On 2020-07-07 4:40 p.m., Kees Cook wrote:
On Mon, Jul 06, 2020 at 04:23:01PM -0700, Scott Branden wrote:
Move kernel_read_file* out of linux/fs.h to its own linux/kernel_read_file.h include file. That header gets pulled in just about everywhere and doesn't really need functions not related to the general fs interface.
Suggested-by: Christoph Hellwig hch@lst.de Signed-off-by: Scott Branden scott.branden@broadcom.com Reviewed-by: Christoph Hellwig hch@lst.de Acked-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
drivers/base/firmware_loader/main.c | 1 + fs/exec.c | 1 + include/linux/fs.h | 39 ---------------------- include/linux/ima.h | 1 + include/linux/kernel_read_file.h | 52 +++++++++++++++++++++++++++++ include/linux/security.h | 1 + kernel/kexec_file.c | 1 + kernel/module.c | 1 + security/integrity/digsig.c | 1 + security/integrity/ima/ima_fs.c | 1 + security/integrity/ima/ima_main.c | 1 + security/integrity/ima/ima_policy.c | 1 + security/loadpin/loadpin.c | 1 + security/security.c | 1 + security/selinux/hooks.c | 1 + 15 files changed, 65 insertions(+), 39 deletions(-) create mode 100644 include/linux/kernel_read_file.h
This looks like too many files are getting touched. If it got added to security.h, very few of the above .c files will need it explicitly added (maybe none).
Some people want the header file added to each file that uses it, others want it in a common header file. I tried to add it to each file that uses it. But if the other approach is to be followed that could be done.
You can test future versions of this change with an allmodconfig build and make sure you have a matching .o for each .c file that calls kernel_read_file(). :)
But otherwise, sure, seems good.