On Tue, Dec 06, 2022 at 09:48:55AM -0800, Jeff Xu wrote:
> On Tue, Dec 6, 2022 at 8:35 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >
> > On Tue, Dec 06, 2022 at 08:26:30AM -0800, Jeff Xu wrote:
> > > On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > > >
> > > > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@xxxxxxxxxxxx wrote:
> > > > > --- a/kernel/pid_namespace.c
> > > > > +++ b/kernel/pid_namespace.c
> > > > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> > > > > ns->ucounts = ucounts;
> > > > > ns->pid_allocated = PIDNS_ADDING;
> > > > >
> > > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
> > > > > + ns->memfd_noexec_scope =
> > > > > + task_active_pid_ns(current)->memfd_noexec_scope;
> > > > > +#endif
> > > >
> > > > .c files should never have #if in them. Can't you put this in a .h file
> > > > properly so that this does not get really messy over time?
> > > >
> > > >
> > > Thanks for reviewing.
> > > It seems to me that checking for CONFIG_XXX is common in c code in
> > > kernel/ path.
> >
> > Maybe, but please don't make it any worse if at all possible. It's
> > tough to maintain code like that.
> >
> > > Do you have a sample code pattern (link/function) that I can follow?
> >
> > Any of the zillions of #if statements in .h files :)
> >
> Thanks.
> I will take the approach of having real/stub implementation in the h
> file, and the c file using it without a compile flag.
> Please kindly let me know if this is not right.
Right; for example:
in .h:
#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
static inline void ns_copy_memfd_scope(... dst, ... src) {
dst->memfd_noexec_scope = src->memfd_noexec_scope;
}
#else
static inline void ns_set_memfd_scope(... ns, ... scope) { }
#endif
in .c:
ns_copy_memfd_scope(ns, task_active_pid_ns(current));
--
Kees Cook
