enable docker ppp

hc

2023-12-09 95099d4622f8cb224d94e314c7a8e0df60b13f87

 kernel/security/integrity/iint.c
..
..
@@ -1,13 +1,9 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * Copyright (C) 2008 IBM Corporation
3
4
  *
4
5
  * Authors:
5
6
  * Mimi Zohar <zohar@us.ibm.com>
6
- *
7
- * This program is free software; you can redistribute it and/or
8
- * modify it under the terms of the GNU General Public License as
9
- * published by the Free Software Foundation, version 2 of the
10
- * License.
11
7
  *
12
8
  * File: integrity_iint.c
13
9
  *	- implements the integrity hooks: integrity_inode_alloc,
..
..
@@ -16,12 +12,13 @@
16
12
  *	  using a rbtree tree.
17
13
  */
18
14
 #include <linux/slab.h>
19
-#include <linux/module.h>
15
+#include <linux/init.h>
20
16
 #include <linux/spinlock.h>
21
17
 #include <linux/rbtree.h>
22
18
 #include <linux/file.h>
23
19
 #include <linux/uaccess.h>
24
20
 #include <linux/security.h>
21
+#include <linux/lsm_hooks.h>
25
22
 #include "integrity.h"
26
23
 
27
24
 static struct rb_root integrity_iint_tree = RB_ROOT;
..
..
@@ -101,6 +98,14 @@
101
98
 	struct rb_node *node, *parent = NULL;
102
99
 	struct integrity_iint_cache *iint, *test_iint;
103
100
 
101
+	/*
102
+	 * The integrity's "iint_cache" is initialized at security_init(),
103
+	 * unless it is not included in the ordered list of LSMs enabled
104
+	 * on the boot command line.
105
+	 */
106
+	if (!iint_cache)
107
+		panic("%s: lsm=integrity required.\n", __func__);
108
+
104
109
 	iint = integrity_iint_find(inode);
105
110
 	if (iint)
106
111
 		return iint;
..
..
@@ -174,7 +179,10 @@
174
179
 			      0, SLAB_PANIC, init_once);
175
180
 	return 0;
176
181
 }
177
-security_initcall(integrity_iintcache_init);
182
+DEFINE_LSM(integrity) = {
183
+	.name = "integrity",
184
+	.init = integrity_iintcache_init,
185
+};
178
186
 
179
187
 
180
188
 /*
..
..
@@ -188,19 +196,7 @@
188
196
 int integrity_kernel_read(struct file *file, loff_t offset,
189
197
 			  void *addr, unsigned long count)
190
198
 {
191
-	mm_segment_t old_fs;
192
-	char __user *buf = (char __user *)addr;
193
-	ssize_t ret;
194
-
195
-	if (!(file->f_mode & FMODE_READ))
196
-		return -EBADF;
197
-
198
-	old_fs = get_fs();
199
-	set_fs(get_ds());
200
-	ret = __vfs_read(file, buf, count, &offset);
201
-	set_fs(old_fs);
202
-
203
-	return ret;
199
+	return __kernel_read(file, addr, count, &offset);
204
200
 }
205
201
 
206
202
 /*