Andrew Geissler | c723b72 | 2021-01-08 16:14:09 -0600 | [diff] [blame] | 1 | From cbf27cd54071f788231e69d96dbaad563f1010d4 Mon Sep 17 00:00:00 2001 |
| 2 | From: Bruce Ashfield <bruce.ashfield@gmail.com> |
| 3 | Date: Fri, 18 Dec 2020 13:15:08 -0500 |
| 4 | Subject: [PATCH] transport: protect include and callsite with same conditional |
| 5 | |
| 6 | transport.c has the following code block: |
| 7 | |
| 8 | if (!debugfs_p && security_locked_down (LOCKDOWN_DEBUGFS)) |
| 9 | |
| 10 | Which is protected by the conditional STAPCONF_LOCKDOWN_DEBUGFS. |
| 11 | |
| 12 | linux/security.h provides the definition of LOCKDOWN_DEBUGFS, and |
| 13 | must be included or we have a compilation issue. |
| 14 | |
| 15 | The include of security.h is protected by #ifdef CONFIG_SECURITY_LOCKDOWN_LSM, |
| 16 | which means that in some configurations we can get out of sync with |
| 17 | the include and the callsite. |
| 18 | |
| 19 | If we protect the include and the callsite with the same #ifdef, we can |
| 20 | be sure that they will be consistent. |
| 21 | |
| 22 | Upstream-status: Inappropriate (kernel-devsrc specific) |
| 23 | |
| 24 | Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
| 25 | --- |
| 26 | runtime/transport/transport.c | 2 +- |
| 27 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 28 | |
| 29 | diff --git a/runtime/transport/transport.c b/runtime/transport/transport.c |
| 30 | index bb4a98bd3..88e20ea28 100644 |
| 31 | --- a/runtime/transport/transport.c |
| 32 | +++ b/runtime/transport/transport.c |
| 33 | @@ -21,7 +21,7 @@ |
| 34 | #include <linux/namei.h> |
| 35 | #include <linux/delay.h> |
| 36 | #include <linux/mutex.h> |
| 37 | -#ifdef CONFIG_SECURITY_LOCKDOWN_LSM |
| 38 | +#ifdef STAPCONF_LOCKDOWN_DEBUGFS |
| 39 | #include <linux/security.h> |
| 40 | #endif |
| 41 | #include "../uidgid_compatibility.h" |
| 42 | -- |
| 43 | 2.19.1 |
| 44 | |