Re: [PATCH v9 03/12] landlock: Refactor landlock_find_rule/insert_rule

[PATCH v9 00/12] Network support for Landlock · Konstantin Meskhidze <hidden> · 2023-01-16
[PATCH v9 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2023-02-10
Re: [PATCH v9 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2023-02-14
Re: [PATCH v9 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Mickaël Salaün <mic@digikod.net> · 2023-02-14
Re: [PATCH v9 02/12] landlock: Allow filesystem layout changes for domains without such rule type · Konstantin Meskhidze (A) <hidden> · 2023-02-14
[PATCH v9 01/12] landlock: Make ruleset's access masks more generic · Konstantin Meskhidze <hidden> · 2023-01-16
[PATCH v9 04/12] landlock: Refactor merge/inherit_ruleset functions · Konstantin Meskhidze <hidden> · 2023-01-16
[PATCH v9 03/12] landlock: Refactor landlock_find_rule/insert_rule · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 03/12] landlock: Refactor landlock_find_rule/insert_rule · Mickaël Salaün <mic@digikod.net> · 2023-02-10
Re: [PATCH v9 03/12] landlock: Refactor landlock_find_rule/insert_rule · Konstantin Meskhidze (A) <hidden> · 2023-02-14
Re: [PATCH v9 03/12] landlock: Refactor landlock_find_rule/insert_rule · Mickaël Salaün <mic@digikod.net> · 2023-02-14
Re: [PATCH v9 03/12] landlock: Refactor landlock_find_rule/insert_rule · Konstantin Meskhidze (A) <hidden> · 2023-02-14
[PATCH v9 07/12] landlock: Refactor landlock_add_rule() syscall · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 07/12] landlock: Refactor landlock_add_rule() syscall · Mickaël Salaün <mic@digikod.net> · 2023-02-10
Re: [PATCH v9 07/12] landlock: Refactor landlock_add_rule() syscall · Konstantin Meskhidze (A) <hidden> · 2023-02-14
[PATCH v9 06/12] landlock: Refactor _unmask_layers() and _init_layer_masks() · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 06/12] landlock: Refactor _unmask_layers() and _init_layer_masks() · Mickaël Salaün <mic@digikod.net> · 2023-02-10
Re: [PATCH v9 06/12] landlock: Refactor _unmask_layers() and _init_layer_masks() · Konstantin Meskhidze (A) <hidden> · 2023-02-14
Re: [PATCH v9 06/12] landlock: Refactor _unmask_layers() and _init_layer_masks() · Mickaël Salaün <mic@digikod.net> · 2023-02-21
Re: [PATCH v9 06/12] landlock: Refactor _unmask_layers() and _init_layer_masks() · Konstantin Meskhidze (A) <hidden> · 2023-03-06
[PATCH v9 05/12] landlock: Move and rename umask_layers() and init_layer_masks() · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 05/12] landlock: Move and rename umask_layers() and init_layer_masks() · Mickaël Salaün <mic@digikod.net> · 2023-02-10
Re: [PATCH v9 05/12] landlock: Move and rename umask_layers() and init_layer_masks() · Konstantin Meskhidze (A) <hidden> · 2023-02-14
[PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-02-10
Re: [PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-02-14
Re: [PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-03-13
Re: [PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-03-14
Re: [PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-03-14
Re: [PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Mickaël Salaün <mic@digikod.net> · 2023-02-21
Re: [PATCH v9 08/12] landlock: Add network rules and TCP hooks support · Konstantin Meskhidze (A) <hidden> · 2023-03-06
[PATCH v9 09/12] selftests/landlock: Share enforce_ruleset() · Konstantin Meskhidze <hidden> · 2023-01-16
[PATCH v9 11/12] samples/landlock: Add network demo · Konstantin Meskhidze <hidden> · 2023-01-16
[PATCH v9 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Günther Noack <hidden> · 2023-01-21
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze (A) <hidden> · 2023-01-23
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Mickaël Salaün <mic@digikod.net> · 2023-01-27
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze (A) <hidden> · 2023-01-30
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Mickaël Salaün <mic@digikod.net> · 2023-02-21
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze (A) <hidden> · 2023-03-06
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Mickaël Salaün <mic@digikod.net> · 2023-03-06
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze (A) <hidden> · 2023-03-06
Re: [PATCH v9 12/12] landlock: Document Landlock's network support · Konstantin Meskhidze (A) <hidden> · 2023-01-30
[PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze <hidden> · 2023-01-16
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Mickaël Salaün <mic@digikod.net> · 2023-02-10
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze (A) <hidden> · 2023-02-14
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Mickaël Salaün <mic@digikod.net> · 2023-02-14
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze (A) <hidden> · 2023-02-14
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Mickaël Salaün <mic@digikod.net> · 2023-02-21
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze (A) <hidden> · 2023-03-06
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Mickaël Salaün <mic@digikod.net> · 2023-03-06
Re: [PATCH v9 10/12] selftests/landlock: Add 10 new test suites dedicated to network · Konstantin Meskhidze (A) <hidden> · 2023-03-06
Re: [PATCH v9 00/12] Network support for Landlock · Günther Noack <hidden> · 2023-02-23
Re: [PATCH v9 00/12] Network support for Landlock · Konstantin Meskhidze (A) <hidden> · 2023-03-06
Re: [PATCH v9 00/12] Network support for Landlock · Konstantin Meskhidze (A) <hidden> · 2023-03-13
Re: [PATCH v9 00/12] Network support for Landlock · Mickaël Salaün <mic@digikod.net> · 2023-03-14
Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols · Mickaël Salaün <mic@digikod.net> · 2023-06-26
Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols · Jeff Xu <hidden> · 2023-06-28
Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols · Mickaël Salaün <mic@digikod.net> · 2023-06-28
Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols · Jeff Xu <hidden> · 2023-06-28
Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols · "Günther Noack" <gnoack@google.com> · 2023-06-28
Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols · Jeff Xu <hidden> · 2023-06-28
Re: [PATCH v9 00/12] Network support for Landlock - allowed list of protocols · Mickaël Salaün <mic@digikod.net> · 2023-06-28

From: Mickaël Salaün <mic@digikod.net>
Date: 2023-02-14 12:09:12
Also in: linux-security-module, netfilter-devel

On 14/02/2023 11:15, Konstantin Meskhidze (A) wrote:


2/10/2023 8:36 PM, Mickaël Salaün пишет:

quoted

On 16/01/2023 09:58, Konstantin Meskhidze wrote:

quoted

Add a new landlock_key union and landlock_id structure to support
a socket port rule type. A struct landlock_id identifies a unique entry
in a ruleset: either a kernel object (e.g inode) or typed data (e.g TCP
port). There is one red-black tree per key type.

This patch also adds is_object_pointer() and get_root() helpers.
is_object_pointer() returns true if key type is LANDLOCK_KEY_INODE.
get_root() helper returns a red_black tree root pointer according to
a key type.

Refactor landlock_insert_rule() and landlock_find_rule() to support coming
network modifications. Adding or searching a rule in ruleset can now be
done thanks to a Landlock ID argument passed to these helpers.

Remove unnecessary inlining.

You need to keep the Co-developed-by before the Signed-off-by for my entry.

    Got it.

quoted

Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Konstantin Meskhidze <redacted>
---

Changes since v8:
* Refactors commit message.
* Removes inlining.
* Minor fixes.

Changes since v7:
* Completes all the new field descriptions landlock_key,
    landlock_key_type, landlock_id.
* Refactors commit message, adds a co-developer.

Changes since v6:
* Adds union landlock_key, enum landlock_key_type, and struct
    landlock_id.
* Refactors ruleset functions and improves switch/cases: create_rule(),
    insert_rule(), get_root(), is_object_pointer(), free_rule(),
    landlock_find_rule().
* Refactors landlock_append_fs_rule() functions to support new
    landlock_id type.

Changes since v5:
* Formats code with clang-format-14.

Changes since v4:
* Refactors insert_rule() and create_rule() functions by deleting
rule_type from their arguments list, it helps to reduce useless code.

Changes since v3:
* Splits commit.
* Refactors landlock_insert_rule and landlock_find_rule functions.
* Rename new_ruleset->root_inode.

---
   security/landlock/fs.c      |  49 ++++++------
   security/landlock/ruleset.c | 148 +++++++++++++++++++++++++-----------
   security/landlock/ruleset.h |  65 +++++++++++++---
   3 files changed, 185 insertions(+), 77 deletions(-)

diff --git a/security/landlock/fs.c b/security/landlock/fs.c
index 0ae54a639e16..273ed8549da1 100644
--- a/security/landlock/fs.c
+++ b/security/landlock/fs.c

[...]

quoted

@@ -191,12 +193,15 @@ int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
    *
    * Returns NULL if no rule is found or if @dentry is negative.
    */
-static inline const struct landlock_rule *
+static const struct landlock_rule *

Can you please create a (previous) dedicated patch for all the inlining
changes?

    a patch with just inlining changes?

Yes, a new patch with just the inlining changes extracted from this patch.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help