[PATCH v3 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() into caller

[RFC PATCH v3 0/34] Rework the LSM initialization · Paul Moore <paul@paul-moore.com> · 2025-08-14
[PATCH v3 01/34] lsm: split the notifier code out into lsm_notifier.c · Paul Moore <paul@paul-moore.com> · 2025-08-14
[PATCH v3 02/34] lsm: split the init code out into lsm_init.c · Paul Moore <paul@paul-moore.com> · 2025-08-14
[PATCH v3 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 03/34] lsm: consolidate lsm_allowed() and prepare_lsm() into lsm_prepare() · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 04/34] lsm: introduce looping macros for the initialization code · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 04/34] lsm: introduce looping macros for the initialization code · John Johansen <john.johansen@canonical.com> · 2025-09-02
Re: [PATCH v3 04/34] lsm: introduce looping macros for the initialization code · Paul Moore <paul@paul-moore.com> · 2025-09-03
[PATCH v3 05/34] lsm: integrate report_lsm_order() code into caller · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 05/34] lsm: integrate report_lsm_order() code into caller · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() into caller · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() into caller · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered() · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 07/34] lsm: rename ordered_lsm_init() to lsm_init_ordered() · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 08/34] lsm: replace the name field with a pointer to the lsm_id struct · Paul Moore <paul@paul-moore.com> · 2025-08-14
[PATCH v3 09/34] lsm: rename the lsm order variables for consistency · Paul Moore <paul@paul-moore.com> · 2025-08-14
[PATCH v3 10/34] lsm: rework lsm_active_cnt and lsm_idlist[] · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 10/34] lsm: rework lsm_active_cnt and lsm_idlist[] · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Casey Schaufler <casey@schaufler-ca.com> · 2025-08-15
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · John Johansen <john.johansen@canonical.com> · 2025-09-02
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Paul Moore <paul@paul-moore.com> · 2025-09-03
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · John Johansen <john.johansen@canonical.com> · 2025-09-03
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Roberto Sassu <hidden> · 2025-09-04
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · John Johansen <john.johansen@canonical.com> · 2025-09-04
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Paul Moore <paul@paul-moore.com> · 2025-09-04
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Paul Moore <paul@paul-moore.com> · 2025-09-04
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2025-09-07
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2025-09-08
Re: [PATCH v3 11/34] lsm: get rid of the lsm_names list and do some cleanup · Paul Moore <paul@paul-moore.com> · 2025-09-08
[PATCH v3 12/34] lsm: rework the LSM enable/disable setter/getter functions · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 12/34] lsm: rework the LSM enable/disable setter/getter functions · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists() · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 13/34] lsm: rename exists_ordered_lsm() to lsm_order_exists() · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append() · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 14/34] lsm: rename/rework append_ordered_lsm() into lsm_order_append() · John Johansen <john.johansen@canonical.com> · 2025-09-03
[PATCH v3 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 15/34] lsm: rename/rework ordered_lsm_parse() to lsm_order_parse() · John Johansen <john.johansen@canonical.com> · 2025-09-03
[PATCH v3 16/34] lsm: cleanup the LSM blob size code · Paul Moore <paul@paul-moore.com> · 2025-08-14
[PATCH v3 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single() · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 17/34] lsm: cleanup initialize_lsm() and rename to lsm_init_single() · Casey Schaufler <casey@schaufler-ca.com> · 2025-08-15
[PATCH v3 18/34] lsm: fold lsm_init_ordered() into security_init() · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 18/34] lsm: fold lsm_init_ordered() into security_init() · John Johansen <john.johansen@canonical.com> · 2025-09-03
[PATCH v3 19/34] lsm: add/tweak function header comment blocks in lsm_init.c · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 19/34] lsm: add/tweak function header comment blocks in lsm_init.c · John Johansen <john.johansen@canonical.com> · 2025-09-03
[PATCH v3 20/34] lsm: cleanup the debug and console output in lsm_init.c · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 20/34] lsm: cleanup the debug and console output in lsm_init.c · John Johansen <john.johansen@canonical.com> · 2025-09-03
[PATCH v3 21/34] lsm: output available LSMs when debugging · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 21/34] lsm: output available LSMs when debugging · John Johansen <john.johansen@canonical.com> · 2025-09-03
[PATCH v3 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 22/34] lsm: group lsm_order_parse() with the other lsm_order_*() functions · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 23/34] lsm: introduce an initcall mechanism into the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 23/34] lsm: introduce an initcall mechanism into the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 24/34] loadpin: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 24/34] loadpin: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 25/34] ipe: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 25/34] ipe: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 26/34] smack: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 26/34] smack: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 27/34] tomoyo: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 27/34] tomoyo: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-02
Re: [PATCH v3 27/34] tomoyo: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-03
Re: [PATCH v3 27/34] tomoyo: move initcalls to the LSM framework · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2025-09-04
Re: [PATCH v3 27/34] tomoyo: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-04
Re: [PATCH v3 27/34] tomoyo: move initcalls to the LSM framework · Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> · 2025-09-07
Re: [PATCH v3 27/34] tomoyo: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-08
[PATCH v3 28/34] safesetid: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 28/34] safesetid: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 29/34] apparmor: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 29/34] apparmor: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-03
Re: [PATCH v3 29/34] apparmor: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-03
Re: [PATCH v3 29/34] apparmor: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-04
Re: [PATCH v3 29/34] apparmor: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-08
Re: [PATCH v3 29/34] apparmor: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-08
[PATCH v3 30/34] lockdown: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 30/34] lockdown: move initcalls to the LSM framework · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-22
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Roberto Sassu <hidden> · 2025-09-02
[PATCH] ima,evm: move initcalls to the LSM framework · Roberto Sassu <hidden> · 2025-09-02
Re: [PATCH] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-03
Re: [PATCH] ima,evm: move initcalls to the LSM framework · Mimi Zohar <zohar@linux.ibm.com> · 2025-09-07
Re: [PATCH] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-08
Re: [PATCH] ima,evm: move initcalls to the LSM framework · Mimi Zohar <zohar@linux.ibm.com> · 2025-09-08
Re: [PATCH] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-08
Re: [PATCH] ima,evm: move initcalls to the LSM framework · Roberto Sassu <hidden> · 2025-09-09
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Mimi Zohar <zohar@linux.ibm.com> · 2025-09-07
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-08
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Mimi Zohar <zohar@linux.ibm.com> · 2025-09-08
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-11
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Mimi Zohar <zohar@linux.ibm.com> · 2025-09-12
Re: [PATCH v3 31/34] ima,evm: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-09-12
[PATCH v3 32/34] selinux: move initcalls to the LSM framework · Paul Moore <paul@paul-moore.com> · 2025-08-14
[PATCH v3 33/34] lsm: consolidate all of the LSM framework initcalls · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 33/34] lsm: consolidate all of the LSM framework initcalls · John Johansen <john.johansen@canonical.com> · 2025-09-02
[PATCH v3 34/34] lsm: add a LSM_STARTED_ALL notification event · Paul Moore <paul@paul-moore.com> · 2025-08-14
Re: [PATCH v3 34/34] lsm: add a LSM_STARTED_ALL notification event · John Johansen <john.johansen@canonical.com> · 2025-09-02

STALE278d REVIEWED: 1 (1M)

Revisions (6)

2025-04-09 rfc [diff vs current]
2025-07-21 v2 [diff vs current]
2025-08-14 v3 current
2025-09-16 v4 [diff vs current]
2025-10-17 v5 [diff vs current]
2025-10-17 v5 [diff vs current]

From: Paul Moore <paul@paul-moore.com>
Date: 2025-08-14 22:54:13
Also in: linux-integrity, selinux
Subsystem: security subsystem, the rest · Maintainers: Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

With only one caller of lsm_early_cred() and lsm_early_task(), insert
the functions' code directly into the caller and ger rid of the two
functions.

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/lsm_init.c | 35 +++++------------------------------
 1 file changed, 5 insertions(+), 30 deletions(-)

diff --git a/security/lsm_init.c b/security/lsm_init.c
index 09afa7ad719e..a8b82329c76a 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c

@@ -291,34 +291,6 @@ static void __init ordered_lsm_parse(const char *order, const char *origin)
 	kfree(sep);
 }
 
-/**
- * lsm_early_cred - during initialization allocate a composite cred blob
- * @cred: the cred that needs a blob
- *
- * Allocate the cred blob for all the modules
- */
-static void __init lsm_early_cred(struct cred *cred)
-{
-	int rc = lsm_cred_alloc(cred, GFP_KERNEL);
-
-	if (rc)
-		panic("%s: Early cred alloc failed.\n", __func__);
-}
-
-/**
- * lsm_early_task - during initialization allocate a composite task blob
- * @task: the task that needs a blob
- *
- * Allocate the task blob for all the modules
- */
-static void __init lsm_early_task(struct task_struct *task)
-{
-	int rc = lsm_task_alloc(task);
-
-	if (rc)
-		panic("%s: Early task alloc failed.\n", __func__);
-}
-
 static void __init ordered_lsm_init(void)
 {
 	unsigned int first = 0;

@@ -382,8 +354,11 @@ static void __init ordered_lsm_init(void)
 						    blob_sizes.lbs_inode, 0,
 						    SLAB_PANIC, NULL);
 
-	lsm_early_cred((struct cred *) current->cred);
-	lsm_early_task(current);
+	if (lsm_cred_alloc((struct cred *)current->cred, GFP_KERNEL))
+		panic("%s: early cred alloc failed.\n", __func__);
+	if (lsm_task_alloc(current))
+		panic("%s: early task alloc failed.\n", __func__);
+
 	lsm_order_for_each(lsm) {
 		initialize_lsm(*lsm);
 	}

-- 
2.50.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help