master v6.5-rc7 next-20230824] > [If your patch is applied to the wrong git tree, kindly drop us a note. > And when submitting patch, we suggest to use '--base' as documented in > https://git-scm.com/docs/git-format-patch#_base_tree_information] > > url: https://github.com/intel-lab-lkp/linux/commits/Khadija-Kamran/lsm-constify-the-mm-parameter-in-security_vm_enough_memory_mm/20230823-145455 > base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything > patch link: https://lore.kernel.org/r/ZOWtBTKkfcc8sKkY%40gmail.com > patch subject: [PATCH] lsm: constify the 'mm' parameter in security_vm_enough_memory_mm() > config: arc-randconfig-001-20230824 (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/config) > compiler: arc-elf-gcc (GCC) 13.2.0 > reproduce: (https://download.01.org/0day-ci/archive/20230824/202308242024.q4KF0YIN-lkp@intel.com/reproduce) > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <lkp@intel.com> > | Closes: https://lore.kernel.org/oe-kbuild-all/202308242024.q4KF0YIN-lkp@intel.com/ > > All errors (new ones prefixed by >>): > > >> mm/util.c:928:5: error: conflicting types for '__vm_enough_memory'; have 'int(struct mm_struct *, long int, int)' > 928 | int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) > | ^~~~~~~~~~~~~~~~~~ > In file included from mm/util.c:2: > include/linux/mm.h:3199:12: note: previous declaration of '__vm_enough_memory' with type 'int(const struct mm_struct *, long int, int)' > 3199 | extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin); > | ^~~~~~~~~~~~~~~~~~ It looks like you will also need to update the __vm_enough_memory() definition to take a const mm_struct parameter. I looked quickly at the function just now and I don't think that will be a problem.
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 6bb55e61e8e8..aabf13482721 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -48,7 +48,7 @@ LSM_HOOK(int, 0, quota_on, struct dentry *dentry) LSM_HOOK(int, 0, syslog, int type) LSM_HOOK(int, 0, settime, const struct timespec64 *ts, const struct timezone *tz) -LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages) +LSM_HOOK(int, 0, vm_enough_memory, const struct mm_struct *mm, long pages) LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm) LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, struct file *file) LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm) diff --git a/include/linux/mm.h b/include/linux/mm.h index 27ce77080c79..52d43c5c20cd 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3064,7 +3064,7 @@ void anon_vma_interval_tree_verify(struct anon_vma_chain *node); avc; avc = anon_vma_interval_tree_iter_next(avc, start, last)) /* mmap.c */ -extern int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin); +extern int __vm_enough_memory(const struct mm_struct *mm, long pages, int cap_sys_admin); extern int vma_expand(struct vma_iterator *vmi, struct vm_area_struct *vma, unsigned long start, unsigned long end, pgoff_t pgoff, struct vm_area_struct *next); diff --git a/include/linux/security.h b/include/linux/security.h index e2734e9e44d5..442495335ffd 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -169,7 +169,7 @@ extern int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, extern int cap_task_setscheduler(struct task_struct *p); extern int cap_task_setioprio(struct task_struct *p, int ioprio); extern int cap_task_setnice(struct task_struct *p, int nice); -extern int cap_vm_enough_memory(struct mm_struct *mm, long pages); +extern int cap_vm_enough_memory(const struct mm_struct *mm, long pages); struct msghdr; struct sk_buff; @@ -287,7 +287,7 @@ int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); int security_syslog(int type); int security_settime64(const struct timespec64 *ts, const struct timezone *tz); -int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); +int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages); int security_bprm_creds_for_exec(struct linux_binprm *bprm); int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file); int security_bprm_check(struct linux_binprm *bprm); @@ -600,7 +600,7 @@ static inline int security_settime64(const struct timespec64 *ts, return cap_settime(ts, tz); } -static inline int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +static inline int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages) { return __vm_enough_memory(mm, pages, cap_vm_enough_memory(mm, pages)); } diff --git a/security/commoncap.c b/security/commoncap.c index 0b3fc2f3afe7..b7193f916b2c 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1397,7 +1397,7 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3, * * Return: 1 if permission is granted, 0 if not. */ -int cap_vm_enough_memory(struct mm_struct *mm, long pages) +int cap_vm_enough_memory(const struct mm_struct *mm, long pages) { int cap_sys_admin = 0; diff --git a/security/security.c b/security/security.c index d5ff7ff45b77..f9c3dbc2376b 100644 --- a/security/security.c +++ b/security/security.c @@ -1017,7 +1017,7 @@ int security_settime64(const struct timespec64 *ts, const struct timezone *tz) * Return: Returns 0 if permission is granted by the LSM infrastructure to the * caller. */ -int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) +int security_vm_enough_memory_mm(const struct mm_struct *mm, long pages) { struct security_hook_list *hp; int cap_sys_admin = 1; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 79b4890e9936..8ae9cc81902c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2158,7 +2158,7 @@ static int selinux_syslog(int type) * Do not audit the selinux permission check, as this is applied to all * processes that allocate mappings. */ -static int selinux_vm_enough_memory(struct mm_struct *mm, long pages) +static int selinux_vm_enough_memory(const struct mm_struct *mm, long pages) { int rc, cap_sys_admin = 0;
The 'vm_enough_memory' hook has implementations registered in SELinux and commoncap. Looking at the function implementations we observe that the 'mm' parameter is not changing. Mark the 'mm' parameter of LSM hook security_vm_enough_memory_mm() as 'const' since it will not be changing in the LSM hook. Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com> --- include/linux/lsm_hook_defs.h | 2 +- include/linux/mm.h | 2 +- include/linux/security.h | 6 +++--- security/commoncap.c | 2 +- security/security.c | 2 +- security/selinux/hooks.c | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-)