On Fri, Jun 14, 2024 at 02:06:54PM +0200, Günther Noack wrote:

On Thu, Jun 13, 2024 at 11:20:38PM +0200, Mickaël Salaün wrote:

quoted

Great!  Looking at the generated data structures with pahole, it doesn't
increase the whole size, and it should be fine with other (small) fields
too.

With this new struct, we don't need the landlock_get_* helpers anymore.
We might want to keep the landlock_add_*() helpers as safeguards
(because of the WARN_ON_ONCE) though.

I am unsure about removing these helper functions, due to the following reasons:

 * landlock_get_fs_access_mask is the place where we transparently add the
   "refer" access right.  If we remove landlock_get_net_access_mask, it would be
   assymetric with keeping the same function for the file system restrictions.

 * landlock_init_layer_masks() is using landlock_get_fs_access_mask and
   landlock_get_net_access_mask through a function pointer.  When these
   functions are gone, we would have to redefine them locally anyway.

   Options to refactor this function include:
    * split it in two separate functions landlock_init_fs_layer_masks and
      landlock_init_net_layer_masks.  It would end up duplicating some of the
      bit manipulation code.
    * add another #if further down in the function

   Both variants seem not nice.

Do you think this is worth doing?

No, I agree with you.  It's applied to my next branch. Thanks!

Mikhail, Tahera, please base your next patch series on this branch:
https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/