From patchwork Mon Jun 20 13:36:49 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Huw Davies X-Patchwork-Id: 9187617 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6CEC16075E for ; Mon, 20 Jun 2016 14:24:02 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 584A51FE7B for ; Mon, 20 Jun 2016 14:24:02 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4C99727813; Mon, 20 Jun 2016 14:24:02 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, T_DKIM_INVALID autolearn=no version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 77C1E1FE7B for ; Mon, 20 Jun 2016 14:24:01 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.26,498,1459814400"; d="scan'208";a="14812915" IronPort-PHdr: =?us-ascii?q?9a23=3ADeK8IhBg5nQzoESbyuiGUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP/6osbcNUDSrc9gkEXOFd2CrakU2qyH7uu+BiQp2tWojjMrSNR0TRgLiM?= =?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3Dwdp?= =?us-ascii?q?POO9QteU1JTmkbHvsMOMKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu?= =?us-ascii?q?5NznlpL1/A1zz158O34YIxu38I46FpytREGZneU+x4COUATWduD2dg4sD3uRTd?= =?us-ascii?q?ZRWA62FaUWgMlBdMRQ/f41WyWpb3rzu/red2xTObIdyzSLc4RDCvx7lkRQWuiy?= =?us-ascii?q?odMTM9tmbNhYg4l69foRS8tzRj0oXUZ8eTL/M4caTDLv0AQm8UfttOHwBIHIKx?= =?us-ascii?q?dMNbD/ceFe1fo4TiqlIQoAGlQwKrAbW8mXdzmnbq0PhigKwaGgbc0VllRooD?= X-IPAS-Result: =?us-ascii?q?A2FzBQDX+2dX/wHyM5BeHQGDIIFTvFgfhzNMAQEBAQEBAgJ?= =?us-ascii?q?iJ4IxDzk8AQEBAQEBIwINZgIkEwYBAQwgDAIDCQIXKQgIAwEtCwoYBwsFGASID?= =?us-ascii?q?69GhSkBAQWLfgiPBhEBhXeIF5BkjiyJWoVGj3dUgggcF4E2bYkTgTUBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 20 Jun 2016 14:23:58 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5KEL579020915; Mon, 20 Jun 2016 10:22:29 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u5KDbMjl090416 for ; Mon, 20 Jun 2016 09:37:22 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5KDbIP5013705 for ; Mon, 20 Jun 2016 09:37:22 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DJAgDV8GdXfYO9+9heHAEBhHO4VoQBCBeGAIEzTAEBAQEBARMBARYzhH4qGQEBNwGBHCISiDCvToUpAQEFi1IpCJF9C0CCR4gXkGSOLI8gj3eCTw0cF4E2OzKKSAEBAQ X-IPAS-Result: A1DJAgDV8GdXfYO9+9heHAEBhHO4VoQBCBeGAIEzTAEBAQEBARMBARYzhH4qGQEBNwGBHCISiDCvToUpAQEFi1IpCJF9C0CCR4gXkGSOLI8gj3eCTw0cF4E2OzKKSAEBAQ X-IronPort-AV: E=Sophos;i="5.26,498,1459828800"; d="scan'208";a="5526691" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 20 Jun 2016 09:37:22 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AIeRvPRLPIor8MDFy+NmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgVKP7xwZ3uMQTl6Ol3ixeRBMOAu6MC2red7fyocFdDyKjCmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWC3oLmiqvsp9X6WEZhunmUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?= =?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD89pozcNLUL37cqIkVvQYSW1+ayFmrPHs4B/O?= =?us-ascii?q?UQeC+FMCXWgM1BlFGQ7I6Ff9RJi1+i/7sPdtnTKXNtDsTKwlHDGl47pvRTf2hy?= =?us-ascii?q?odcT006mfajop3lq0f6Amsox153p78fJCeNP04eLjUO9wdWzlvRMFUAgxcHcuQ?= =?us-ascii?q?ZpUOAvFJaeZFsKH2oFcDsha3GwS2H6XkzToe1Sy+5rEzz+l0SVKO5wcnBd9b9S?= =?us-ascii?q?2M9Ng=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EiAwAV8WdXfYO9+9heHAEBhHO4VoQBC?= =?us-ascii?q?BeGAIEzTAEBAQEBAQICDwEBFjMvgjEPOTwBAQEBAQEjAg1iKhkBATcBgRwiEog?= =?us-ascii?q?wr06FKQEBBYtSKQiRfQtAgkeIF5BkjiyPII93gk8NHBeBNjsyikgBAQE?= X-IPAS-Result: =?us-ascii?q?A0EiAwAV8WdXfYO9+9heHAEBhHO4VoQBCBeGAIEzTAEBAQE?= =?us-ascii?q?BAQICDwEBFjMvgjEPOTwBAQEBAQEjAg1iKhkBATcBgRwiEogwr06FKQEBBYtSK?= =?us-ascii?q?QiRfQtAgkeIF5BkjiyPII93gk8NHBeBNjsyikgBAQE?= X-IronPort-AV: E=Sophos;i="5.26,498,1459814400"; d="scan'208";a="17034988" Received: from mail.codeweavers.com ([216.251.189.131]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES128-SHA; 20 Jun 2016 13:37:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=codeweavers.com; s=6377696661; h=Message-Id:Date:Subject:Cc:To:From; bh=a8P552R1MoZGuutyKOfzf3ajMVUZCvjD39wMLz+PU7Y=; b=D2Zr0lz2YsebjZnJYf310Ma9bZfWTRWZpize6+Osa2Z5WZFk0StXd+/+DTLrC79FBIsxj9t5FsxpwW63g7/NiVn8qYunIFYl0jPmfhRiYP0c94eznIR9qIfmAK0LH2F7CnWhV1QeBJSE3eIGLL9BCkScBa3vo/ESs5OBqSv3jFY=; Received: from vpn38.vpn.mn.codeweavers.com ([10.69.139.38] helo=merlot.physics.ox.ac.uk) by mail.codeweavers.com with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1bEzOB-00028s-Mq; Mon, 20 Jun 2016 08:37:21 -0500 Received: from daviesh by merlot.physics.ox.ac.uk with local (Exim 4.86_2) (envelope-from ) id 1bEzNs-0003LM-UX; Mon, 20 Jun 2016 14:37:01 +0100 From: Huw Davies To: netdev@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov Subject: [PATCH v4 09/19] netlabel: Move bitmap manipulation functions to the NetLabel core. Date: Mon, 20 Jun 2016 14:36:49 +0100 Message-Id: <1466429819-12707-10-git-send-email-huw@codeweavers.com> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP This is to allow the CALIPSO labelling engine to use these. Signed-off-by: Huw Davies --- include/net/netlabel.h | 6 +++ net/ipv4/cipso_ipv4.c | 88 +++++--------------------------------------- net/netlabel/netlabel_kapi.c | 70 +++++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+), 79 deletions(-) diff --git a/include/net/netlabel.h b/include/net/netlabel.h index 2c0513b..9fc2cab 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -434,6 +434,12 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, unsigned long bitmap, gfp_t flags); +/* Bitmap functions + */ +int netlbl_bitmap_walk(const unsigned char *bitmap, u32 bitmap_len, + u32 offset, u8 state); +void netlbl_bitmap_setbit(unsigned char *bitmap, u32 bit, u8 state); + /* * LSM protocol operations (NetLabel LSM/kernel API) */ diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c index bdb2a07..d710d4e 100644 --- a/net/ipv4/cipso_ipv4.c +++ b/net/ipv4/cipso_ipv4.c @@ -135,76 +135,6 @@ int cipso_v4_rbm_strictvalid = 1; */ /** - * cipso_v4_bitmap_walk - Walk a bitmap looking for a bit - * @bitmap: the bitmap - * @bitmap_len: length in bits - * @offset: starting offset - * @state: if non-zero, look for a set (1) bit else look for a cleared (0) bit - * - * Description: - * Starting at @offset, walk the bitmap from left to right until either the - * desired bit is found or we reach the end. Return the bit offset, -1 if - * not found, or -2 if error. - */ -static int cipso_v4_bitmap_walk(const unsigned char *bitmap, - u32 bitmap_len, - u32 offset, - u8 state) -{ - u32 bit_spot; - u32 byte_offset; - unsigned char bitmask; - unsigned char byte; - - /* gcc always rounds to zero when doing integer division */ - byte_offset = offset / 8; - byte = bitmap[byte_offset]; - bit_spot = offset; - bitmask = 0x80 >> (offset % 8); - - while (bit_spot < bitmap_len) { - if ((state && (byte & bitmask) == bitmask) || - (state == 0 && (byte & bitmask) == 0)) - return bit_spot; - - bit_spot++; - bitmask >>= 1; - if (bitmask == 0) { - byte = bitmap[++byte_offset]; - bitmask = 0x80; - } - } - - return -1; -} - -/** - * cipso_v4_bitmap_setbit - Sets a single bit in a bitmap - * @bitmap: the bitmap - * @bit: the bit - * @state: if non-zero, set the bit (1) else clear the bit (0) - * - * Description: - * Set a single bit in the bitmask. Returns zero on success, negative values - * on error. - */ -static void cipso_v4_bitmap_setbit(unsigned char *bitmap, - u32 bit, - u8 state) -{ - u32 byte_spot; - u8 bitmask; - - /* gcc always rounds to zero when doing integer division */ - byte_spot = bit / 8; - bitmask = 0x80 >> (bit % 8); - if (state) - bitmap[byte_spot] |= bitmask; - else - bitmap[byte_spot] &= ~bitmask; -} - -/** * cipso_v4_cache_entry_free - Frees a cache entry * @entry: the entry to free * @@ -840,10 +770,10 @@ static int cipso_v4_map_cat_rbm_valid(const struct cipso_v4_doi *doi_def, cipso_cat_size = doi_def->map.std->cat.cipso_size; cipso_array = doi_def->map.std->cat.cipso; for (;;) { - cat = cipso_v4_bitmap_walk(bitmap, - bitmap_len_bits, - cat + 1, - 1); + cat = netlbl_bitmap_walk(bitmap, + bitmap_len_bits, + cat + 1, + 1); if (cat < 0) break; if (cat >= cipso_cat_size || @@ -909,7 +839,7 @@ static int cipso_v4_map_cat_rbm_hton(const struct cipso_v4_doi *doi_def, } if (net_spot >= net_clen_bits) return -ENOSPC; - cipso_v4_bitmap_setbit(net_cat, net_spot, 1); + netlbl_bitmap_setbit(net_cat, net_spot, 1); if (net_spot > net_spot_max) net_spot_max = net_spot; @@ -951,10 +881,10 @@ static int cipso_v4_map_cat_rbm_ntoh(const struct cipso_v4_doi *doi_def, } for (;;) { - net_spot = cipso_v4_bitmap_walk(net_cat, - net_clen_bits, - net_spot + 1, - 1); + net_spot = netlbl_bitmap_walk(net_cat, + net_clen_bits, + net_spot + 1, + 1); if (net_spot < 0) { if (net_spot == -2) return -EFAULT; diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index 55c59a0..609c853 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -729,6 +729,76 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap, return 0; } +/* Bitmap functions + */ + +/** + * netlbl_bitmap_walk - Walk a bitmap looking for a bit + * @bitmap: the bitmap + * @bitmap_len: length in bits + * @offset: starting offset + * @state: if non-zero, look for a set (1) bit else look for a cleared (0) bit + * + * Description: + * Starting at @offset, walk the bitmap from left to right until either the + * desired bit is found or we reach the end. Return the bit offset, -1 if + * not found, or -2 if error. + */ +int netlbl_bitmap_walk(const unsigned char *bitmap, u32 bitmap_len, + u32 offset, u8 state) +{ + u32 bit_spot; + u32 byte_offset; + unsigned char bitmask; + unsigned char byte; + + byte_offset = offset / 8; + byte = bitmap[byte_offset]; + bit_spot = offset; + bitmask = 0x80 >> (offset % 8); + + while (bit_spot < bitmap_len) { + if ((state && (byte & bitmask) == bitmask) || + (state == 0 && (byte & bitmask) == 0)) + return bit_spot; + + bit_spot++; + bitmask >>= 1; + if (bitmask == 0) { + byte = bitmap[++byte_offset]; + bitmask = 0x80; + } + } + + return -1; +} +EXPORT_SYMBOL(netlbl_bitmap_walk); + +/** + * netlbl_bitmap_setbit - Sets a single bit in a bitmap + * @bitmap: the bitmap + * @bit: the bit + * @state: if non-zero, set the bit (1) else clear the bit (0) + * + * Description: + * Set a single bit in the bitmask. Returns zero on success, negative values + * on error. + */ +void netlbl_bitmap_setbit(unsigned char *bitmap, u32 bit, u8 state) +{ + u32 byte_spot; + u8 bitmask; + + /* gcc always rounds to zero when doing integer division */ + byte_spot = bit / 8; + bitmask = 0x80 >> (bit % 8); + if (state) + bitmap[byte_spot] |= bitmask; + else + bitmap[byte_spot] &= ~bitmask; +} +EXPORT_SYMBOL(netlbl_bitmap_setbit); + /* * LSM Functions */