Re: [PATCH v3 04/25] ima: Align ima_file_mprotect() definition with LSM infrastructure
From: Mimi Zohar
Date: Wed Oct 11 2023 - 16:18:10 EST
On Wed, 2023-10-11 at 17:43 +0200, Roberto Sassu wrote:
> On Wed, 2023-10-11 at 10:51 -0400, Mimi Zohar wrote:
> > On Mon, 2023-09-04 at 15:33 +0200, Roberto Sassu wrote:
> > > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > >
> > > Change ima_file_mprotect() definition, so that it can be registered
> > > as implementation of the file_mprotect hook.
> > >
> > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > > Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> > > ---
> > > include/linux/ima.h | 5 +++--
> > > security/integrity/ima/ima_main.c | 6 ++++--
> > > security/security.c | 2 +-
> > > 3 files changed, 8 insertions(+), 5 deletions(-)
> > >
> > > diff --git a/include/linux/ima.h b/include/linux/ima.h
> > > index 893c3b98b4d0..56e72c0beb96 100644
> > > --- a/include/linux/ima.h
> > > +++ b/include/linux/ima.h
> > > @@ -24,7 +24,8 @@ extern void ima_post_create_tmpfile(struct mnt_idmap *idmap,
> > > extern void ima_file_free(struct file *file);
> > > extern int ima_file_mmap(struct file *file, unsigned long reqprot,
> > > unsigned long prot, unsigned long flags);
> > > -extern int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot);
> > > +int ima_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot,
> > > + unsigned long prot);
> >
> > "extern" is needed here and similarly in 5/25.
>
> I removed because of a complain from checkpatch.pl --strict.
Intermixing with/without "extern" looks weird. I would suggest
removing all the externs as a separate patch, but they're being removed
in "[PATCH v3 21/25] ima: Move to LSM infrastructure" anyway. For now
I would include the "extern".
--
thanks,
Mimi