2018-02-27 22:18:59

by Hernán Gonzalez

[permalink] [raw]
Subject: [PATCH 1/2] security: evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c

Note: This is compile only tested.
This variable was not used where it was defined, there was no point in
declaring it there as extern, thus it got moved and constified saving up 2
bytes.

Function old new delta
init_desc 273 271 -2
Total: Before=2112094, After=2112092, chg -0.00%

Signed-off-by: Hernán Gonzalez <[email protected]>
---
security/integrity/evm/evm.h | 2 --
security/integrity/evm/evm_crypto.c | 3 +++
security/integrity/evm/evm_main.c | 2 --
3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h
index 0482539..45c4a89 100644
--- a/security/integrity/evm/evm.h
+++ b/security/integrity/evm/evm.h
@@ -31,8 +31,6 @@
EVM_ALLOW_METADATA_WRITES)

extern int evm_initialized;
-extern char *evm_hmac;
-extern char *evm_hash;

#define EVM_ATTR_FSUUID 0x0001

diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 691f3e0..fdde9cb 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -37,6 +37,9 @@ static DEFINE_MUTEX(mutex);

static unsigned long evm_set_key_flags;

+char * const evm_hmac = "hmac(sha1)";
+char * const evm_hash = "sha1";
+
/**
* evm_set_key() - set EVM HMAC key from the kernel
* @key: pointer to a buffer with the key data
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index a8d5028..826926d 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -33,8 +33,6 @@ int evm_initialized;
static char *integrity_status_msg[] = {
"pass", "pass_immutable", "fail", "no_label", "no_xattrs", "unknown"
};
-char *evm_hmac = "hmac(sha1)";
-char *evm_hash = "sha1";
int evm_hmac_attrs;

char *evm_config_xattrnames[] = {
--
2.7.4



2018-02-27 22:19:49

by Hernán Gonzalez

[permalink] [raw]
Subject: [PATCH 2/2] security: evm: Constify *integrity_status_msg[]

Note: This is compile only tested.
There is no gain from doing this except for some self-documenting.

Signed-off-by: Hernán Gonzalez <[email protected]>
---
security/integrity/evm/evm_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 826926d..7a968fa 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -30,7 +30,7 @@

int evm_initialized;

-static char *integrity_status_msg[] = {
+static const char * const integrity_status_msg[] = {
"pass", "pass_immutable", "fail", "no_label", "no_xattrs", "unknown"
};
int evm_hmac_attrs;
--
2.7.4


2018-03-11 22:03:40

by Mimi Zohar

[permalink] [raw]
Subject: Re: [PATCH 1/2] security: evm: Move evm_hmac and evm_hash from evm_main.c to evm_crypto.c

On Tue, 2018-02-27 at 19:16 -0300, Hernán Gonzalez wrote:
> Note: This is compile only tested.
> This variable was not used where it was defined, there was no point in
> declaring it there as extern, thus it got moved and constified saving up 2
> bytes.
>
> Function old new delta
> init_desc 273 271 -2
> Total: Before=2112094, After=2112092, chg -0.00%
>
> Signed-off-by: Hernán Gonzalez <[email protected]>

Thanks, both patches have been applied.

Mimi

> ---
> security/integrity/evm/evm.h | 2 --
> security/integrity/evm/evm_crypto.c | 3 +++
> security/integrity/evm/evm_main.c | 2 --
> 3 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/security/integrity/evm/evm.h b/security/integrity/evm/evm.h
> index 0482539..45c4a89 100644
> --- a/security/integrity/evm/evm.h
> +++ b/security/integrity/evm/evm.h
> @@ -31,8 +31,6 @@
> EVM_ALLOW_METADATA_WRITES)
>
> extern int evm_initialized;
> -extern char *evm_hmac;
> -extern char *evm_hash;
>
> #define EVM_ATTR_FSUUID 0x0001
>
> diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
> index 691f3e0..fdde9cb 100644
> --- a/security/integrity/evm/evm_crypto.c
> +++ b/security/integrity/evm/evm_crypto.c
> @@ -37,6 +37,9 @@ static DEFINE_MUTEX(mutex);
>
> static unsigned long evm_set_key_flags;
>
> +char * const evm_hmac = "hmac(sha1)";
> +char * const evm_hash = "sha1";
> +
> /**
> * evm_set_key() - set EVM HMAC key from the kernel
> * @key: pointer to a buffer with the key data
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index a8d5028..826926d 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -33,8 +33,6 @@ int evm_initialized;
> static char *integrity_status_msg[] = {
> "pass", "pass_immutable", "fail", "no_label", "no_xattrs", "unknown"
> };
> -char *evm_hmac = "hmac(sha1)";
> -char *evm_hash = "sha1";
> int evm_hmac_attrs;
>
> char *evm_config_xattrnames[] = {