diff options
Diffstat (limited to 'debian/patches-rt/0127-smack-Guard-smack_ipv6_lock-definition-within-a-SMAC.patch')
| -rw-r--r-- | debian/patches-rt/0127-smack-Guard-smack_ipv6_lock-definition-within-a-SMAC.patch | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/debian/patches-rt/0127-smack-Guard-smack_ipv6_lock-definition-within-a-SMAC.patch b/debian/patches-rt/0127-smack-Guard-smack_ipv6_lock-definition-within-a-SMAC.patch new file mode 100644 index 000000000..68930f039 --- /dev/null +++ b/debian/patches-rt/0127-smack-Guard-smack_ipv6_lock-definition-within-a-SMAC.patch @@ -0,0 +1,79 @@ +From c2eb7900890e2ef18173ba1c33ffe20156b7dcf0 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior <bigeasy@linutronix.de> +Date: Thu, 9 Sep 2021 12:18:29 +0200 +Subject: [PATCH 127/158] smack: Guard smack_ipv6_lock definition within a + SMACK_IPV6_PORT_LABELING block +Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/5.15/older/patches-5.15.10-rt24.tar.xz + +The mutex smack_ipv6_lock is only used with the SMACK_IPV6_PORT_LABELING +block but its definition is outside of the block. This leads to a +defined-but-not-used warning on PREEMPT_RT. + +Moving smack_ipv6_lock down to the block where it is used where it used +raises the question why is smk_ipv6_port_list read if nothing is added +to it. +Turns out, only smk_ipv6_port_check() is using it outside of an ifdef +SMACK_IPV6_PORT_LABELING block. However two of three caller invoke +smk_ipv6_port_check() from a ifdef block and only one is using +__is_defined() macro which requires the function and smk_ipv6_port_list +to be around. + +Put the lock and list inside an ifdef SMACK_IPV6_PORT_LABELING block to +avoid the warning regarding unused mutex. Extend the ifdef-block to also +cover smk_ipv6_port_check(). Make smack_socket_connect() use ifdef +instead of __is_defined() to avoid complains about missing function. + +Cc: Casey Schaufler <casey@schaufler-ca.com> +Cc: James Morris <jmorris@namei.org> +Cc: "Serge E. Hallyn" <serge@hallyn.com> +Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> +--- + security/smack/smack_lsm.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 21a0e7c3b8de..e7dd316da551 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -51,8 +51,10 @@ + #define SMK_RECEIVING 1 + #define SMK_SENDING 2 + ++#ifdef SMACK_IPV6_PORT_LABELING + static DEFINE_MUTEX(smack_ipv6_lock); + static LIST_HEAD(smk_ipv6_port_list); ++#endif + struct kmem_cache *smack_rule_cache; + int smack_enabled __initdata; + +@@ -2603,7 +2605,6 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address) + mutex_unlock(&smack_ipv6_lock); + return; + } +-#endif + + /** + * smk_ipv6_port_check - check Smack port access +@@ -2666,6 +2667,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address, + + return smk_ipv6_check(skp, object, address, act); + } ++#endif + + /** + * smack_inode_setsecurity - set smack xattrs +@@ -2852,8 +2854,9 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, + rc = smk_ipv6_check(ssp->smk_out, rsp, sip, + SMK_CONNECTING); + } +- if (__is_defined(SMACK_IPV6_PORT_LABELING)) +- rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); ++#ifdef SMACK_IPV6_PORT_LABELING ++ rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); ++#endif + + return rc; + } +-- +2.33.1 + |