[RFC PATCH 09/15] LSM: Add mount opts blob size tracking

Sat, 21 Jun 2025 10:22:24 -0700 

Add mount option data to the blob size accounting in anticipation
of using a shared mnt_opts blob.

Signed-off-by: Casey Schaufler <ca...@schaufler-ca.com>
---
 include/linux/lsm_hooks.h  | 1 +
 security/lsm_init.c        | 2 ++
 security/selinux/hooks.c   | 1 +
 security/smack/smack_lsm.c | 1 +
 4 files changed, 5 insertions(+)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 1ad9f8a86b10..2e3b1559714c 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -122,6 +122,7 @@ struct lsm_blob_sizes {
        unsigned int lbs_xattr_count; /* num xattr slots in new_xattrs array */
        unsigned int lbs_tun_dev;
        unsigned int lbs_bdev;
+       unsigned int lbs_mnt_opts;
        bool lbs_secmark; /* expressed desire for secmark use */
 };
 
diff --git a/security/lsm_init.c b/security/lsm_init.c
index 4e3944c68bc8..d27a457627ed 100644
--- a/security/lsm_init.c
+++ b/security/lsm_init.c
@@ -313,6 +313,7 @@ static void __init lsm_prep_single(struct lsm_info *lsm)
        lsm_blob_size_update(&blobs->lbs_xattr_count,
                             &blob_sizes.lbs_xattr_count);
        lsm_blob_size_update(&blobs->lbs_bdev, &blob_sizes.lbs_bdev);
+       lsm_blob_size_update(&blobs->lbs_mnt_opts, &blob_sizes.lbs_mnt_opts);
        if (blobs->lbs_secmark) {
                if (blob_sizes.lbs_secmark)
                        blobs->lbs_secmark = false;
@@ -460,6 +461,7 @@ int __init security_init(void)
                lsm_pr("blob(tun_dev) size %d\n", blob_sizes.lbs_tun_dev);
                lsm_pr("blob(xattr) count %d\n", blob_sizes.lbs_xattr_count);
                lsm_pr("blob(bdev) size %d\n", blob_sizes.lbs_bdev);
+               lsm_pr("blob(mnt_opts) size %d\n", blob_sizes.lbs_mnt_opts);
        }
 
        if (blob_sizes.lbs_file)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 18ab1f13f3f9..c86b430f34c3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -7161,6 +7161,7 @@ struct lsm_blob_sizes selinux_blob_sizes __ro_after_init 
= {
        .lbs_xattr_count = SELINUX_INODE_INIT_XATTRS,
        .lbs_tun_dev = sizeof(struct tun_security_struct),
        .lbs_ib = sizeof(struct ib_security_struct),
+       .lbs_mnt_opts = sizeof(struct selinux_mnt_opts),
        .lbs_secmark = true,
 };
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index c8c173bb9cc3..956dce6b1e97 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -5030,6 +5030,7 @@ struct lsm_blob_sizes smack_blob_sizes __ro_after_init = {
        .lbs_sock = sizeof(struct socket_smack),
        .lbs_superblock = sizeof(struct superblock_smack),
        .lbs_xattr_count = SMACK_INODE_INIT_XATTRS,
+       .lbs_mnt_opts = sizeof(struct smack_mnt_opts),
        .lbs_secmark = true,
 };
 
-- 
2.47.0

Reply via email to