Re: [PATCH v10 1/9] fs: move kernel_read_file* to its own include file

From: Kees Cook
Date: Tue Jul 07 2020 - 19:41:02 EST


On Mon, Jul 06, 2020 at 04:23:01PM -0700, Scott Branden wrote:
> Move kernel_read_file* out of linux/fs.h to its own linux/kernel_read_file.h
> include file. That header gets pulled in just about everywhere
> and doesn't really need functions not related to the general fs interface.
>
> Suggested-by: Christoph Hellwig <hch@xxxxxx>
> Signed-off-by: Scott Branden <scott.branden@xxxxxxxxxxxx>
> Reviewed-by: Christoph Hellwig <hch@xxxxxx>
> Acked-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> ---
> drivers/base/firmware_loader/main.c | 1 +
> fs/exec.c | 1 +
> include/linux/fs.h | 39 ----------------------
> include/linux/ima.h | 1 +
> include/linux/kernel_read_file.h | 52 +++++++++++++++++++++++++++++
> include/linux/security.h | 1 +
> kernel/kexec_file.c | 1 +
> kernel/module.c | 1 +
> security/integrity/digsig.c | 1 +
> security/integrity/ima/ima_fs.c | 1 +
> security/integrity/ima/ima_main.c | 1 +
> security/integrity/ima/ima_policy.c | 1 +
> security/loadpin/loadpin.c | 1 +
> security/security.c | 1 +
> security/selinux/hooks.c | 1 +
> 15 files changed, 65 insertions(+), 39 deletions(-)
> create mode 100644 include/linux/kernel_read_file.h

This looks like too many files are getting touched. If it got added to
security.h, very few of the above .c files will need it explicitly
added (maybe none). You can test future versions of this change with an
allmodconfig build and make sure you have a matching .o for each .c
file that calls kernel_read_file(). :)

But otherwise, sure, seems good.

--
Kees Cook