On 2020-07-07 4:40 p.m., Kees Cook wrote:
On Mon, Jul 06, 2020 at 04:23:01PM -0700, Scott Branden wrote:
Move kernel_read_file* out of linux/fs.h to its own linux/kernel_read_file.h
include file. That header gets pulled in just about everywhere
and doesn't really need functions not related to the general fs interface.
Suggested-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Scott Branden <scott.branden@xxxxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Acked-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/base/firmware_loader/main.c | 1 +
fs/exec.c | 1 +
include/linux/fs.h | 39 ----------------------
include/linux/ima.h | 1 +
include/linux/kernel_read_file.h | 52 +++++++++++++++++++++++++++++
include/linux/security.h | 1 +
kernel/kexec_file.c | 1 +
kernel/module.c | 1 +
security/integrity/digsig.c | 1 +
security/integrity/ima/ima_fs.c | 1 +
security/integrity/ima/ima_main.c | 1 +
security/integrity/ima/ima_policy.c | 1 +
security/loadpin/loadpin.c | 1 +
security/security.c | 1 +
security/selinux/hooks.c | 1 +
15 files changed, 65 insertions(+), 39 deletions(-)
create mode 100644 include/linux/kernel_read_file.h
This looks like too many files are getting touched. If it got added to
security.h, very few of the above .c files will need it explicitly
added (maybe none).
Some people want the header file added to each file that uses it,
others want it in a common header file. I tried to add it to each file
that uses it.
But if the other approach is to be followed that could be done.
You can test future versions of this change with an
allmodconfig build and make sure you have a matching .o for each .c
file that calls kernel_read_file(). :)
But otherwise, sure, seems good.