Re: [PATCH v4 06/34] lsm: integrate lsm_early_cred() and lsm_early_task() into caller

Fri, 19 Sep 2025 03:53:27 -0700 

On Tue, 2025-09-16 at 18:03 -0400, Paul Moore wrote:
> With only one caller of lsm_early_cred() and lsm_early_task(), insert
> the functions' code directly into the caller and ger rid of the two
> functions.
> 
> Reviewed-by: Casey Schaufler <[email protected]>
> Reviewed-by: John Johansen <[email protected]>
> Signed-off-by: Paul Moore <[email protected]>

Reviewed-by: Mimi Zohar <[email protected]>

> ---
>  security/lsm_init.c | 35 +++++------------------------------
>  1 file changed, 5 insertions(+), 30 deletions(-)
> 
> diff --git a/security/lsm_init.c b/security/lsm_init.c
> index 09afa7ad719e..a8b82329c76a 100644
> --- a/security/lsm_init.c
> +++ b/security/lsm_init.c
> @@ -291,34 +291,6 @@ static void __init ordered_lsm_parse(const char *order, 
> const char *origin)
>       kfree(sep);
>  }
>  
> -/**
> - * lsm_early_cred - during initialization allocate a composite cred blob
> - * @cred: the cred that needs a blob
> - *
> - * Allocate the cred blob for all the modules
> - */
> -static void __init lsm_early_cred(struct cred *cred)
> -{
> -     int rc = lsm_cred_alloc(cred, GFP_KERNEL);
> -
> -     if (rc)
> -             panic("%s: Early cred alloc failed.\n", __func__);
> -}
> -
> -/**
> - * lsm_early_task - during initialization allocate a composite task blob
> - * @task: the task that needs a blob
> - *
> - * Allocate the task blob for all the modules
> - */
> -static void __init lsm_early_task(struct task_struct *task)
> -{
> -     int rc = lsm_task_alloc(task);
> -
> -     if (rc)
> -             panic("%s: Early task alloc failed.\n", __func__);
> -}
> -
>  static void __init ordered_lsm_init(void)
>  {
>       unsigned int first = 0;
> @@ -382,8 +354,11 @@ static void __init ordered_lsm_init(void)
>                                                   blob_sizes.lbs_inode, 0,
>                                                   SLAB_PANIC, NULL);
>  
> -     lsm_early_cred((struct cred *) current->cred);
> -     lsm_early_task(current);
> +     if (lsm_cred_alloc((struct cred *)current->cred, GFP_KERNEL))
> +             panic("%s: early cred alloc failed.\n", __func__);
> +     if (lsm_task_alloc(current))
> +             panic("%s: early task alloc failed.\n", __func__);
> +
>       lsm_order_for_each(lsm) {
>               initialize_lsm(*lsm);
>       }

Reply via email to