2014-02-24 22:00:18

by Joe Perches

[permalink] [raw]
Subject: [PATCH 0/8] security: Use a more current logging style

Mostly trivial cleanups of security modules

Joe Perches (8):
security: Use a more current logging style
security: apparmor: Use a more current logging style
security: integrity: Use a more current logging style
security: keys: Use a more current logging style
security: selinux: Use a more current logging style
security: smack: Use a more current logging style
security: tomoyo: Use a more current logging style
security: yama: Use a more current logging style

security/apparmor/apparmorfs.c | 2 +
security/apparmor/crypto.c | 2 +
security/apparmor/include/apparmor.h | 2 +-
security/apparmor/lib.c | 4 +-
security/apparmor/lsm.c | 2 +
security/apparmor/match.c | 5 +-
security/apparmor/policy.c | 2 +
security/apparmor/procattr.c | 2 +
security/capability.c | 16 ++--
security/commoncap.c | 15 ++--
security/integrity/evm/evm_crypto.c | 4 +-
security/integrity/evm/evm_main.c | 6 +-
security/integrity/evm/evm_secfs.c | 6 +-
security/integrity/ima/ima_crypto.c | 4 +-
security/integrity/ima/ima_init.c | 5 +-
security/integrity/ima/ima_queue.c | 8 +-
security/integrity/ima/ima_template.c | 5 +-
security/keys/encrypted-keys/encrypted.c | 70 ++++++++---------
security/keys/encrypted-keys/encrypted.h | 2 +-
security/keys/key.c | 2 +
security/keys/trusted.c | 42 +++++-----
security/keys/trusted.h | 20 ++---
security/security.c | 4 +-
security/selinux/avc.c | 7 +-
security/selinux/hooks.c | 130 +++++++++++++------------------
security/selinux/netif.c | 14 ++--
security/selinux/netlink.c | 5 +-
security/selinux/netnode.c | 6 +-
security/selinux/netport.c | 7 +-
security/selinux/selinuxfs.c | 19 ++---
security/selinux/ss/avtab.c | 39 +++++-----
security/selinux/ss/conditional.c | 18 +++--
security/selinux/ss/ebitmap.c | 21 +++--
security/selinux/ss/policydb.c | 109 ++++++++++++--------------
security/selinux/ss/services.c | 101 ++++++++++--------------
security/selinux/ss/sidtab.c | 8 +-
security/smack/smack_lsm.c | 7 +-
security/smack/smackfs.c | 25 +++---
security/tomoyo/common.c | 23 +++---
security/tomoyo/domain.c | 8 +-
security/tomoyo/load_policy.c | 9 ++-
security/tomoyo/memory.c | 7 +-
security/tomoyo/tomoyo.c | 4 +-
security/tomoyo/util.c | 7 +-
security/yama/yama_lsm.c | 18 ++---
45 files changed, 404 insertions(+), 418 deletions(-)

--
1.8.1.2.459.gbcd45b4.dirty


2014-02-24 22:00:26

by Joe Perches

[permalink] [raw]
Subject: [PATCH 2/8] security: apparmor: Use a more current logging style

Convert printks to pr_<level>.
Add pr_fmt.
Coalesce formats.
Remove embedded prefixes from logging.

Signed-off-by: Joe Perches <[email protected]>
---
security/apparmor/apparmorfs.c | 2 ++
security/apparmor/crypto.c | 2 ++
security/apparmor/include/apparmor.h | 2 +-
security/apparmor/lib.c | 4 +++-
security/apparmor/lsm.c | 2 ++
security/apparmor/match.c | 5 +++--
security/apparmor/policy.c | 2 ++
security/apparmor/procattr.c | 2 ++
8 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 7db9954..d4b65cc 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -12,6 +12,8 @@
* License.
*/

+#define pr_fmt(fmt) "AppArmor: " fmt
+
#include <linux/ctype.h>
#include <linux/security.h>
#include <linux/vmalloc.h>
diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c
index 532471d..9506544 100644
--- a/security/apparmor/crypto.c
+++ b/security/apparmor/crypto.c
@@ -15,6 +15,8 @@
* it should be.
*/

+#define pr_fmt(fmt) "AppArmor: " fmt
+
#include <crypto/hash.h>

#include "include/apparmor.h"
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 8fb1488..3065025 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -56,7 +56,7 @@ extern unsigned int aa_g_path_max;
#define AA_ERROR(fmt, args...) \
do { \
if (printk_ratelimit()) \
- printk(KERN_ERR "AppArmor: " fmt, ##args); \
+ pr_err(fmt, ##args); \
} while (0)

/* Flag indicating whether initialization completed */
diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
index 6968992..432b1b6 100644
--- a/security/apparmor/lib.c
+++ b/security/apparmor/lib.c
@@ -12,6 +12,8 @@
* License.
*/

+#define pr_fmt(fmt) "AppArmor: " fmt
+
#include <linux/mm.h>
#include <linux/slab.h>
#include <linux/string.h>
@@ -73,7 +75,7 @@ void aa_info_message(const char *str)
aad.info = str;
aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
}
- printk(KERN_INFO "AppArmor: %s\n", str);
+ pr_info("%s\n", str);
}

/**
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 9981000..49f0180 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -12,6 +12,8 @@
* License.
*/

+#define pr_fmt(fmt) "AppArmor: " fmt
+
#include <linux/security.h>
#include <linux/moduleparam.h>
#include <linux/mm.h>
diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 727eb42..688482a 100644
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -12,6 +12,8 @@
* License.
*/

+#define pr_fmt(fmt) "AppArmor: " fmt
+
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/mm.h>
@@ -140,8 +142,7 @@ static int verify_dfa(struct aa_dfa *dfa, int flags)
if (DEFAULT_TABLE(dfa)[i] >= state_count)
goto out;
if (base_idx(BASE_TABLE(dfa)[i]) + 255 >= trans_count) {
- printk(KERN_ERR "AppArmor DFA next/check upper "
- "bounds error\n");
+ pr_err("DFA next/check upper bounds error\n");
goto out;
}
}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 705c287..4e20c1f 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -73,6 +73,8 @@
* FIXME: move profile lists to using rcu_lists
*/

+#define pr_fmt(fmt) "AppArmor: " fmt
+
#include <linux/slab.h>
#include <linux/spinlock.h>
#include <linux/string.h>
diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
index b125acc..c105fc5 100644
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -12,6 +12,8 @@
* License.
*/

+#define pr_fmt(fmt) "AppArmor: " fmt
+
#include "include/apparmor.h"
#include "include/context.h"
#include "include/policy.h"
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:00:30

by Joe Perches

[permalink] [raw]
Subject: [PATCH 3/8] security: integrity: Use a more current logging style

Convert printks to pr_<level>.
Add pr_fmt.
Remove embedded prefixes.

Signed-off-by: Joe Perches <[email protected]>
---
security/integrity/evm/evm_crypto.c | 4 +++-
security/integrity/evm/evm_main.c | 6 ++++--
security/integrity/evm/evm_secfs.c | 6 ++++--
security/integrity/ima/ima_crypto.c | 4 +++-
security/integrity/ima/ima_init.c | 5 ++++-
security/integrity/ima/ima_queue.c | 8 +++++---
security/integrity/ima/ima_template.c | 5 ++++-
7 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 3bab89e..9bd329f 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -13,6 +13,8 @@
* Using root's kernel master key (kmk), calculate the HMAC
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/module.h>
#include <linux/crypto.h>
#include <linux/xattr.h>
@@ -221,7 +223,7 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,

desc = init_desc(EVM_XATTR_HMAC);
if (IS_ERR(desc)) {
- printk(KERN_INFO "init_desc failed\n");
+ pr_info("init_desc failed\n");
return PTR_ERR(desc);
}

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 336b3dd..996092f 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -14,6 +14,8 @@
* evm_inode_removexattr, and evm_verifyxattr
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/module.h>
#include <linux/crypto.h>
#include <linux/audit.h>
@@ -432,7 +434,7 @@ static int __init init_evm(void)

error = evm_init_secfs();
if (error < 0) {
- printk(KERN_INFO "EVM: Error registering secfs\n");
+ pr_info("Error registering secfs\n");
goto err;
}

@@ -449,7 +451,7 @@ static int __init evm_display_config(void)
char **xattrname;

for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++)
- printk(KERN_INFO "EVM: %s\n", *xattrname);
+ pr_info("%s\n", *xattrname);
return 0;
}

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index 30f670a..cf12a04 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -13,6 +13,8 @@
* - Get the key and enable EVM
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/uaccess.h>
#include <linux/module.h>
#include "evm.h"
@@ -79,9 +81,9 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
error = evm_init_key();
if (!error) {
evm_initialized = 1;
- pr_info("EVM: initialized\n");
+ pr_info("initialized\n");
} else
- pr_err("EVM: initialization failed\n");
+ pr_err("initialization failed\n");
return count;
}

diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index fdf60de..972df659 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -13,6 +13,8 @@
* Calculates md5/sha1 file hash, template hash, boot-aggreate hash
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/kernel.h>
#include <linux/file.h>
#include <linux/crypto.h>
@@ -205,7 +207,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
return;

if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0)
- pr_err("IMA: Error Communicating to TPM chip\n");
+ pr_err("Error Communicating to TPM chip\n");
}

/*
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 3712276..b3bc313 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -14,6 +14,9 @@
* File: ima_init.c
* initialization and cleanup functions
*/
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/module.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
@@ -93,7 +96,7 @@ int __init ima_init(void)
ima_used_chip = 1;

if (!ima_used_chip)
- pr_info("IMA: No TPM chip found, activating TPM-bypass!\n");
+ pr_info("No TPM chip found, activating TPM-bypass!\n");

rc = ima_init_crypto();
if (rc)
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index d85e997..91128b4 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -18,6 +18,9 @@
* The measurement list is append-only. No entry is
* ever removed or changed during the boot-cycle.
*/
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/module.h>
#include <linux/rculist.h>
#include <linux/slab.h>
@@ -72,7 +75,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)

qe = kmalloc(sizeof(*qe), GFP_KERNEL);
if (qe == NULL) {
- pr_err("IMA: OUT OF MEMORY ERROR creating queue entry.\n");
+ pr_err("OUT OF MEMORY ERROR creating queue entry\n");
return -ENOMEM;
}
qe->entry = entry;
@@ -95,8 +98,7 @@ static int ima_pcr_extend(const u8 *hash)

result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
if (result != 0)
- pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
- result);
+ pr_err("Error Communicating to TPM chip, result: %d\n", result);
return result;
}

diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 635695f..9a4a0d1 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -12,6 +12,9 @@
* File: ima_template.c
* Helpers to manage template descriptors.
*/
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <crypto/hash_info.h>

#include "ima.h"
@@ -58,7 +61,7 @@ static int __init ima_template_setup(char *str)
*/
if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 &&
ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) {
- pr_err("IMA: template does not support hash alg\n");
+ pr_err("template does not support hash alg\n");
return 1;
}

--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:00:37

by Joe Perches

[permalink] [raw]
Subject: [PATCH 4/8] security: keys: Use a more current logging style

Add pr_fmt and remove embedded prefixes.
Add missing newline '\n' terminations.
Coalesce formats.

Signed-off-by: Joe Perches <[email protected]>
---
security/keys/encrypted-keys/encrypted.c | 70 +++++++++++++++-----------------
security/keys/encrypted-keys/encrypted.h | 2 +-
security/keys/key.c | 2 +
security/keys/trusted.c | 42 +++++++++----------
security/keys/trusted.h | 20 ++++-----
5 files changed, 66 insertions(+), 70 deletions(-)

diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c
index 5fe443d..82d2dd7 100644
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -14,6 +14,8 @@
* See Documentation/security/keys-trusted-encrypted.txt
*/

+#define pr_fmt(fmt) "encrypted_key: " fmt
+
#include <linux/uaccess.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -89,8 +91,7 @@ static int aes_get_sizes(void)

tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(tfm)) {
- pr_err("encrypted_key: failed to alloc_cipher (%ld)\n",
- PTR_ERR(tfm));
+ pr_err("failed to alloc_cipher (%ld)\n", PTR_ERR(tfm));
return PTR_ERR(tfm);
}
ivsize = crypto_blkcipher_ivsize(tfm);
@@ -111,15 +112,14 @@ static int valid_ecryptfs_desc(const char *ecryptfs_desc)
int i;

if (strlen(ecryptfs_desc) != KEY_ECRYPTFS_DESC_LEN) {
- pr_err("encrypted_key: key description must be %d hexadecimal "
- "characters long\n", KEY_ECRYPTFS_DESC_LEN);
+ pr_err("key description must be %d hexadecimal characters long\n",
+ KEY_ECRYPTFS_DESC_LEN);
return -EINVAL;
}

for (i = 0; i < KEY_ECRYPTFS_DESC_LEN; i++) {
if (!isxdigit(ecryptfs_desc[i])) {
- pr_err("encrypted_key: key description must contain "
- "only hexadecimal characters\n");
+ pr_err("key description must contain only hexadecimal characters\n");
return -EINVAL;
}
}
@@ -186,7 +186,7 @@ static int datablob_parse(char *datablob, const char **format,

keyword = strsep(&datablob, " \t");
if (!keyword) {
- pr_info("encrypted_key: insufficient parameters specified\n");
+ pr_info("insufficient parameters specified\n");
return ret;
}
key_cmd = match_token(keyword, key_tokens, args);
@@ -194,7 +194,7 @@ static int datablob_parse(char *datablob, const char **format,
/* Get optional format: default | ecryptfs */
p = strsep(&datablob, " \t");
if (!p) {
- pr_err("encrypted_key: insufficient parameters specified\n");
+ pr_err("insufficient parameters specified\n");
return ret;
}

@@ -211,20 +211,20 @@ static int datablob_parse(char *datablob, const char **format,
}

if (!*master_desc) {
- pr_info("encrypted_key: master key parameter is missing\n");
+ pr_info("master key parameter is missing\n");
goto out;
}

if (valid_master_desc(*master_desc, NULL) < 0) {
- pr_info("encrypted_key: master key parameter \'%s\' "
- "is invalid\n", *master_desc);
+ pr_info("master key parameter \'%s\' is invalid\n",
+ *master_desc);
goto out;
}

if (decrypted_datalen) {
*decrypted_datalen = strsep(&datablob, " \t");
if (!*decrypted_datalen) {
- pr_info("encrypted_key: keylen parameter is missing\n");
+ pr_info("keylen parameter is missing\n");
goto out;
}
}
@@ -232,37 +232,35 @@ static int datablob_parse(char *datablob, const char **format,
switch (key_cmd) {
case Opt_new:
if (!decrypted_datalen) {
- pr_info("encrypted_key: keyword \'%s\' not allowed "
- "when called from .update method\n", keyword);
+ pr_info("keyword \'%s\' not allowed when called from .update method\n",
+ keyword);
break;
}
ret = 0;
break;
case Opt_load:
if (!decrypted_datalen) {
- pr_info("encrypted_key: keyword \'%s\' not allowed "
- "when called from .update method\n", keyword);
+ pr_info("keyword \'%s\' not allowed when called from .update method\n",
+ keyword);
break;
}
*hex_encoded_iv = strsep(&datablob, " \t");
if (!*hex_encoded_iv) {
- pr_info("encrypted_key: hex blob is missing\n");
+ pr_info("hex blob is missing\n");
break;
}
ret = 0;
break;
case Opt_update:
if (decrypted_datalen) {
- pr_info("encrypted_key: keyword \'%s\' not allowed "
- "when called from .instantiate method\n",
+ pr_info("keyword \'%s\' not allowed when called from .instantiate method\n",
keyword);
break;
}
ret = 0;
break;
case Opt_err:
- pr_info("encrypted_key: keyword \'%s\' not recognized\n",
- keyword);
+ pr_info("keyword \'%s\' not recognized\n", keyword);
break;
}
out:
@@ -343,7 +341,7 @@ static int calc_hmac(u8 *digest, const u8 *key, unsigned int keylen,

sdesc = alloc_sdesc(hmacalg);
if (IS_ERR(sdesc)) {
- pr_info("encrypted_key: can't alloc %s\n", hmac_alg);
+ pr_info("can't alloc %s\n", hmac_alg);
return PTR_ERR(sdesc);
}

@@ -361,7 +359,7 @@ static int calc_hash(u8 *digest, const u8 *buf, unsigned int buflen)

sdesc = alloc_sdesc(hashalg);
if (IS_ERR(sdesc)) {
- pr_info("encrypted_key: can't alloc %s\n", hash_alg);
+ pr_info("can't alloc %s\n", hash_alg);
return PTR_ERR(sdesc);
}

@@ -386,7 +384,7 @@ static int get_derived_key(u8 *derived_key, enum derived_key_type key_type,

derived_buf = kzalloc(derived_buf_len, GFP_KERNEL);
if (!derived_buf) {
- pr_err("encrypted_key: out of memory\n");
+ pr_err("out of memory\n");
return -ENOMEM;
}
if (key_type)
@@ -409,7 +407,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,

desc->tfm = crypto_alloc_blkcipher(blkcipher_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(desc->tfm)) {
- pr_err("encrypted_key: failed to load %s transform (%ld)\n",
+ pr_err("failed to load %s transform (%ld)\n",
blkcipher_alg, PTR_ERR(desc->tfm));
return PTR_ERR(desc->tfm);
}
@@ -417,7 +415,7 @@ static int init_blkcipher_desc(struct blkcipher_desc *desc, const u8 *key,

ret = crypto_blkcipher_setkey(desc->tfm, key, key_len);
if (ret < 0) {
- pr_err("encrypted_key: failed to setkey (%d)\n", ret);
+ pr_err("failed to setkey (%d)\n", ret);
crypto_free_blkcipher(desc->tfm);
return ret;
}
@@ -447,11 +445,10 @@ static struct key *request_master_key(struct encrypted_key_payload *epayload,
int ret = PTR_ERR(mkey);

if (ret == -ENOTSUPP)
- pr_info("encrypted_key: key %s not supported",
+ pr_info("key %s not supported\n",
epayload->master_desc);
else
- pr_info("encrypted_key: key %s not found",
- epayload->master_desc);
+ pr_info("key %s not found\n", epayload->master_desc);
goto out;
}

@@ -494,7 +491,7 @@ static int derived_key_encrypt(struct encrypted_key_payload *epayload,
ret = crypto_blkcipher_encrypt(&desc, sg_out, sg_in, encrypted_datalen);
crypto_free_blkcipher(desc.tfm);
if (ret < 0)
- pr_err("encrypted_key: failed to encrypt (%d)\n", ret);
+ pr_err("failed to encrypt (%d)\n", ret);
else
dump_encrypted_data(epayload, encrypted_datalen);
out:
@@ -618,8 +615,7 @@ static struct encrypted_key_payload *encrypted_key_alloc(struct key *key,
payload_datalen = decrypted_datalen;
if (format && !strcmp(format, key_format_ecryptfs)) {
if (dlen != ECRYPTFS_MAX_KEY_BYTES) {
- pr_err("encrypted_key: keylen for the ecryptfs format "
- "must be equal to %d bytes\n",
+ pr_err("keylen for the ecryptfs format must be equal to %d bytes\n",
ECRYPTFS_MAX_KEY_BYTES);
return ERR_PTR(-EINVAL);
}
@@ -687,7 +683,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,

ret = datablob_hmac_verify(epayload, format, master_key, master_keylen);
if (ret < 0) {
- pr_err("encrypted_key: bad hmac (%d)\n", ret);
+ pr_err("bad hmac (%d)\n", ret);
goto out;
}

@@ -697,7 +693,7 @@ static int encrypted_key_decrypt(struct encrypted_key_payload *epayload,

ret = derived_key_decrypt(epayload, derived_key, sizeof derived_key);
if (ret < 0)
- pr_err("encrypted_key: failed to decrypt key (%d)\n", ret);
+ pr_err("failed to decrypt key (%d)\n", ret);
out:
up_read(&mkey->sem);
key_put(mkey);
@@ -991,15 +987,13 @@ static int __init encrypted_shash_alloc(void)

hmacalg = crypto_alloc_shash(hmac_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(hmacalg)) {
- pr_info("encrypted_key: could not allocate crypto %s\n",
- hmac_alg);
+ pr_info("could not allocate crypto %s\n", hmac_alg);
return PTR_ERR(hmacalg);
}

hashalg = crypto_alloc_shash(hash_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(hashalg)) {
- pr_info("encrypted_key: could not allocate crypto %s\n",
- hash_alg);
+ pr_info("could not allocate crypto %s\n", hash_alg);
ret = PTR_ERR(hashalg);
goto hashalg_fail;
}
diff --git a/security/keys/encrypted-keys/encrypted.h b/security/keys/encrypted-keys/encrypted.h
index 8136a2d..1244aaa 100644
--- a/security/keys/encrypted-keys/encrypted.h
+++ b/security/keys/encrypted-keys/encrypted.h
@@ -40,7 +40,7 @@ static inline void dump_hmac(const char *str, const u8 *digest,
unsigned int hmac_size)
{
if (str)
- pr_info("encrypted_key: %s", str);
+ pr_info("%s", str);
print_hex_dump(KERN_ERR, "hmac: ", DUMP_PREFIX_NONE, 32, 1, digest,
hmac_size, 0);
}
diff --git a/security/keys/key.c b/security/keys/key.c
index 6e21c11..16e26c7 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -9,6 +9,8 @@
* 2 of the License, or (at your option) any later version.
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/module.h>
#include <linux/init.h>
#include <linux/poison.h>
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 6b804aa..6d3dd37 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -11,6 +11,8 @@
* See Documentation/security/keys-trusted-encrypted.txt
*/

+#define pr_fmt(fmt) "trusted_key: " fmt
+
#include <linux/uaccess.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -64,7 +66,7 @@ static int TSS_sha1(const unsigned char *data, unsigned int datalen,

sdesc = init_sdesc(hashalg);
if (IS_ERR(sdesc)) {
- pr_info("trusted_key: can't alloc %s\n", hash_alg);
+ pr_info("can't alloc %s\n", hash_alg);
return PTR_ERR(sdesc);
}

@@ -84,7 +86,7 @@ static int TSS_rawhmac(unsigned char *digest, const unsigned char *key,

sdesc = init_sdesc(hmacalg);
if (IS_ERR(sdesc)) {
- pr_info("trusted_key: can't alloc %s\n", hmac_alg);
+ pr_info("can't alloc %s\n", hmac_alg);
return PTR_ERR(sdesc);
}

@@ -134,7 +136,7 @@ static int TSS_authhmac(unsigned char *digest, const unsigned char *key,

sdesc = init_sdesc(hashalg);
if (IS_ERR(sdesc)) {
- pr_info("trusted_key: can't alloc %s\n", hash_alg);
+ pr_info("can't alloc %s\n", hash_alg);
return PTR_ERR(sdesc);
}

@@ -206,7 +208,7 @@ static int TSS_checkhmac1(unsigned char *buffer,

sdesc = init_sdesc(hashalg);
if (IS_ERR(sdesc)) {
- pr_info("trusted_key: can't alloc %s\n", hash_alg);
+ pr_info("can't alloc %s\n", hash_alg);
return PTR_ERR(sdesc);
}
ret = crypto_shash_init(&sdesc->shash);
@@ -298,7 +300,7 @@ static int TSS_checkhmac2(unsigned char *buffer,

sdesc = init_sdesc(hashalg);
if (IS_ERR(sdesc)) {
- pr_info("trusted_key: can't alloc %s\n", hash_alg);
+ pr_info("can't alloc %s\n", hash_alg);
return PTR_ERR(sdesc);
}
ret = crypto_shash_init(&sdesc->shash);
@@ -591,12 +593,12 @@ static int tpm_unseal(struct tpm_buf *tb,
/* sessions for unsealing key and data */
ret = oiap(tb, &authhandle1, enonce1);
if (ret < 0) {
- pr_info("trusted_key: oiap failed (%d)\n", ret);
+ pr_info("oiap failed (%d)\n", ret);
return ret;
}
ret = oiap(tb, &authhandle2, enonce2);
if (ret < 0) {
- pr_info("trusted_key: oiap failed (%d)\n", ret);
+ pr_info("oiap failed (%d)\n", ret);
return ret;
}

@@ -604,7 +606,7 @@ static int tpm_unseal(struct tpm_buf *tb,
keyhndl = htonl(SRKHANDLE);
ret = tpm_get_random(TPM_ANY_NUM, nonceodd, TPM_NONCE_SIZE);
if (ret != TPM_NONCE_SIZE) {
- pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
+ pr_info("tpm_get_random failed (%d)\n", ret);
return ret;
}
ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE,
@@ -636,7 +638,7 @@ static int tpm_unseal(struct tpm_buf *tb,

ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
if (ret < 0) {
- pr_info("trusted_key: authhmac failed (%d)\n", ret);
+ pr_info("authhmac failed (%d)\n", ret);
return ret;
}

@@ -648,7 +650,7 @@ static int tpm_unseal(struct tpm_buf *tb,
*datalen, TPM_DATA_OFFSET + sizeof(uint32_t), 0,
0);
if (ret < 0) {
- pr_info("trusted_key: TSS_checkhmac2 failed (%d)\n", ret);
+ pr_info("TSS_checkhmac2 failed (%d)\n", ret);
return ret;
}
memcpy(data, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t), *datalen);
@@ -675,7 +677,7 @@ static int key_seal(struct trusted_key_payload *p,
p->key, p->key_len + 1, p->blob, &p->blob_len,
o->blobauth, o->pcrinfo, o->pcrinfo_len);
if (ret < 0)
- pr_info("trusted_key: srkseal failed (%d)\n", ret);
+ pr_info("srkseal failed (%d)\n", ret);

kfree(tb);
return ret;
@@ -697,7 +699,7 @@ static int key_unseal(struct trusted_key_payload *p,
ret = tpm_unseal(tb, o->keyhandle, o->keyauth, p->blob, p->blob_len,
o->blobauth, p->key, &p->key_len);
if (ret < 0)
- pr_info("trusted_key: srkunseal failed (%d)\n", ret);
+ pr_info("srkunseal failed (%d)\n", ret);
else
/* pull migratable flag out of sealed key */
p->migratable = p->key[--p->key_len];
@@ -941,18 +943,18 @@ static int trusted_instantiate(struct key *key,
dump_payload(payload);
dump_options(options);
if (ret < 0)
- pr_info("trusted_key: key_unseal failed (%d)\n", ret);
+ pr_info("key_unseal failed (%d)\n", ret);
break;
case Opt_new:
key_len = payload->key_len;
ret = tpm_get_random(TPM_ANY_NUM, payload->key, key_len);
if (ret != key_len) {
- pr_info("trusted_key: key_create failed (%d)\n", ret);
+ pr_info("key_create failed (%d)\n", ret);
goto out;
}
ret = key_seal(payload, options);
if (ret < 0)
- pr_info("trusted_key: key_seal failed (%d)\n", ret);
+ pr_info("key_seal failed (%d)\n", ret);
break;
default:
ret = -EINVAL;
@@ -1027,14 +1029,14 @@ static int trusted_update(struct key *key, struct key_preparsed_payload *prep)

ret = key_seal(new_p, new_o);
if (ret < 0) {
- pr_info("trusted_key: key_seal failed (%d)\n", ret);
+ pr_info("key_seal failed (%d)\n", ret);
kfree(new_p);
goto out;
}
if (new_o->pcrlock) {
ret = pcrlock(new_o->pcrlock);
if (ret < 0) {
- pr_info("trusted_key: pcrlock failed (%d)\n", ret);
+ pr_info("pcrlock failed (%d)\n", ret);
kfree(new_p);
goto out;
}
@@ -1118,15 +1120,13 @@ static int __init trusted_shash_alloc(void)

hmacalg = crypto_alloc_shash(hmac_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(hmacalg)) {
- pr_info("trusted_key: could not allocate crypto %s\n",
- hmac_alg);
+ pr_info("could not allocate crypto %s\n", hmac_alg);
return PTR_ERR(hmacalg);
}

hashalg = crypto_alloc_shash(hash_alg, 0, CRYPTO_ALG_ASYNC);
if (IS_ERR(hashalg)) {
- pr_info("trusted_key: could not allocate crypto %s\n",
- hash_alg);
+ pr_info("could not allocate crypto %s\n", hash_alg);
ret = PTR_ERR(hashalg);
goto hashalg_fail;
}
diff --git a/security/keys/trusted.h b/security/keys/trusted.h
index 3249fbd..babe4fb 100644
--- a/security/keys/trusted.h
+++ b/security/keys/trusted.h
@@ -51,33 +51,33 @@ struct trusted_key_options {
#if TPM_DEBUG
static inline void dump_options(struct trusted_key_options *o)
{
- pr_info("trusted_key: sealing key type %d\n", o->keytype);
- pr_info("trusted_key: sealing key handle %0X\n", o->keyhandle);
- pr_info("trusted_key: pcrlock %d\n", o->pcrlock);
- pr_info("trusted_key: pcrinfo %d\n", o->pcrinfo_len);
+ pr_info("sealing key type %d\n", o->keytype);
+ pr_info("sealing key handle %0X\n", o->keyhandle);
+ pr_info("pcrlock %d\n", o->pcrlock);
+ pr_info("pcrinfo %d\n", o->pcrinfo_len);
print_hex_dump(KERN_INFO, "pcrinfo ", DUMP_PREFIX_NONE,
16, 1, o->pcrinfo, o->pcrinfo_len, 0);
}

static inline void dump_payload(struct trusted_key_payload *p)
{
- pr_info("trusted_key: key_len %d\n", p->key_len);
+ pr_info("key_len %d\n", p->key_len);
print_hex_dump(KERN_INFO, "key ", DUMP_PREFIX_NONE,
16, 1, p->key, p->key_len, 0);
- pr_info("trusted_key: bloblen %d\n", p->blob_len);
+ pr_info("bloblen %d\n", p->blob_len);
print_hex_dump(KERN_INFO, "blob ", DUMP_PREFIX_NONE,
16, 1, p->blob, p->blob_len, 0);
- pr_info("trusted_key: migratable %d\n", p->migratable);
+ pr_info("migratable %d\n", p->migratable);
}

static inline void dump_sess(struct osapsess *s)
{
print_hex_dump(KERN_INFO, "trusted-key: handle ", DUMP_PREFIX_NONE,
16, 1, &s->handle, 4, 0);
- pr_info("trusted-key: secret:\n");
+ pr_info("secret:\n");
print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
16, 1, &s->secret, SHA1_DIGEST_SIZE, 0);
- pr_info("trusted-key: enonce:\n");
+ pr_info("enonce:\n");
print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE,
16, 1, &s->enonce, SHA1_DIGEST_SIZE, 0);
}
@@ -86,7 +86,7 @@ static inline void dump_tpm_buf(unsigned char *buf)
{
int len;

- pr_info("\ntrusted-key: tpm buffer\n");
+ pr_info("tpm buffer\n");
len = LOAD32(buf, TPM_SIZE_OFFSET);
print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1, buf, len, 0);
}
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:00:48

by Joe Perches

[permalink] [raw]
Subject: [PATCH 6/8] security: smack: Use a more current logging style

Convert printks to pr_<level>
Add pr_fmt.

Signed-off-by: Joe Perches <[email protected]>
---
security/smack/smack_lsm.c | 7 ++++---
security/smack/smackfs.c | 25 +++++++++++--------------
2 files changed, 15 insertions(+), 17 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 14f52be..a273aad 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -18,6 +18,8 @@
* as published by the Free Software Foundation.
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/xattr.h>
#include <linux/pagemap.h>
#include <linux/mount.h>
@@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
if (sock->sk->sk_family == PF_INET) {
rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
if (rc != 0)
- printk(KERN_WARNING
- "Smack: \"%s\" netlbl error %d.\n",
+ pr_warn("\"%s\" netlbl error %d\n",
__func__, -rc);
}
} else
@@ -3916,7 +3917,7 @@ static __init int smack_init(void)
if (tsp == NULL)
return -ENOMEM;

- printk(KERN_INFO "Smack: Initializing.\n");
+ pr_info("Initializing\n");

/*
* Set the security state for the initial task.
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 3198cfe..2e25220 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -16,6 +16,8 @@
*
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/kernel.h>
#include <linux/vmalloc.h>
#include <linux/security.h>
@@ -698,8 +700,7 @@ static void smk_cipso_doi(void)

rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
if (rc != 0)
- printk(KERN_WARNING "%s:%d remove rc = %d\n",
- __func__, __LINE__, rc);
+ pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc);

doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
if (doip == NULL)
@@ -713,15 +714,13 @@ static void smk_cipso_doi(void)

rc = netlbl_cfg_cipsov4_add(doip, &nai);
if (rc != 0) {
- printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
- __func__, __LINE__, rc);
+ pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc);
kfree(doip);
return;
}
rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
if (rc != 0) {
- printk(KERN_WARNING "%s:%d map add rc = %d\n",
- __func__, __LINE__, rc);
+ pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc);
kfree(doip);
return;
}
@@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient)
if (oldambient != NULL) {
rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
if (rc != 0)
- printk(KERN_WARNING "%s:%d remove rc = %d\n",
- __func__, __LINE__, rc);
+ pr_warn("%s:%d remove rc = %d\n",
+ __func__, __LINE__, rc);
}
if (smack_net_ambient == NULL)
smack_net_ambient = &smack_known_floor;
@@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient)
rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
NULL, NULL, &nai);
if (rc != 0)
- printk(KERN_WARNING "%s:%d add rc = %d\n",
- __func__, __LINE__, rc);
+ pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc);
}

/*
@@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)

rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
if (rc != 0) {
- printk(KERN_ERR "%s failed %d while creating inodes\n",
- __func__, rc);
+ pr_err("%s failed %d while creating inodes\n", __func__, rc);
return rc;
}

@@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void)

err = smk_init_sysfs();
if (err)
- printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
+ pr_err("smackfs: sysfs mountpoint problem\n");

err = register_filesystem(&smk_fs_type);
if (!err) {
smackfs_mount = kern_mount(&smk_fs_type);
if (IS_ERR(smackfs_mount)) {
- printk(KERN_ERR "smackfs: could not mount!\n");
+ pr_err("smackfs: could not mount!\n");
err = PTR_ERR(smackfs_mount);
smackfs_mount = NULL;
}
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:00:52

by Joe Perches

[permalink] [raw]
Subject: [PATCH 8/8] security: yama: Use a more current logging style

Convert printks to pr_<level>.
Add pr_fmt to prefix with "yama: "
Convert printk_ratelimited to pr_<level>_ratelimited.

Signed-off-by: Joe Perches <[email protected]>
---
security/yama/yama_lsm.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
index 13c88fbc..9de0f2b 100644
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -12,6 +12,8 @@
*
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/security.h>
#include <linux/sysctl.h>
#include <linux/ptrace.h>
@@ -319,9 +321,8 @@ int yama_ptrace_access_check(struct task_struct *child,
}

if (rc) {
- printk_ratelimited(KERN_NOTICE
- "ptrace of pid %d was attempted by: %s (pid %d)\n",
- child->pid, current->comm, current->pid);
+ pr_notice_ratelimited("ptrace of pid %d was attempted by: %s (pid %d)\n",
+ child->pid, current->comm, current->pid);
}

return rc;
@@ -356,9 +357,8 @@ int yama_ptrace_traceme(struct task_struct *parent)
}

if (rc) {
- printk_ratelimited(KERN_NOTICE
- "ptraceme of pid %d was attempted by: %s (pid %d)\n",
- current->pid, parent->comm, parent->pid);
+ pr_notice_ratelimited("ptraceme of pid %d was attempted by: %s (pid %d)\n",
+ current->pid, parent->comm, parent->pid);
}

return rc;
@@ -425,16 +425,16 @@ static __init int yama_init(void)
return 0;
#endif

- printk(KERN_INFO "Yama: becoming mindful.\n");
+ pr_info("becoming mindful\n");

#ifndef CONFIG_SECURITY_YAMA_STACKED
if (register_security(&yama_ops))
- panic("Yama: kernel registration failed.\n");
+ panic("Yama: kernel registration failed\n");
#endif

#ifdef CONFIG_SYSCTL
if (!register_sysctl_paths(yama_sysctl_path, yama_sysctl_table))
- panic("Yama: sysctl registration failed.\n");
+ panic("Yama: sysctl registration failed\n");
#endif

return 0;
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:01:23

by Joe Perches

[permalink] [raw]
Subject: [PATCH 7/8] security: tomoyo: Use a more current logging style

Convert printks to pr_<level>
Add pr_fmt to prefix output with "tomoyo: "
Coalesce formats.

Signed-off-by: Joe Perches <[email protected]>
---
security/tomoyo/common.c | 23 ++++++++++-------------
security/tomoyo/domain.c | 8 ++++----
security/tomoyo/load_policy.c | 9 +++++----
security/tomoyo/memory.c | 7 ++++---
security/tomoyo/tomoyo.c | 4 +++-
security/tomoyo/util.c | 7 ++++---
6 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 283862a..f18d73c 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -4,6 +4,8 @@
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*/

+#define pr_fmt(fmt) "tomoyo: " fmt
+
#include <linux/uaccess.h>
#include <linux/slab.h>
#include <linux/security.h>
@@ -945,8 +947,8 @@ static bool tomoyo_manager(void)
static pid_t last_pid;
const pid_t pid = current->pid;
if (last_pid != pid) {
- printk(KERN_WARNING "%s ( %s ) is not permitted to "
- "update policies.\n", domainname->name, exe);
+ pr_warn("%s ( %s ) is not permitted to update policies\n",
+ domainname->name, exe);
last_pid = pid;
}
}
@@ -2702,29 +2704,24 @@ void tomoyo_check_profile(void)
struct tomoyo_domain_info *domain;
const int idx = tomoyo_read_lock();
tomoyo_policy_loaded = true;
- printk(KERN_INFO "TOMOYO: 2.5.0\n");
+ pr_info("TOMOYO: 2.5.0\n");
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
const u8 profile = domain->profile;
const struct tomoyo_policy_namespace *ns = domain->ns;
if (ns->profile_version != 20110903)
- printk(KERN_ERR
- "Profile version %u is not supported.\n",
+ pr_err("Profile version %u is not supported\n",
ns->profile_version);
else if (!ns->profile_ptr[profile])
- printk(KERN_ERR
- "Profile %u (used by '%s') is not defined.\n",
+ pr_err("Profile %u (used by '%s') is not defined\n",
profile, domain->domainname->name);
else
continue;
- printk(KERN_ERR
- "Userland tools for TOMOYO 2.5 must be installed and "
- "policy must be initialized.\n");
- printk(KERN_ERR "Please see http://tomoyo.sourceforge.jp/2.5/ "
- "for more information.\n");
+ pr_err("Userland tools for TOMOYO 2.5 must be installed and policy must be initialized\n");
+ pr_err("Please see http://tomoyo.sourceforge.jp/2.5/ for more information\n");
panic("STOP!");
}
tomoyo_read_unlock(idx);
- printk(KERN_INFO "Mandatory Access Control activated.\n");
+ pr_info("Mandatory Access Control activated\n");
}

/**
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 3865145..a150642 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -4,6 +4,8 @@
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*/

+#define pr_fmt(fmt) "tomoyo: " fmt
+
#include "common.h"
#include <linux/binfmts.h>
#include <linux/slab.h>
@@ -819,8 +821,7 @@ force_jump_domain:
if (domain)
retval = 0;
else if (reject_on_transition_failure) {
- printk(KERN_WARNING "ERROR: Domain '%s' not ready.\n",
- ee->tmp);
+ pr_warn("ERROR: Domain '%s' not ready\n", ee->tmp);
retval = -ENOMEM;
} else if (ee->r.mode == TOMOYO_CONFIG_ENFORCING)
retval = -ENOMEM;
@@ -831,8 +832,7 @@ force_jump_domain:
ee->r.granted = false;
tomoyo_write_log(&ee->r, "%s", tomoyo_dif
[TOMOYO_DIF_TRANSITION_FAILED]);
- printk(KERN_WARNING
- "ERROR: Domain '%s' not defined.\n", ee->tmp);
+ pr_warn("ERROR: Domain '%s' not defined\n", ee->tmp);
}
}
out:
diff --git a/security/tomoyo/load_policy.c b/security/tomoyo/load_policy.c
index 078fac0..f5f5a06 100644
--- a/security/tomoyo/load_policy.c
+++ b/security/tomoyo/load_policy.c
@@ -4,6 +4,8 @@
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*/

+#define pr_fmt(fmt) "tomoyo: " fmt
+
#include "common.h"

#ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
@@ -39,8 +41,8 @@ static bool tomoyo_policy_loader_exists(void)
if (!tomoyo_loader)
tomoyo_loader = CONFIG_SECURITY_TOMOYO_POLICY_LOADER;
if (kern_path(tomoyo_loader, LOOKUP_FOLLOW, &path)) {
- printk(KERN_INFO "Not activating Mandatory Access Control "
- "as %s does not exist.\n", tomoyo_loader);
+ pr_info("Not activating Mandatory Access Control as %s does not exist\n",
+ tomoyo_loader);
return false;
}
path_put(&path);
@@ -95,8 +97,7 @@ void tomoyo_load_policy(const char *filename)
if (!tomoyo_policy_loader_exists())
return;
done = true;
- printk(KERN_INFO "Calling %s to load policy. Please wait.\n",
- tomoyo_loader);
+ pr_info("Calling %s to load policy. Please wait.\n", tomoyo_loader);
argv[0] = (char *) tomoyo_loader;
argv[1] = NULL;
envp[0] = "HOME=/";
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index 0e99571..b9bc828 100644
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -4,6 +4,8 @@
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*/

+#define pr_fmt(fmt) "tomoyo: " fmt
+
#include <linux/hash.h>
#include <linux/slab.h>
#include "common.h"
@@ -19,12 +21,11 @@ void tomoyo_warn_oom(const char *function)
static pid_t tomoyo_last_pid;
const pid_t pid = current->pid;
if (tomoyo_last_pid != pid) {
- printk(KERN_WARNING "ERROR: Out of memory at %s.\n",
- function);
+ pr_warn("ERROR: Out of memory at %s\n", function);
tomoyo_last_pid = pid;
}
if (!tomoyo_policy_loaded)
- panic("MAC Initialization failed.\n");
+ panic("MAC Initialization failed\n");
}

/* Memoy currently used by policy/audit log/query. */
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index f0b756e..d363805 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -4,6 +4,8 @@
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*/

+#define pr_fmt(fmt) "tomoyo: " fmt
+
#include <linux/security.h>
#include "common.h"

@@ -552,7 +554,7 @@ static int __init tomoyo_init(void)
/* register ourselves with the security framework */
if (register_security(&tomoyo_security_ops))
panic("Failure registering TOMOYO Linux");
- printk(KERN_INFO "TOMOYO Linux initialized\n");
+ pr_info("TOMOYO Linux initialized\n");
cred->security = &tomoyo_kernel_domain;
tomoyo_mm_init();
return 0;
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 2952ba5..4d4131c 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -4,6 +4,8 @@
* Copyright (C) 2005-2011 NTT DATA CORPORATION
*/

+#define pr_fmt(fmt) "tomoyo: " fmt
+
#include <linux/slab.h>
#include "common.h"

@@ -1077,9 +1079,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
/* r->granted = false; */
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
- printk(KERN_WARNING "WARNING: "
- "Domain '%s' has too many ACLs to hold. "
- "Stopped learning mode.\n", domain->domainname->name);
+ pr_warn("WARNING: Domain '%s' has too many ACLs to hold - stopped learning mode\n",
+ domain->domainname->name);
}
return false;
}
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:00:45

by Joe Perches

[permalink] [raw]
Subject: [PATCH 5/8] security: selinux: Use a more current logging style

Convert printk to pr_<level>.
Add pr_fmt.
Coalesce formats, add missing space where appropriate.
Standardize on one space after "SELinux: " prefix.

Signed-off-by: Joe Perches <[email protected]>
---
security/selinux/avc.c | 7 +-
security/selinux/hooks.c | 130 ++++++++++++++++----------------------
security/selinux/netif.c | 14 ++--
security/selinux/netlink.c | 5 +-
security/selinux/netnode.c | 6 +-
security/selinux/netport.c | 7 +-
security/selinux/selinuxfs.c | 19 +++---
security/selinux/ss/avtab.c | 39 ++++++------
security/selinux/ss/conditional.c | 18 +++---
security/selinux/ss/ebitmap.c | 21 +++---
security/selinux/ss/policydb.c | 109 ++++++++++++++------------------
security/selinux/ss/services.c | 101 ++++++++++++-----------------
security/selinux/ss/sidtab.c | 8 ++-
13 files changed, 220 insertions(+), 264 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index fc3e662..f9bb683 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -13,6 +13,9 @@
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
+
+#define pr_fmt(fmt) "SELinux: " KBUILD_MODNAME ": " fmt
+
#include <linux/types.h>
#include <linux/stddef.h>
#include <linux/kernel.h>
@@ -348,8 +351,8 @@ static int avc_latest_notif_update(int seqno, int is_insert)
spin_lock_irqsave(&notif_lock, flag);
if (is_insert) {
if (seqno < avc_cache.latest_notif) {
- printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
- seqno, avc_cache.latest_notif);
+ pr_warn("seqno %d < latest_notif %d\n",
+ seqno, avc_cache.latest_notif);
ret = -EAGAIN;
}
} else {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d07413d..49a4a3d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -23,6 +23,8 @@
* as published by the Free Software Foundation.
*/

+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/init.h>
#include <linux/kd.h>
#include <linux/kernel.h>
@@ -353,7 +355,7 @@ static const match_table_t tokens = {
{Opt_error, NULL},
};

-#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
+#define SEL_MOUNT_FAIL_MSG "duplicate or incompatible mount options\n"

static int may_context_mount_sb_relabel(u32 sid,
struct superblock_security_struct *sbsec,
@@ -425,27 +427,25 @@ static int sb_finish_set_opts(struct super_block *sb)
the first boot of the SELinux kernel before we have
assigned xattr values to the filesystem. */
if (!root_inode->i_op->getxattr) {
- printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
- "xattr support\n", sb->s_id, sb->s_type->name);
+ pr_warn("(dev %s, type %s) has no xattr support\n",
+ sb->s_id, sb->s_type->name);
rc = -EOPNOTSUPP;
goto out;
}
rc = root_inode->i_op->getxattr(root, XATTR_NAME_SELINUX, NULL, 0);
if (rc < 0 && rc != -ENODATA) {
if (rc == -EOPNOTSUPP)
- printk(KERN_WARNING "SELinux: (dev %s, type "
- "%s) has no security xattr handler\n",
- sb->s_id, sb->s_type->name);
+ pr_warn("(dev %s, type %s) has no security xattr handler\n",
+ sb->s_id, sb->s_type->name);
else
- printk(KERN_WARNING "SELinux: (dev %s, type "
- "%s) getxattr errno %d\n", sb->s_id,
- sb->s_type->name, -rc);
+ pr_warn("(dev %s, type %s) getxattr errno %d\n",
+ sb->s_id, sb->s_type->name, -rc);
goto out;
}
}

if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
- printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
+ pr_err("initialized (dev %s, type %s), unknown behavior\n",
sb->s_id, sb->s_type->name);
else
printk(KERN_DEBUG "SELinux: initialized (dev %s, type %s), %s\n",
@@ -631,8 +631,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
goto out;
}
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: Unable to set superblock options "
- "before the security server is initialized\n");
+ pr_warn("Unable to set superblock options before the security server is initialized\n");
goto out;
}
if (kern_flags && !set_kern_flags) {
@@ -670,9 +669,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
rc = security_context_to_sid(mount_options[i],
strlen(mount_options[i]), &sid);
if (rc) {
- printk(KERN_WARNING "SELinux: security_context_to_sid"
- "(%s) failed for (dev %s, type %s) errno=%d\n",
- mount_options[i], sb->s_id, name, rc);
+ pr_warn("security_context_to_sid(%s) failed for (dev %s, type %s) errno=%d\n",
+ mount_options[i], sb->s_id, name, rc);
goto out;
}
switch (flags[i]) {
@@ -738,9 +736,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
*/
rc = security_fs_use(sb);
if (rc) {
- printk(KERN_WARNING
- "%s: security_fs_use(%s) returned %d\n",
- __func__, sb->s_type->name, rc);
+ pr_warn("%s: security_fs_use(%s) returned %d\n",
+ __func__, sb->s_type->name, rc);
goto out;
}
}
@@ -797,8 +794,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
sbsec->behavior != SECURITY_FS_USE_NATIVE) {
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: defcontext option is "
- "invalid for this filesystem type\n");
+ pr_warn("defcontext option is invalid for this filesystem type\n");
goto out;
}

@@ -818,8 +814,8 @@ out:
return rc;
out_double_mount:
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
- "security settings for (dev %s, type %s)\n", sb->s_id, name);
+ pr_warn("mount invalid - same superblock, different security settings for (dev %s, type %s)\n",
+ sb->s_id, name);
goto out;
}

@@ -847,9 +843,8 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb,
}
return 0;
mismatch:
- printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
- "different security settings for (dev %s, "
- "type %s)\n", newsb->s_id, newsb->s_type->name);
+ pr_warn("mount invalid - same superblock, different security settings for (dev %s, type %s)\n",
+ newsb->s_id, newsb->s_type->name);
return -EBUSY;
}

@@ -935,7 +930,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_context:
if (context || defcontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
context = match_strdup(&args[0]);
@@ -948,7 +943,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_fscontext:
if (fscontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
fscontext = match_strdup(&args[0]);
@@ -961,7 +956,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_rootcontext:
if (rootcontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
rootcontext = match_strdup(&args[0]);
@@ -974,7 +969,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_defcontext:
if (context || defcontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
defcontext = match_strdup(&args[0]);
@@ -987,7 +982,7 @@ static int selinux_parse_opts_str(char *options,
break;
default:
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: unknown mount option\n");
+ pr_warn("unknown mount option\n");
goto out_err;

}
@@ -1359,9 +1354,9 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
dput(dentry);
if (rc < 0) {
if (rc != -ENODATA) {
- printk(KERN_WARNING "SELinux: %s: getxattr returned "
- "%d for dev=%s ino=%ld\n", __func__,
- -rc, inode->i_sb->s_id, inode->i_ino);
+ pr_warn("%s: getxattr returned %d for dev=%s ino=%ld\n",
+ __func__,
+ -rc, inode->i_sb->s_id, inode->i_ino);
kfree(context);
goto out_unlock;
}
@@ -1378,13 +1373,12 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent

if (rc == -EINVAL) {
if (printk_ratelimit())
- printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
- "context=%s. This indicates you may need to relabel the inode or the "
- "filesystem in question.\n", ino, dev, context);
+ pr_notice("inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
+ ino, dev, context);
} else {
- printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
- "returned %d for dev=%s ino=%ld\n",
- __func__, context, -rc, dev, ino);
+ pr_warn("%s: context_to_sid(%s) returned %d for dev=%s ino=%ld\n",
+ __func__,
+ context, -rc, dev, ino);
}
kfree(context);
/* Leave with the unlabeled SID */
@@ -1543,8 +1537,7 @@ static int cred_has_capability(const struct cred *cred,
sclass = SECCLASS_CAPABILITY2;
break;
default:
- printk(KERN_ERR
- "SELinux: out of range capability %d\n", cap);
+ pr_err("out of range capability %d\n", cap);
BUG();
return -EINVAL;
}
@@ -1762,8 +1755,7 @@ static int may_link(struct inode *dir,
av = DIR__RMDIR;
break;
default:
- printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
- __func__, kind);
+ pr_warn("%s: unrecognized kind %d\n", __func__, kind);
return 0;
}

@@ -2491,9 +2483,9 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
len = strlen(mount_options[i]);
rc = security_context_to_sid(mount_options[i], len, &sid);
if (rc) {
- printk(KERN_WARNING "SELinux: security_context_to_sid"
- "(%s) failed for (dev %s, type %s) errno=%d\n",
- mount_options[i], sb->s_id, sb->s_type->name, rc);
+ pr_warn("security_context_to_sid(%s) failed for (dev %s, type %s) errno=%d\n",
+ mount_options[i], sb->s_id, sb->s_type->name,
+ rc);
goto out_free_opts;
}
rc = -EINVAL;
@@ -2530,9 +2522,8 @@ out_free_secdata:
free_secdata(secdata);
return rc;
out_bad_option:
- printk(KERN_WARNING "SELinux: unable to change security options "
- "during remount (dev %s, type=%s)\n", sb->s_id,
- sb->s_type->name);
+ pr_warn("unable to change security options during remount (dev %s, type=%s)\n",
+ sb->s_id, sb->s_type->name);
goto out_free_opts;
}

@@ -2624,9 +2615,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
name,
&newsid);
if (rc) {
- printk(KERN_WARNING
- "%s: security_transition_sid failed, rc=%d\n",
- __func__, -rc);
+ pr_warn("%s: security_transition_sid failed, rc=%d\n",
+ __func__, -rc);
return rc;
}
}
@@ -2660,11 +2650,8 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
inode_mode_to_security_class(inode->i_mode),
qstr, &newsid);
if (rc) {
- printk(KERN_WARNING "%s: "
- "security_transition_sid failed, rc=%d (dev=%s "
- "ino=%ld)\n",
- __func__,
- -rc, inode->i_sb->s_id, inode->i_ino);
+ pr_warn("%s: security_transition_sid failed, rc=%d (dev=%s ino=%ld)\n",
+ __func__, -rc, inode->i_sb->s_id, inode->i_ino);
return rc;
}
}
@@ -2957,8 +2944,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,

rc = security_context_to_sid_force(value, size, &newsid);
if (rc) {
- printk(KERN_ERR "SELinux: unable to map context to SID"
- "for (%s, %lu), rc=%d\n",
+ pr_err("unable to map context to SID for (%s, %lu), rc=%d\n",
inode->i_sb->s_id, inode->i_ino, -rc);
return;
}
@@ -3810,9 +3796,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
}

parse_error:
- printk(KERN_WARNING
- "SELinux: failure in selinux_parse_skb(),"
- " unable to parse packet\n");
+ pr_warn("failure in selinux_parse_skb(), unable to parse packet\n");
return ret;

okay:
@@ -3852,9 +3836,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)

err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid);
if (unlikely(err)) {
- printk(KERN_WARNING
- "SELinux: failure in selinux_skb_peerlbl_sid(),"
- " unable to determine packet's peer label\n");
+ pr_warn("failure in selinux_skb_peerlbl_sid(), unable to determine packet's peer label\n");
return -EACCES;
}

@@ -5956,11 +5938,11 @@ static __init int selinux_init(void)
}

if (!selinux_enabled) {
- printk(KERN_INFO "SELinux: Disabled at boot.\n");
+ pr_info("Disabled at boot\n");
return 0;
}

- printk(KERN_INFO "SELinux: Initializing.\n");
+ pr_info("Initializing\n");

/* Set the security state for the initial task. */
cred_init_security();
@@ -5976,9 +5958,9 @@ static __init int selinux_init(void)
panic("SELinux: Unable to register with kernel.\n");

if (selinux_enforcing)
- printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
+ printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
else
- printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
+ printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");

return 0;
}
@@ -5990,10 +5972,10 @@ static void delayed_superblock_init(struct super_block *sb, void *unused)

void selinux_complete_init(void)
{
- printk(KERN_DEBUG "SELinux: Completing initialization.\n");
+ printk(KERN_DEBUG "SELinux: Completing initialization\n");

/* Set up any superblocks initialized prior to the policy load. */
- printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
+ printk(KERN_DEBUG "SELinux: Setting up existing superblocks\n");
iterate_supers(delayed_superblock_init, NULL);
}

@@ -6055,7 +6037,7 @@ static int __init selinux_nf_ip_init(void)
if (!selinux_enabled)
goto out;

- printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
+ printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");

err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
if (err)
@@ -6076,7 +6058,7 @@ __initcall(selinux_nf_ip_init);
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static void selinux_nf_ip_exit(void)
{
- printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
+ printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");

nf_unregister_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
@@ -6108,7 +6090,7 @@ int selinux_disable(void)
return -EINVAL;
}

- printk(KERN_INFO "SELinux: Disabled at runtime.\n");
+ pr_info("Disabled at runtime\n");

selinux_disabled = 1;
selinux_enabled = 0;
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index 694e9e4..17001cc 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -14,6 +14,9 @@
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
+
+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/init.h>
#include <linux/types.h>
#include <linux/slab.h>
@@ -142,9 +145,8 @@ static int sel_netif_sid_slow(int ifindex, u32 *sid)

dev = dev_get_by_index(&init_net, ifindex);
if (unlikely(dev == NULL)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netif_sid_slow(),"
- " invalid network interface (%d)\n", ifindex);
+ pr_warn("failure in sel_netif_sid_slow(), invalid network interface (%d)\n",
+ ifindex);
return -ENOENT;
}

@@ -173,10 +175,8 @@ out:
spin_unlock_bh(&sel_netif_lock);
dev_put(dev);
if (unlikely(ret)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netif_sid_slow(),"
- " unable to determine network interface label (%d)\n",
- ifindex);
+ pr_warn("failure in sel_netif_sid_slow(), unable to determine network interface label (%d)\n",
+ ifindex);
kfree(new);
}
return ret;
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c
index 828fb6a..50bc253 100644
--- a/security/selinux/netlink.c
+++ b/security/selinux/netlink.c
@@ -9,6 +9,9 @@
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
+
+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/init.h>
#include <linux/types.h>
#include <linux/slab.h>
@@ -94,7 +97,7 @@ out:
out_kfree_skb:
kfree_skb(skb);
oom:
- printk(KERN_ERR "SELinux: OOM in %s\n", __func__);
+ pr_err("OOM in %s\n", __func__);
goto out;
}

diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 03a72c3..9f8fd79 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -28,6 +28,8 @@
*
*/

+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/list.h>
@@ -238,9 +240,7 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
out:
spin_unlock_bh(&sel_netnode_lock);
if (unlikely(ret)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netnode_sid_slow(),"
- " unable to determine network node label\n");
+ pr_warn("failure in sel_netnode_sid_slow(), unable to determine network node label\n");
kfree(new);
}
return ret;
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index d353797..20a4ed0 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -12,7 +12,6 @@
* (see security/selinux/netif.c for more information)
*
*/
-
/*
* (c) Copyright Hewlett-Packard Development Company, L.P., 2008
*
@@ -27,6 +26,8 @@
*
*/

+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/list.h>
@@ -173,9 +174,7 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
out:
spin_unlock_bh(&sel_netport_lock);
if (unlikely(ret)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netport_sid_slow(),"
- " unable to determine network port label\n");
+ pr_warn("failure in sel_netport_sid_slow(), unable to determine network port label\n");
kfree(new);
}
return ret;
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 170b4b1..78ced2a 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -14,6 +14,8 @@
* the Free Software Foundation, version 2.
*/

+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/kernel.h>
#include <linux/pagemap.h>
#include <linux/slab.h>
@@ -586,8 +588,8 @@ static ssize_t sel_write_context(struct file *file, char *buf, size_t size)

length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
- "payload max\n", __func__, len);
+ pr_err("%s: context size (%u) exceeds payload max\n",
+ __func__, len);
goto out;
}

@@ -836,8 +838,8 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)

length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
- "payload max\n", __func__, len);
+ pr_err("%s: context size (%u) exceeds payload max\n",
+ __func__, len);
goto out;
}

@@ -1012,8 +1014,8 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size)

length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
- "payload max\n", __func__, len);
+ pr_err("%s: context size (%u) exceeds payload max\n",
+ __func__, len);
goto out;
}

@@ -1873,8 +1875,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
}
return 0;
err:
- printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
- __func__);
+ pr_err("%s: failed while creating inodes\n", __func__);
return ret;
}

@@ -1912,7 +1913,7 @@ static int __init init_sel_fs(void)

selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
if (IS_ERR(selinuxfs_mount)) {
- printk(KERN_ERR "selinuxfs: could not mount!\n");
+ pr_err("selinuxfs: could not mount!\n");
err = PTR_ERR(selinuxfs_mount);
selinuxfs_mount = NULL;
}
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index a3dd9fa..b805fe2 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -17,6 +17,8 @@
* Tuned number of hash slots for avtab to reduce memory usage
*/

+#define pr_fmt(fmt) "SELinux: avtab: " fmt
+
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/errno.h>
@@ -343,18 +345,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (vers < POLICYDB_VERSION_AVTAB) {
rc = next_entry(buf32, fp, sizeof(u32));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("truncated entry\n");
return rc;
}
items2 = le32_to_cpu(buf32[0]);
if (items2 > ARRAY_SIZE(buf32)) {
- printk(KERN_ERR "SELinux: avtab: entry overflow\n");
+ pr_err("entry overflow\n");
return -EINVAL;

}
rc = next_entry(buf32, fp, sizeof(u32)*items2);
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("truncated entry\n");
return rc;
}
items = 0;
@@ -362,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
val = le32_to_cpu(buf32[items++]);
key.source_type = (u16)val;
if (key.source_type != val) {
- printk(KERN_ERR "SELinux: avtab: truncated source type\n");
+ pr_err("truncated source type\n");
return -EINVAL;
}
val = le32_to_cpu(buf32[items++]);
key.target_type = (u16)val;
if (key.target_type != val) {
- printk(KERN_ERR "SELinux: avtab: truncated target type\n");
+ pr_err("truncated target type\n");
return -EINVAL;
}
val = le32_to_cpu(buf32[items++]);
key.target_class = (u16)val;
if (key.target_class != val) {
- printk(KERN_ERR "SELinux: avtab: truncated target class\n");
+ pr_err("truncated target class\n");
return -EINVAL;
}

@@ -382,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;

if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
- printk(KERN_ERR "SELinux: avtab: null entry\n");
+ pr_err("null entry\n");
return -EINVAL;
}
if ((val & AVTAB_AV) &&
(val & AVTAB_TYPE)) {
- printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
+ pr_err("entry has both access vectors and types\n");
return -EINVAL;
}

@@ -402,7 +404,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
}

if (items != items2) {
- printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
+ pr_err("entry only had %d items, expected %d\n",
+ items2, items);
return -EINVAL;
}
return 0;
@@ -410,7 +413,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,

rc = next_entry(buf16, fp, sizeof(u16)*4);
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("truncated entry\n");
return rc;
}

@@ -423,7 +426,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (!policydb_type_isvalid(pol, key.source_type) ||
!policydb_type_isvalid(pol, key.target_type) ||
!policydb_class_isvalid(pol, key.target_class)) {
- printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
+ pr_err("invalid type or class\n");
return -EINVAL;
}

@@ -433,19 +436,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
set++;
}
if (!set || set > 1) {
- printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
+ pr_err("more than one specifier\n");
return -EINVAL;
}

rc = next_entry(buf32, fp, sizeof(u32));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("truncated entry\n");
return rc;
}
datum.data = le32_to_cpu(*buf32);
if ((key.specified & AVTAB_TYPE) &&
!policydb_type_isvalid(pol, datum.data)) {
- printk(KERN_ERR "SELinux: avtab: invalid type\n");
+ pr_err("invalid type\n");
return -EINVAL;
}
return insertf(a, &key, &datum, p);
@@ -466,12 +469,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)

rc = next_entry(buf, fp, sizeof(u32));
if (rc < 0) {
- printk(KERN_ERR "SELinux: avtab: truncated table\n");
+ pr_err("truncated table\n");
goto bad;
}
nel = le32_to_cpu(buf[0]);
if (!nel) {
- printk(KERN_ERR "SELinux: avtab: table is empty\n");
+ pr_err("table is empty\n");
rc = -EINVAL;
goto bad;
}
@@ -484,9 +487,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL);
if (rc) {
if (rc == -ENOMEM)
- printk(KERN_ERR "SELinux: avtab: out of memory\n");
+ pr_err("out of memory\n");
else if (rc == -EEXIST)
- printk(KERN_ERR "SELinux: avtab: duplicate entry\n");
+ pr_err("duplicate entry\n");

goto bad;
}
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 377d148..9bb2dde 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -7,6 +7,8 @@
* the Free Software Foundation, version 2.
*/

+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/string.h>
@@ -95,7 +97,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
if (new_state != node->cur_state) {
node->cur_state = new_state;
if (new_state == -1)
- printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
+ pr_err("expression result was undefined - disabling all rules\n");
/* turn the rules on or off */
for (cur = node->true_list; cur; cur = cur->next) {
if (new_state <= 0)
@@ -283,7 +285,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
*/
if (k->specified & AVTAB_TYPE) {
if (avtab_search(&p->te_avtab, k)) {
- printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
+ pr_err("type rule already exists outside of a conditional\n");
goto err;
}
/*
@@ -298,7 +300,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_search_node(&p->te_cond_avtab, k);
if (node_ptr) {
if (avtab_search_node_next(node_ptr, k->specified)) {
- printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
+ pr_err("too many conflicting type rules\n");
goto err;
}
found = 0;
@@ -309,13 +311,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
}
}
if (!found) {
- printk(KERN_ERR "SELinux: conflicting type rules.\n");
+ pr_err("conflicting type rules\n");
goto err;
}
}
} else {
if (avtab_search(&p->te_cond_avtab, k)) {
- printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
+ pr_err("conflicting type rules when adding type rule for true\n");
goto err;
}
}
@@ -323,7 +325,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum

node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) {
- printk(KERN_ERR "SELinux: could not insert rule.\n");
+ pr_err("could not insert rule\n");
rc = -ENOMEM;
goto err;
}
@@ -384,12 +386,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
{
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
+ pr_err("conditional expressions uses unknown operator\n");
return 0;
}

if (expr->bool > p->p_bools.nprim) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
+ pr_err("conditional expressions uses unknown bool\n");
return 0;
}
return 1;
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 820313a..0ea9bbc 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -15,6 +15,8 @@
* Applied standard bit operations to improve bitmap scanning.
*/

+#define pr_fmt(fmt) "SELinux: ebitmap: " fmt
+
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/errno.h>
@@ -382,8 +384,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
count = le32_to_cpu(buf[2]);

if (mapunit != BITS_PER_U64) {
- printk(KERN_ERR "SELinux: ebitmap: map size %u does not "
- "match my size %Zd (high bit was %d)\n",
+ pr_err("map size %u does not match my size %Zd (high bit was %d)\n",
mapunit, BITS_PER_U64, e->highbit);
goto bad;
}
@@ -400,20 +401,18 @@ int ebitmap_read(struct ebitmap *e, void *fp)
for (i = 0; i < count; i++) {
rc = next_entry(&startbit, fp, sizeof(u32));
if (rc < 0) {
- printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
+ pr_err("truncated map\n");
goto bad;
}
startbit = le32_to_cpu(startbit);

if (startbit & (mapunit - 1)) {
- printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
- "not a multiple of the map unit size (%u)\n",
+ pr_err("start bit (%d) is not a multiple of the map unit size (%u)\n",
startbit, mapunit);
goto bad;
}
if (startbit > e->highbit - mapunit) {
- printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
- "beyond the end of the bitmap (%u)\n",
+ pr_err("start bit (%d) is beyond the end of the bitmap (%u)\n",
startbit, (e->highbit - mapunit));
goto bad;
}
@@ -422,8 +421,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
struct ebitmap_node *tmp;
tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
if (!tmp) {
- printk(KERN_ERR
- "SELinux: ebitmap: out of memory\n");
+ pr_err("out of memory\n");
rc = -ENOMEM;
goto bad;
}
@@ -435,15 +433,14 @@ int ebitmap_read(struct ebitmap *e, void *fp)
e->node = tmp;
n = tmp;
} else if (startbit <= n->startbit) {
- printk(KERN_ERR "SELinux: ebitmap: start bit %d"
- " comes after start bit %d\n",
+ pr_err("start bit %d comes after start bit %d\n",
startbit, n->startbit);
goto bad;
}

rc = next_entry(&map, fp, sizeof(u64));
if (rc < 0) {
- printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
+ pr_err("truncated map\n");
goto bad;
}
map = le64_to_cpu(map);
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index c0f4988..ff9e193 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -25,6 +25,8 @@
* the Free Software Foundation, version 2.
*/

+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/slab.h>
@@ -515,14 +517,14 @@ static int policydb_index(struct policydb *p)
{
int i, rc;

- printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
+ printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
if (p->mls_enabled)
printk(", %d sens, %d cats", p->p_levels.nprim,
p->p_cats.nprim);
printk("\n");

- printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
+ printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
p->p_classes.nprim, p->te_avtab.nel);

#ifdef DEBUG_HASHES
@@ -886,7 +888,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)

rc = sidtab_init(s);
if (rc) {
- printk(KERN_ERR "SELinux: out of memory on SID table init\n");
+ pr_err("out of memory on SID table init\n");
goto out;
}

@@ -894,15 +896,13 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
for (c = head; c; c = c->next) {
rc = -EINVAL;
if (!c->context[0].user) {
- printk(KERN_ERR "SELinux: SID %s was never defined.\n",
- c->u.name);
+ pr_err("SID %s was never defined\n", c->u.name);
goto out;
}

rc = sidtab_insert(s, c->sid[0], &c->context[0]);
if (rc) {
- printk(KERN_ERR "SELinux: unable to load initial SID %s.\n",
- c->u.name);
+ pr_err("unable to load initial SID %s\n", c->u.name);
goto out;
}
}
@@ -994,13 +994,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
rc = -EINVAL;
items = le32_to_cpu(buf[0]);
if (items > ARRAY_SIZE(buf)) {
- printk(KERN_ERR "SELinux: mls: range overflow\n");
+ pr_err("mls: range overflow\n");
goto out;
}

rc = next_entry(buf, fp, sizeof(u32) * items);
if (rc) {
- printk(KERN_ERR "SELinux: mls: truncated range\n");
+ pr_err("mls: truncated range\n");
goto out;
}

@@ -1012,19 +1012,19 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)

rc = ebitmap_read(&r->level[0].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading low categories\n");
+ pr_err("mls: error reading low categories\n");
goto out;
}
if (items > 1) {
rc = ebitmap_read(&r->level[1].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading high categories\n");
+ pr_err("mls: error reading high categories\n");
goto bad_high;
}
} else {
rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
if (rc) {
- printk(KERN_ERR "SELinux: mls: out of memory\n");
+ pr_err("mls: out of memory\n");
goto bad_high;
}
}
@@ -1049,7 +1049,7 @@ static int context_read_and_validate(struct context *c,

rc = next_entry(buf, fp, sizeof buf);
if (rc) {
- printk(KERN_ERR "SELinux: context truncated\n");
+ pr_err("context truncated\n");
goto out;
}
c->user = le32_to_cpu(buf[0]);
@@ -1058,14 +1058,14 @@ static int context_read_and_validate(struct context *c,
if (p->policyvers >= POLICYDB_VERSION_MLS) {
rc = mls_read_range_helper(&c->range, fp);
if (rc) {
- printk(KERN_ERR "SELinux: error reading MLS range of context\n");
+ pr_err("error reading MLS range of context\n");
goto out;
}
}

rc = -EINVAL;
if (!policydb_context_isvalid(p, c)) {
- printk(KERN_ERR "SELinux: invalid security context\n");
+ pr_err("invalid security context\n");
context_destroy(c);
goto out;
}
@@ -1344,7 +1344,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
rc = -EINVAL;
cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
if (!cladatum->comdatum) {
- printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey);
+ pr_err("unknown common %s\n", cladatum->comkey);
goto bad;
}
}
@@ -1443,7 +1443,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
if (strcmp(key, OBJECT_R) == 0) {
rc = -EINVAL;
if (role->value != OBJECT_R_VAL) {
- printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
+ pr_err("Role %s has wrong value %d\n",
OBJECT_R, role->value);
goto bad;
}
@@ -1527,14 +1527,14 @@ static int mls_read_level(struct mls_level *lp, void *fp)

rc = next_entry(buf, fp, sizeof buf);
if (rc) {
- printk(KERN_ERR "SELinux: mls: truncated level\n");
+ pr_err("mls: truncated level\n");
return rc;
}
lp->sens = le32_to_cpu(buf[0]);

rc = ebitmap_read(&lp->cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading level categories\n");
+ pr_err("mls: error reading level categories\n");
return rc;
}
return 0;
@@ -1706,8 +1706,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
unsigned long bit;

if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: user %s: "
- "too deep or looped boundary",
+ pr_err("user %s: too deep or looped boundary\n",
(char *) key);
return -EINVAL;
}
@@ -1717,9 +1716,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
if (ebitmap_get_bit(&upper->roles, bit))
continue;

- printk(KERN_ERR
- "SELinux: boundary violated policy: "
- "user=%s role=%s bounds=%s\n",
+ pr_err("boundary violated policy: user=%s role=%s bounds=%s\n",
sym_name(p, SYM_USERS, user->value - 1),
sym_name(p, SYM_ROLES, bit),
sym_name(p, SYM_USERS, upper->value - 1));
@@ -1743,8 +1740,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
unsigned long bit;

if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: role %s: "
- "too deep or looped bounds\n",
+ pr_err("role %s: too deep or looped bounds\n",
(char *) key);
return -EINVAL;
}
@@ -1754,9 +1750,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
if (ebitmap_get_bit(&upper->types, bit))
continue;

- printk(KERN_ERR
- "SELinux: boundary violated policy: "
- "role=%s type=%s bounds=%s\n",
+ pr_err("boundary violated policy: role=%s type=%s bounds=%s\n",
sym_name(p, SYM_ROLES, role->value - 1),
sym_name(p, SYM_TYPES, bit),
sym_name(p, SYM_ROLES, upper->value - 1));
@@ -1777,8 +1771,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
upper = datum;
while (upper->bounds) {
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: type %s: "
- "too deep or looped boundary\n",
+ pr_err("type %s: too deep or looped boundary\n",
(char *) key);
return -EINVAL;
}
@@ -1788,8 +1781,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
BUG_ON(!upper);

if (upper->attribute) {
- printk(KERN_ERR "SELinux: type %s: "
- "bounded by attribute %s",
+ pr_err("type %s: bounded by attribute %s\n",
(char *) key,
sym_name(p, SYM_TYPES, upper->value - 1));
return -EINVAL;
@@ -1911,7 +1903,7 @@ static int range_read(struct policydb *p, void *fp)

rc = -EINVAL;
if (!mls_range_isvalid(p, r)) {
- printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
+ pr_warn("rangetrans: invalid range\n");
goto out;
}

@@ -2060,7 +2052,7 @@ static int genfs_read(struct policydb *p, void *fp)
genfs_p = genfs, genfs = genfs->next) {
rc = -EINVAL;
if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
- printk(KERN_ERR "SELinux: dup genfs fstype %s\n",
+ pr_err("dup genfs fstype %s\n",
newgenfs->fstype);
goto out;
}
@@ -2116,7 +2108,7 @@ static int genfs_read(struct policydb *p, void *fp)
if (!strcmp(newc->u.name, c->u.name) &&
(!c->v.sclass || !newc->v.sclass ||
newc->v.sclass == c->v.sclass)) {
- printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n",
+ pr_err("dup genfs entry (%s,%s)\n",
genfs->fstype, c->u.name);
goto out;
}
@@ -2303,8 +2295,7 @@ int policydb_read(struct policydb *p, void *fp)

rc = -EINVAL;
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
- printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
- "not match expected magic number 0x%x\n",
+ pr_err("policydb magic number 0x%x does not match expected magic number 0x%x\n",
le32_to_cpu(buf[0]), POLICYDB_MAGIC);
goto bad;
}
@@ -2312,8 +2303,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
- printk(KERN_ERR "SELinux: policydb string length %d does not "
- "match expected length %Zu\n",
+ pr_err("policydb string length %d does not match expected length %Zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
}
@@ -2321,14 +2311,14 @@ int policydb_read(struct policydb *p, void *fp)
rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
if (!policydb_str) {
- printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
- "string of length %d\n", len);
+ pr_err("unable to allocate memory for policydb string of length %d\n",
+ len);
goto bad;
}

rc = next_entry(policydb_str, fp, len);
if (rc) {
- printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
+ pr_err("truncated policydb string identifier\n");
kfree(policydb_str);
goto bad;
}
@@ -2336,8 +2326,8 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
policydb_str[len] = '\0';
if (strcmp(policydb_str, POLICYDB_STRING)) {
- printk(KERN_ERR "SELinux: policydb string %s does not match "
- "my string %s\n", policydb_str, POLICYDB_STRING);
+ pr_err("policydb string %s does not match my string %s\n",
+ policydb_str, POLICYDB_STRING);
kfree(policydb_str);
goto bad;
}
@@ -2354,9 +2344,9 @@ int policydb_read(struct policydb *p, void *fp)
p->policyvers = le32_to_cpu(buf[0]);
if (p->policyvers < POLICYDB_VERSION_MIN ||
p->policyvers > POLICYDB_VERSION_MAX) {
- printk(KERN_ERR "SELinux: policydb version %d does not match "
- "my version range %d-%d\n",
- le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
+ pr_err("policydb version %d does not match my version range %d-%d\n",
+ le32_to_cpu(buf[0]),
+ POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
goto bad;
}

@@ -2365,9 +2355,8 @@ int policydb_read(struct policydb *p, void *fp)

rc = -EINVAL;
if (p->policyvers < POLICYDB_VERSION_MLS) {
- printk(KERN_ERR "SELinux: security policydb version %d "
- "(MLS) not backwards compatible\n",
- p->policyvers);
+ pr_err("security policydb version %d (MLS) not backwards compatible\n",
+ p->policyvers);
goto bad;
}
}
@@ -2389,17 +2378,16 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
info = policydb_lookup_compat(p->policyvers);
if (!info) {
- printk(KERN_ERR "SELinux: unable to find policy compat info "
- "for version %d\n", p->policyvers);
+ pr_err("unable to find policy compat info for version %d\n",
+ p->policyvers);
goto bad;
}

rc = -EINVAL;
if (le32_to_cpu(buf[2]) != info->sym_num ||
le32_to_cpu(buf[3]) != info->ocon_num) {
- printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
- "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
- le32_to_cpu(buf[3]),
+ pr_err("policydb table sizes (%d,%d) do not match mine (%d,%d)\n",
+ le32_to_cpu(buf[2]), le32_to_cpu(buf[3]),
info->sym_num, info->ocon_num);
goto bad;
}
@@ -3397,9 +3385,8 @@ int policydb_write(struct policydb *p, void *fp)
* careful if you ever try to remove this restriction
*/
if (p->policyvers < POLICYDB_VERSION_AVTAB) {
- printk(KERN_ERR "SELinux: refusing to write policy version %d."
- " Because it is less than version %d\n", p->policyvers,
- POLICYDB_VERSION_AVTAB);
+ pr_err("refusing to write policy version %d because it is less than version %d\n",
+ p->policyvers, POLICYDB_VERSION_AVTAB);
return -EINVAL;
}

@@ -3426,8 +3413,8 @@ int policydb_write(struct policydb *p, void *fp)
/* Write the version, config, and table sizes. */
info = policydb_lookup_compat(p->policyvers);
if (!info) {
- printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
- "version %d", p->policyvers);
+ pr_err("compatibility lookup failed for policy version %d\n",
+ p->policyvers);
return -EINVAL;
}

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 5d0144e..3cbeff3 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -39,6 +39,9 @@
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2.
*/
+
+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/string.h>
@@ -143,9 +146,7 @@ static int selinux_set_mapping(struct policydb *pol,

p_out->value = string_to_security_class(pol, p_in->name);
if (!p_out->value) {
- printk(KERN_INFO
- "SELinux: Class %s not defined in policy.\n",
- p_in->name);
+ pr_info("Class %s not defined in policy\n", p_in->name);
if (pol->reject_unknown)
goto err;
p_out->num_perms = 0;
@@ -163,9 +164,8 @@ static int selinux_set_mapping(struct policydb *pol,
p_out->perms[k] = string_to_av_perm(pol, p_out->value,
p_in->perms[k]);
if (!p_out->perms[k]) {
- printk(KERN_INFO
- "SELinux: Permission %s in class %s not defined in policy.\n",
- p_in->perms[k], p_in->name);
+ pr_info("Permission %s in class %s not defined in policy\n",
+ p_in->perms[k], p_in->name);
if (pol->reject_unknown)
goto err;
print_unknown_handle = true;
@@ -177,8 +177,8 @@ static int selinux_set_mapping(struct policydb *pol,
}

if (print_unknown_handle)
- printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
- pol->allow_unknown ? "allowed" : "denied");
+ pr_info("the above unknown classes and permissions will be %s\n",
+ pol->allow_unknown ? "allowed" : "denied");

*out_map_p = out_map;
*out_map_size = i;
@@ -636,7 +636,7 @@ static void context_struct_compute_av(struct context *scontext,

if (unlikely(!tclass || tclass > policydb.p_classes.nprim)) {
if (printk_ratelimit())
- printk(KERN_WARNING "SELinux: Invalid class %hu\n", tclass);
+ pr_warn("Invalid class %hu\n", tclass);
return;
}

@@ -760,8 +760,7 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
tclass = unmap_class(orig_tclass);

if (!tclass || tclass > policydb.p_classes.nprim) {
- printk(KERN_ERR "SELinux: %s: unrecognized class %d\n",
- __func__, tclass);
+ pr_err("%s: unrecognized class %d\n", __func__, tclass);
rc = -EINVAL;
goto out;
}
@@ -769,24 +768,21 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,

ocontext = sidtab_search(&sidtab, oldsid);
if (!ocontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, oldsid);
+ pr_err("%s: unrecognized SID %d\n", __func__, oldsid);
rc = -EINVAL;
goto out;
}

ncontext = sidtab_search(&sidtab, newsid);
if (!ncontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, newsid);
+ pr_err("%s: unrecognized SID %d\n", __func__, newsid);
rc = -EINVAL;
goto out;
}

tcontext = sidtab_search(&sidtab, tasksid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, tasksid);
+ pr_err("%s: unrecognized SID %d\n", __func__, tasksid);
rc = -EINVAL;
goto out;
}
@@ -828,16 +824,14 @@ int security_bounded_transition(u32 old_sid, u32 new_sid)
rc = -EINVAL;
old_context = sidtab_search(&sidtab, old_sid);
if (!old_context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
- __func__, old_sid);
+ pr_err("%s: unrecognized SID %u\n", __func__, old_sid);
goto out;
}

rc = -EINVAL;
new_context = sidtab_search(&sidtab, new_sid);
if (!new_context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
- __func__, new_sid);
+ pr_err("%s: unrecognized SID %u\n", __func__, new_sid);
goto out;
}

@@ -925,8 +919,7 @@ void security_compute_av(u32 ssid,

scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, ssid);
+ pr_err("%s: unrecognized SID %d\n", __func__, ssid);
goto out;
}

@@ -936,8 +929,7 @@ void security_compute_av(u32 ssid,

tcontext = sidtab_search(&sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, tsid);
+ pr_err("%s: unrecognized SID %d\n", __func__, tsid);
goto out;
}

@@ -971,8 +963,7 @@ void security_compute_av_user(u32 ssid,

scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, ssid);
+ pr_err("%s: unrecognized SID %d\n", __func__, ssid);
goto out;
}

@@ -982,8 +973,7 @@ void security_compute_av_user(u32 ssid,

tcontext = sidtab_search(&sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, tsid);
+ pr_err("%s: unrecognized SID %d\n", __func__, tsid);
goto out;
}

@@ -1095,8 +1085,8 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
*scontext = scontextp;
goto out;
}
- printk(KERN_ERR "SELinux: %s: called before initial "
- "load_policy on unknown SID %d\n", __func__, sid);
+ pr_err("%s: called before initial load_policy on unknown SID %d\n",
+ __func__, sid);
rc = -EINVAL;
goto out;
}
@@ -1106,8 +1096,7 @@ static int security_sid_to_context_core(u32 sid, char **scontext,
else
context = sidtab_search(&sidtab, sid);
if (!context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, sid);
+ pr_err("%s: unrecognized SID %d\n", __func__, sid);
rc = -EINVAL;
goto out_unlock;
}
@@ -1432,15 +1421,13 @@ static int security_compute_sid(u32 ssid,

scontext = sidtab_search(&sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, ssid);
+ pr_err("%s: unrecognized SID %d\n", __func__, ssid);
rc = -EINVAL;
goto out_unlock;
}
tcontext = sidtab_search(&sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, tsid);
+ pr_err("%s: unrecognized SID %d\n", __func__, tsid);
rc = -EINVAL;
goto out_unlock;
}
@@ -1653,7 +1640,7 @@ static inline int convert_context_handle_invalid_context(struct context *context
return -EINVAL;

if (!context_struct_to_string(context, &s, &len)) {
- printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s);
+ pr_warn("Context %s would be invalid if enforcing\n", s);
kfree(s);
}
return 0;
@@ -1703,8 +1690,7 @@ static int convert_context(u32 key,
c->len, &ctx, SECSID_NULL);
kfree(s);
if (!rc) {
- printk(KERN_INFO "SELinux: Context %s became valid (mapped).\n",
- c->str);
+ pr_info("Context %s became valid (mapped)\n", c->str);
/* Replace string with mapped representation. */
kfree(c->str);
memcpy(c, &ctx, sizeof(*c));
@@ -1715,7 +1701,7 @@ static int convert_context(u32 key,
goto out;
} else {
/* Other error condition, e.g. ENOMEM. */
- printk(KERN_ERR "SELinux: Unable to map context %s, rc = %d.\n",
+ pr_err("Unable to map context %s, rc = %d\n",
c->str, -rc);
goto out;
}
@@ -1774,8 +1760,7 @@ static int convert_context(u32 key,
oc = oc->next;
rc = -EINVAL;
if (!oc) {
- printk(KERN_ERR "SELinux: unable to look up"
- " the initial SIDs list\n");
+ pr_err("unable to look up the initial SIDs list\n");
goto bad;
}
range = &oc->context[0].range;
@@ -1805,8 +1790,7 @@ bad:
context_destroy(c);
c->str = s;
c->len = len;
- printk(KERN_INFO "SELinux: Context %s became invalid (unmapped).\n",
- c->str);
+ pr_info("Context %s became invalid (unmapped)\n", c->str);
rc = 0;
goto out;
}
@@ -1899,13 +1883,13 @@ int security_load_policy(void *data, size_t len)
newpolicydb->len = len;
/* If switching between different policy types, log MLS status */
if (policydb.mls_enabled && !newpolicydb->mls_enabled)
- printk(KERN_INFO "SELinux: Disabling MLS support...\n");
+ pr_info("Disabling MLS support...\n");
else if (!policydb.mls_enabled && newpolicydb->mls_enabled)
- printk(KERN_INFO "SELinux: Enabling MLS support...\n");
+ pr_info("Enabling MLS support...\n");

rc = policydb_load_isids(newpolicydb, &newsidtab);
if (rc) {
- printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
+ pr_err("unable to load the initial SIDs\n");
policydb_destroy(newpolicydb);
goto out;
}
@@ -1916,7 +1900,7 @@ int security_load_policy(void *data, size_t len)

rc = security_preserve_bools(newpolicydb);
if (rc) {
- printk(KERN_ERR "SELinux: unable to preserve booleans\n");
+ pr_err("unable to preserve booleans\n");
goto err;
}

@@ -1935,9 +1919,7 @@ int security_load_policy(void *data, size_t len)
args.newp = newpolicydb;
rc = sidtab_map(&newsidtab, convert_context, &args);
if (rc) {
- printk(KERN_ERR "SELinux: unable to convert the internal"
- " representation of contexts in the new SID"
- " table\n");
+ pr_err("unable to convert the internal representation of contexts in the new SID table\n");
goto err;
}

@@ -2557,16 +2539,14 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
rc = -EINVAL;
context1 = sidtab_search(&sidtab, sid);
if (!context1) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, sid);
+ pr_err("%s: unrecognized SID %d\n", __func__, sid);
goto out_unlock;
}

rc = -EINVAL;
context2 = sidtab_search(&sidtab, mls_sid);
if (!context2) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, mls_sid);
+ pr_err("%s: unrecognized SID %d\n", __func__, mls_sid);
goto out_unlock;
}

@@ -2654,15 +2634,13 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
rc = -EINVAL;
nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
if (!nlbl_ctx) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, nlbl_sid);
+ pr_err("%s: unrecognized SID %d\n", __func__, nlbl_sid);
goto out;
}
rc = -EINVAL;
xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
if (!xfrm_ctx) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
- __func__, xfrm_sid);
+ pr_err("%s: unrecognized SID %d\n", __func__, xfrm_sid);
goto out;
}
rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES);
@@ -2742,8 +2720,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
rc = -EINVAL;
match = hashtab_search(policydb.p_classes.table, class);
if (!match) {
- printk(KERN_ERR "SELinux: %s: unrecognized class %s\n",
- __func__, class);
+ pr_err("%s: unrecognized class %s\n", __func__, class);
goto out;
}

diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index 5840a35..aef422a 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -3,6 +3,9 @@
*
* Author : Stephen Smalley, <[email protected]>
*/
+
+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/kernel.h>
#include <linux/slab.h>
#include <linux/spinlock.h>
@@ -220,9 +223,8 @@ int sidtab_context_to_sid(struct sidtab *s,
}
sid = s->next_sid++;
if (context->len)
- printk(KERN_INFO
- "SELinux: Context %s is not valid (left unmapped).\n",
- context->str);
+ pr_info("Context %s is not valid (left unmapped)\n",
+ context->str);
ret = sidtab_insert(s, sid, context);
if (ret)
s->next_sid--;
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:00:22

by Joe Perches

[permalink] [raw]
Subject: [PATCH 1/8] security: Use a more current logging style

Convert printks to pr_<level>.
Add pr_fmt to prefix output with "security: " or "capability: "
Coalesce formats.
Use a generic string for pr_debug to reduce object size.

Signed-off-by: Joe Perches <[email protected]>
---
security/capability.c | 16 +++++++++-------
security/commoncap.c | 15 ++++++++-------
security/security.c | 4 +++-
3 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/security/capability.c b/security/capability.c
index 8b4f24a..086af9b 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -10,6 +10,8 @@
*
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/security.h>

static int cap_syslog(int type)
@@ -914,13 +916,13 @@ static void cap_audit_rule_free(void *lsmrule)
#endif /* CONFIG_AUDIT */

#define set_to_cap_if_null(ops, function) \
- do { \
- if (!ops->function) { \
- ops->function = cap_##function; \
- pr_debug("Had to override the " #function \
- " security operation with the default.\n");\
- } \
- } while (0)
+do { \
+ if (!ops->function) { \
+ ops->function = cap_##function; \
+ pr_debug("Had to override the %s security operation with the default\n", \
+ #function); \
+ } \
+} while (0)

void __init security_fixup_ops(struct security_operations *ops)
{
diff --git a/security/commoncap.c b/security/commoncap.c
index b9d613e..b5c3bc4 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -7,6 +7,8 @@
*
*/

+#define pr_fmt(fmt) "capability: " fmt
+
#include <linux/capability.h>
#include <linux/audit.h>
#include <linux/module.h>
@@ -46,9 +48,8 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
{
static int warned;
if (!warned) {
- printk(KERN_INFO "warning: `%s' has both setuid-root and"
- " effective capabilities. Therefore not raising all"
- " capabilities.\n", fname);
+ pr_info("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n",
+ fname);
warned = 1;
}
}
@@ -448,8 +449,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
rc = get_vfs_caps_from_disk(dentry, &vcaps);
if (rc < 0) {
if (rc == -EINVAL)
- printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n",
- __func__, rc, bprm->filename);
+ pr_notice("%s: get_vfs_caps_from_disk returned %d for %s\n",
+ __func__, rc, bprm->filename);
else if (rc == -ENODATA)
rc = 0;
goto out;
@@ -457,8 +458,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c

rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap);
if (rc == -EINVAL)
- printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
- __func__, rc, bprm->filename);
+ pr_notice("%s: cap_from_disk returned %d for %s\n",
+ __func__, rc, bprm->filename);

out:
dput(dentry);
diff --git a/security/security.c b/security/security.c
index 15b6928..53d1885 100644
--- a/security/security.c
+++ b/security/security.c
@@ -11,6 +11,8 @@
* (at your option) any later version.
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/capability.h>
#include <linux/dcache.h>
#include <linux/module.h>
@@ -64,7 +66,7 @@ static void __init do_security_initcalls(void)
*/
int __init security_init(void)
{
- printk(KERN_INFO "Security Framework initialized\n");
+ pr_info("Security Framework initialized\n");

security_fixup_ops(&default_security_ops);
security_ops = &default_security_ops;
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-24 22:23:15

by Casey Schaufler

[permalink] [raw]
Subject: Re: [PATCH 6/8] security: smack: Use a more current logging style

On 2/24/2014 1:59 PM, Joe Perches wrote:
> Convert printks to pr_<level>
> Add pr_fmt.
>
> Signed-off-by: Joe Perches <[email protected]>
> ---
> security/smack/smack_lsm.c | 7 ++++---
> security/smack/smackfs.c | 25 +++++++++++--------------
> 2 files changed, 15 insertions(+), 17 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 14f52be..a273aad 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -18,6 +18,8 @@
> * as published by the Free Software Foundation.
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +

What is pr_fmt() for?

> #include <linux/xattr.h>
> #include <linux/pagemap.h>
> #include <linux/mount.h>
> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
> if (sock->sk->sk_family == PF_INET) {
> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
> if (rc != 0)
> - printk(KERN_WARNING
> - "Smack: \"%s\" netlbl error %d.\n",
> + pr_warn("\"%s\" netlbl error %d\n",
> __func__, -rc);
> }
> } else
> @@ -3916,7 +3917,7 @@ static __init int smack_init(void)
> if (tsp == NULL)
> return -ENOMEM;
>
> - printk(KERN_INFO "Smack: Initializing.\n");
> + pr_info("Initializing\n");
>
> /*
> * Set the security state for the initial task.
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 3198cfe..2e25220 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -16,6 +16,8 @@
> *
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/kernel.h>
> #include <linux/vmalloc.h>
> #include <linux/security.h>
> @@ -698,8 +700,7 @@ static void smk_cipso_doi(void)
>
> rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
> if (rc != 0)
> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc);
>
> doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
> if (doip == NULL)
> @@ -713,15 +714,13 @@ static void smk_cipso_doi(void)
>
> rc = netlbl_cfg_cipsov4_add(doip, &nai);
> if (rc != 0) {
> - printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc);
> kfree(doip);
> return;
> }
> rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
> if (rc != 0) {
> - printk(KERN_WARNING "%s:%d map add rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc);
> kfree(doip);
> return;
> }
> @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient)
> if (oldambient != NULL) {
> rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
> if (rc != 0)
> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d remove rc = %d\n",
> + __func__, __LINE__, rc);
> }
> if (smack_net_ambient == NULL)
> smack_net_ambient = &smack_known_floor;
> @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient)
> rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
> NULL, NULL, &nai);
> if (rc != 0)
> - printk(KERN_WARNING "%s:%d add rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc);
> }
>
> /*
> @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
>
> rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
> if (rc != 0) {
> - printk(KERN_ERR "%s failed %d while creating inodes\n",
> - __func__, rc);
> + pr_err("%s failed %d while creating inodes\n", __func__, rc);
> return rc;
> }
>
> @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void)
>
> err = smk_init_sysfs();
> if (err)
> - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
> + pr_err("smackfs: sysfs mountpoint problem\n");
>
> err = register_filesystem(&smk_fs_type);
> if (!err) {
> smackfs_mount = kern_mount(&smk_fs_type);
> if (IS_ERR(smackfs_mount)) {
> - printk(KERN_ERR "smackfs: could not mount!\n");
> + pr_err("smackfs: could not mount!\n");
> err = PTR_ERR(smackfs_mount);
> smackfs_mount = NULL;
> }

2014-02-24 22:23:24

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 6/8] security: smack: Use a more current logging style

On Mon, 2014-02-24 at 14:16 -0800, Casey Schaufler wrote:
> On 2/24/2014 1:59 PM, Joe Perches wrote:
> > Convert printks to pr_<level>
> > Add pr_fmt.

> > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
[]
> > +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> > +
>
> What is pr_fmt() for?

Prefixing "smack: " to the pr_<level> uses.

> > @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
> > if (sock->sk->sk_family == PF_INET) {
> > rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
> > if (rc != 0)
> > - printk(KERN_WARNING
> > - "Smack: \"%s\" netlbl error %d.\n",
> > + pr_warn("\"%s\" netlbl error %d\n",
> > __func__, -rc);

This will be now be emitted as

<4>smack: "smack_inode_setsecurity" netlbl error -<d>

instead of

<4>Smack: "smack_inode_setsecurity" netlbl error -<d>

Though it'd be a lot more common to use:

pr_warn("%s: netlbl error: %d\n",
__func__, -rc);

so the output would be:

<4>smack: smack_inode_setsecurity: netlbl error: -<d>

2014-02-24 22:33:57

by Casey Schaufler

[permalink] [raw]
Subject: Re: [PATCH 6/8] security: smack: Use a more current logging style

On 2/24/2014 2:23 PM, Joe Perches wrote:
> On Mon, 2014-02-24 at 14:16 -0800, Casey Schaufler wrote:
>> On 2/24/2014 1:59 PM, Joe Perches wrote:
>>> Convert printks to pr_<level>
>>> Add pr_fmt.
>>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> []
>>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>>> +
>> What is pr_fmt() for?
> Prefixing "smack: " to the pr_<level> uses.

OK. I didn't see where it was used. I understand now. I'll go
back and ACK the changes.

>
>>> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
>>> if (sock->sk->sk_family == PF_INET) {
>>> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
>>> if (rc != 0)
>>> - printk(KERN_WARNING
>>> - "Smack: \"%s\" netlbl error %d.\n",
>>> + pr_warn("\"%s\" netlbl error %d\n",
>>> __func__, -rc);
> This will be now be emitted as
>
> <4>smack: "smack_inode_setsecurity" netlbl error -<d>
>
> instead of
>
> <4>Smack: "smack_inode_setsecurity" netlbl error -<d>
>
> Though it'd be a lot more common to use:
>
> pr_warn("%s: netlbl error: %d\n",
> __func__, -rc);
>
> so the output would be:
>
> <4>smack: smack_inode_setsecurity: netlbl error: -<d>
>
>
>

2014-02-24 22:35:29

by Casey Schaufler

[permalink] [raw]
Subject: Re: [PATCH 6/8] security: smack: Use a more current logging style

On 2/24/2014 1:59 PM, Joe Perches wrote:
> Convert printks to pr_<level>
> Add pr_fmt.
>
> Signed-off-by: Joe Perches <[email protected]>

Acked-by: Casey Schaufler <[email protected]>

I will take this into the smack-next tree.

> ---
> security/smack/smack_lsm.c | 7 ++++---
> security/smack/smackfs.c | 25 +++++++++++--------------
> 2 files changed, 15 insertions(+), 17 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 14f52be..a273aad 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -18,6 +18,8 @@
> * as published by the Free Software Foundation.
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/xattr.h>
> #include <linux/pagemap.h>
> #include <linux/mount.h>
> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
> if (sock->sk->sk_family == PF_INET) {
> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
> if (rc != 0)
> - printk(KERN_WARNING
> - "Smack: \"%s\" netlbl error %d.\n",
> + pr_warn("\"%s\" netlbl error %d\n",
> __func__, -rc);
> }
> } else
> @@ -3916,7 +3917,7 @@ static __init int smack_init(void)
> if (tsp == NULL)
> return -ENOMEM;
>
> - printk(KERN_INFO "Smack: Initializing.\n");
> + pr_info("Initializing\n");
>
> /*
> * Set the security state for the initial task.
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 3198cfe..2e25220 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -16,6 +16,8 @@
> *
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/kernel.h>
> #include <linux/vmalloc.h>
> #include <linux/security.h>
> @@ -698,8 +700,7 @@ static void smk_cipso_doi(void)
>
> rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
> if (rc != 0)
> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc);
>
> doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
> if (doip == NULL)
> @@ -713,15 +714,13 @@ static void smk_cipso_doi(void)
>
> rc = netlbl_cfg_cipsov4_add(doip, &nai);
> if (rc != 0) {
> - printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc);
> kfree(doip);
> return;
> }
> rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
> if (rc != 0) {
> - printk(KERN_WARNING "%s:%d map add rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc);
> kfree(doip);
> return;
> }
> @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient)
> if (oldambient != NULL) {
> rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
> if (rc != 0)
> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d remove rc = %d\n",
> + __func__, __LINE__, rc);
> }
> if (smack_net_ambient == NULL)
> smack_net_ambient = &smack_known_floor;
> @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient)
> rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
> NULL, NULL, &nai);
> if (rc != 0)
> - printk(KERN_WARNING "%s:%d add rc = %d\n",
> - __func__, __LINE__, rc);
> + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc);
> }
>
> /*
> @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
>
> rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
> if (rc != 0) {
> - printk(KERN_ERR "%s failed %d while creating inodes\n",
> - __func__, rc);
> + pr_err("%s failed %d while creating inodes\n", __func__, rc);
> return rc;
> }
>
> @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void)
>
> err = smk_init_sysfs();
> if (err)
> - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
> + pr_err("smackfs: sysfs mountpoint problem\n");
>
> err = register_filesystem(&smk_fs_type);
> if (!err) {
> smackfs_mount = kern_mount(&smk_fs_type);
> if (IS_ERR(smackfs_mount)) {
> - printk(KERN_ERR "smackfs: could not mount!\n");
> + pr_err("smackfs: could not mount!\n");
> err = PTR_ERR(smackfs_mount);
> smackfs_mount = NULL;
> }

2014-02-24 23:02:15

by Casey Schaufler

[permalink] [raw]
Subject: Re: [PATCH 6/8] security: smack: Use a more current logging style

On 2/24/2014 2:35 PM, Casey Schaufler wrote:
> On 2/24/2014 1:59 PM, Joe Perches wrote:
>> Convert printks to pr_<level>
>> Add pr_fmt.
>>
>> Signed-off-by: Joe Perches <[email protected]>
> Acked-by: Casey Schaufler <[email protected]>
>
> I will take this into the smack-next tree.

Unless James would rather take the whole set, that is.

>
>> ---
>> security/smack/smack_lsm.c | 7 ++++---
>> security/smack/smackfs.c | 25 +++++++++++--------------
>> 2 files changed, 15 insertions(+), 17 deletions(-)
>>
>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
>> index 14f52be..a273aad 100644
>> --- a/security/smack/smack_lsm.c
>> +++ b/security/smack/smack_lsm.c
>> @@ -18,6 +18,8 @@
>> * as published by the Free Software Foundation.
>> */
>>
>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>> +
>> #include <linux/xattr.h>
>> #include <linux/pagemap.h>
>> #include <linux/mount.h>
>> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
>> if (sock->sk->sk_family == PF_INET) {
>> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
>> if (rc != 0)
>> - printk(KERN_WARNING
>> - "Smack: \"%s\" netlbl error %d.\n",
>> + pr_warn("\"%s\" netlbl error %d\n",
>> __func__, -rc);
>> }
>> } else
>> @@ -3916,7 +3917,7 @@ static __init int smack_init(void)
>> if (tsp == NULL)
>> return -ENOMEM;
>>
>> - printk(KERN_INFO "Smack: Initializing.\n");
>> + pr_info("Initializing\n");
>>
>> /*
>> * Set the security state for the initial task.
>> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
>> index 3198cfe..2e25220 100644
>> --- a/security/smack/smackfs.c
>> +++ b/security/smack/smackfs.c
>> @@ -16,6 +16,8 @@
>> *
>> */
>>
>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>> +
>> #include <linux/kernel.h>
>> #include <linux/vmalloc.h>
>> #include <linux/security.h>
>> @@ -698,8 +700,7 @@ static void smk_cipso_doi(void)
>>
>> rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
>> if (rc != 0)
>> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
>> - __func__, __LINE__, rc);
>> + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc);
>>
>> doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
>> if (doip == NULL)
>> @@ -713,15 +714,13 @@ static void smk_cipso_doi(void)
>>
>> rc = netlbl_cfg_cipsov4_add(doip, &nai);
>> if (rc != 0) {
>> - printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
>> - __func__, __LINE__, rc);
>> + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc);
>> kfree(doip);
>> return;
>> }
>> rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
>> if (rc != 0) {
>> - printk(KERN_WARNING "%s:%d map add rc = %d\n",
>> - __func__, __LINE__, rc);
>> + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc);
>> kfree(doip);
>> return;
>> }
>> @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient)
>> if (oldambient != NULL) {
>> rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
>> if (rc != 0)
>> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
>> - __func__, __LINE__, rc);
>> + pr_warn("%s:%d remove rc = %d\n",
>> + __func__, __LINE__, rc);
>> }
>> if (smack_net_ambient == NULL)
>> smack_net_ambient = &smack_known_floor;
>> @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient)
>> rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
>> NULL, NULL, &nai);
>> if (rc != 0)
>> - printk(KERN_WARNING "%s:%d add rc = %d\n",
>> - __func__, __LINE__, rc);
>> + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc);
>> }
>>
>> /*
>> @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
>>
>> rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
>> if (rc != 0) {
>> - printk(KERN_ERR "%s failed %d while creating inodes\n",
>> - __func__, rc);
>> + pr_err("%s failed %d while creating inodes\n", __func__, rc);
>> return rc;
>> }
>>
>> @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void)
>>
>> err = smk_init_sysfs();
>> if (err)
>> - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
>> + pr_err("smackfs: sysfs mountpoint problem\n");
>>
>> err = register_filesystem(&smk_fs_type);
>> if (!err) {
>> smackfs_mount = kern_mount(&smk_fs_type);
>> if (IS_ERR(smackfs_mount)) {
>> - printk(KERN_ERR "smackfs: could not mount!\n");
>> + pr_err("smackfs: could not mount!\n");
>> err = PTR_ERR(smackfs_mount);
>> smackfs_mount = NULL;
>> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

2014-02-25 02:59:55

by Mimi Zohar

[permalink] [raw]
Subject: Re: [PATCH 3/8] security: integrity: Use a more current logging style

On Mon, 2014-02-24 at 13:59 -0800, Joe Perches wrote:
> Convert printks to pr_<level>.
> Add pr_fmt.
> Remove embedded prefixes.
>
> Signed-off-by: Joe Perches <[email protected]>

Thanks Joe, both this and the keys patch look good.

Signed-off-by: Mimi Zohar <[email protected]>

> ---
> security/integrity/evm/evm_crypto.c | 4 +++-
> security/integrity/evm/evm_main.c | 6 ++++--
> security/integrity/evm/evm_secfs.c | 6 ++++--
> security/integrity/ima/ima_crypto.c | 4 +++-
> security/integrity/ima/ima_init.c | 5 ++++-
> security/integrity/ima/ima_queue.c | 8 +++++---
> security/integrity/ima/ima_template.c | 5 ++++-
> 7 files changed, 27 insertions(+), 11 deletions(-)
>
> diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
> index 3bab89e..9bd329f 100644
> --- a/security/integrity/evm/evm_crypto.c
> +++ b/security/integrity/evm/evm_crypto.c
> @@ -13,6 +13,8 @@
> * Using root's kernel master key (kmk), calculate the HMAC
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/module.h>
> #include <linux/crypto.h>
> #include <linux/xattr.h>
> @@ -221,7 +223,7 @@ int evm_init_hmac(struct inode *inode, const struct xattr *lsm_xattr,
>
> desc = init_desc(EVM_XATTR_HMAC);
> if (IS_ERR(desc)) {
> - printk(KERN_INFO "init_desc failed\n");
> + pr_info("init_desc failed\n");
> return PTR_ERR(desc);
> }
>
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index 336b3dd..996092f 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -14,6 +14,8 @@
> * evm_inode_removexattr, and evm_verifyxattr
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/module.h>
> #include <linux/crypto.h>
> #include <linux/audit.h>
> @@ -432,7 +434,7 @@ static int __init init_evm(void)
>
> error = evm_init_secfs();
> if (error < 0) {
> - printk(KERN_INFO "EVM: Error registering secfs\n");
> + pr_info("Error registering secfs\n");
> goto err;
> }
>
> @@ -449,7 +451,7 @@ static int __init evm_display_config(void)
> char **xattrname;
>
> for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++)
> - printk(KERN_INFO "EVM: %s\n", *xattrname);
> + pr_info("%s\n", *xattrname);
> return 0;
> }
>
> diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
> index 30f670a..cf12a04 100644
> --- a/security/integrity/evm/evm_secfs.c
> +++ b/security/integrity/evm/evm_secfs.c
> @@ -13,6 +13,8 @@
> * - Get the key and enable EVM
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/uaccess.h>
> #include <linux/module.h>
> #include "evm.h"
> @@ -79,9 +81,9 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
> error = evm_init_key();
> if (!error) {
> evm_initialized = 1;
> - pr_info("EVM: initialized\n");
> + pr_info("initialized\n");
> } else
> - pr_err("EVM: initialization failed\n");
> + pr_err("initialization failed\n");
> return count;
> }
>
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index fdf60de..972df659 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -13,6 +13,8 @@
> * Calculates md5/sha1 file hash, template hash, boot-aggreate hash
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/kernel.h>
> #include <linux/file.h>
> #include <linux/crypto.h>
> @@ -205,7 +207,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
> return;
>
> if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0)
> - pr_err("IMA: Error Communicating to TPM chip\n");
> + pr_err("Error Communicating to TPM chip\n");
> }
>
> /*
> diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
> index 3712276..b3bc313 100644
> --- a/security/integrity/ima/ima_init.c
> +++ b/security/integrity/ima/ima_init.c
> @@ -14,6 +14,9 @@
> * File: ima_init.c
> * initialization and cleanup functions
> */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/module.h>
> #include <linux/scatterlist.h>
> #include <linux/slab.h>
> @@ -93,7 +96,7 @@ int __init ima_init(void)
> ima_used_chip = 1;
>
> if (!ima_used_chip)
> - pr_info("IMA: No TPM chip found, activating TPM-bypass!\n");
> + pr_info("No TPM chip found, activating TPM-bypass!\n");
>
> rc = ima_init_crypto();
> if (rc)
> diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
> index d85e997..91128b4 100644
> --- a/security/integrity/ima/ima_queue.c
> +++ b/security/integrity/ima/ima_queue.c
> @@ -18,6 +18,9 @@
> * The measurement list is append-only. No entry is
> * ever removed or changed during the boot-cycle.
> */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/module.h>
> #include <linux/rculist.h>
> #include <linux/slab.h>
> @@ -72,7 +75,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry)
>
> qe = kmalloc(sizeof(*qe), GFP_KERNEL);
> if (qe == NULL) {
> - pr_err("IMA: OUT OF MEMORY ERROR creating queue entry.\n");
> + pr_err("OUT OF MEMORY ERROR creating queue entry\n");
> return -ENOMEM;
> }
> qe->entry = entry;
> @@ -95,8 +98,7 @@ static int ima_pcr_extend(const u8 *hash)
>
> result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
> if (result != 0)
> - pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
> - result);
> + pr_err("Error Communicating to TPM chip, result: %d\n", result);
> return result;
> }
>
> diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
> index 635695f..9a4a0d1 100644
> --- a/security/integrity/ima/ima_template.c
> +++ b/security/integrity/ima/ima_template.c
> @@ -12,6 +12,9 @@
> * File: ima_template.c
> * Helpers to manage template descriptors.
> */
> +
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <crypto/hash_info.h>
>
> #include "ima.h"
> @@ -58,7 +61,7 @@ static int __init ima_template_setup(char *str)
> */
> if (template_len == 3 && strcmp(str, IMA_TEMPLATE_IMA_NAME) == 0 &&
> ima_hash_algo != HASH_ALGO_SHA1 && ima_hash_algo != HASH_ALGO_MD5) {
> - pr_err("IMA: template does not support hash alg\n");
> + pr_err("template does not support hash alg\n");
> return 1;
> }
>

2014-02-25 07:39:36

by James Morris

[permalink] [raw]
Subject: Re: [PATCH 6/8] security: smack: Use a more current logging style

On Mon, 24 Feb 2014, Casey Schaufler wrote:

> On 2/24/2014 2:35 PM, Casey Schaufler wrote:
> > On 2/24/2014 1:59 PM, Joe Perches wrote:
> >> Convert printks to pr_<level>
> >> Add pr_fmt.
> >>
> >> Signed-off-by: Joe Perches <[email protected]>
> > Acked-by: Casey Schaufler <[email protected]>
> >
> > I will take this into the smack-next tree.
>
> Unless James would rather take the whole set, that is.

Yep, I'll take the whole set.


>
> >
> >> ---
> >> security/smack/smack_lsm.c | 7 ++++---
> >> security/smack/smackfs.c | 25 +++++++++++--------------
> >> 2 files changed, 15 insertions(+), 17 deletions(-)
> >>
> >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> >> index 14f52be..a273aad 100644
> >> --- a/security/smack/smack_lsm.c
> >> +++ b/security/smack/smack_lsm.c
> >> @@ -18,6 +18,8 @@
> >> * as published by the Free Software Foundation.
> >> */
> >>
> >> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> >> +
> >> #include <linux/xattr.h>
> >> #include <linux/pagemap.h>
> >> #include <linux/mount.h>
> >> @@ -2106,8 +2108,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
> >> if (sock->sk->sk_family == PF_INET) {
> >> rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
> >> if (rc != 0)
> >> - printk(KERN_WARNING
> >> - "Smack: \"%s\" netlbl error %d.\n",
> >> + pr_warn("\"%s\" netlbl error %d\n",
> >> __func__, -rc);
> >> }
> >> } else
> >> @@ -3916,7 +3917,7 @@ static __init int smack_init(void)
> >> if (tsp == NULL)
> >> return -ENOMEM;
> >>
> >> - printk(KERN_INFO "Smack: Initializing.\n");
> >> + pr_info("Initializing\n");
> >>
> >> /*
> >> * Set the security state for the initial task.
> >> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> >> index 3198cfe..2e25220 100644
> >> --- a/security/smack/smackfs.c
> >> +++ b/security/smack/smackfs.c
> >> @@ -16,6 +16,8 @@
> >> *
> >> */
> >>
> >> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> >> +
> >> #include <linux/kernel.h>
> >> #include <linux/vmalloc.h>
> >> #include <linux/security.h>
> >> @@ -698,8 +700,7 @@ static void smk_cipso_doi(void)
> >>
> >> rc = netlbl_cfg_map_del(NULL, PF_INET, NULL, NULL, &nai);
> >> if (rc != 0)
> >> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
> >> - __func__, __LINE__, rc);
> >> + pr_warn("%s:%d remove rc = %d\n", __func__, __LINE__, rc);
> >>
> >> doip = kmalloc(sizeof(struct cipso_v4_doi), GFP_KERNEL);
> >> if (doip == NULL)
> >> @@ -713,15 +714,13 @@ static void smk_cipso_doi(void)
> >>
> >> rc = netlbl_cfg_cipsov4_add(doip, &nai);
> >> if (rc != 0) {
> >> - printk(KERN_WARNING "%s:%d cipso add rc = %d\n",
> >> - __func__, __LINE__, rc);
> >> + pr_warn("%s:%d cipso add rc = %d\n", __func__, __LINE__, rc);
> >> kfree(doip);
> >> return;
> >> }
> >> rc = netlbl_cfg_cipsov4_map_add(doip->doi, NULL, NULL, NULL, &nai);
> >> if (rc != 0) {
> >> - printk(KERN_WARNING "%s:%d map add rc = %d\n",
> >> - __func__, __LINE__, rc);
> >> + pr_warn("%s:%d map add rc = %d\n", __func__, __LINE__, rc);
> >> kfree(doip);
> >> return;
> >> }
> >> @@ -741,8 +740,8 @@ static void smk_unlbl_ambient(char *oldambient)
> >> if (oldambient != NULL) {
> >> rc = netlbl_cfg_map_del(oldambient, PF_INET, NULL, NULL, &nai);
> >> if (rc != 0)
> >> - printk(KERN_WARNING "%s:%d remove rc = %d\n",
> >> - __func__, __LINE__, rc);
> >> + pr_warn("%s:%d remove rc = %d\n",
> >> + __func__, __LINE__, rc);
> >> }
> >> if (smack_net_ambient == NULL)
> >> smack_net_ambient = &smack_known_floor;
> >> @@ -750,8 +749,7 @@ static void smk_unlbl_ambient(char *oldambient)
> >> rc = netlbl_cfg_unlbl_map_add(smack_net_ambient->smk_known, PF_INET,
> >> NULL, NULL, &nai);
> >> if (rc != 0)
> >> - printk(KERN_WARNING "%s:%d add rc = %d\n",
> >> - __func__, __LINE__, rc);
> >> + pr_warn("%s:%d add rc = %d\n", __func__, __LINE__, rc);
> >> }
> >>
> >> /*
> >> @@ -2302,8 +2300,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent)
> >>
> >> rc = simple_fill_super(sb, SMACK_MAGIC, smack_files);
> >> if (rc != 0) {
> >> - printk(KERN_ERR "%s failed %d while creating inodes\n",
> >> - __func__, rc);
> >> + pr_err("%s failed %d while creating inodes\n", __func__, rc);
> >> return rc;
> >> }
> >>
> >> @@ -2369,13 +2366,13 @@ static int __init init_smk_fs(void)
> >>
> >> err = smk_init_sysfs();
> >> if (err)
> >> - printk(KERN_ERR "smackfs: sysfs mountpoint problem.\n");
> >> + pr_err("smackfs: sysfs mountpoint problem\n");
> >>
> >> err = register_filesystem(&smk_fs_type);
> >> if (!err) {
> >> smackfs_mount = kern_mount(&smk_fs_type);
> >> if (IS_ERR(smackfs_mount)) {
> >> - printk(KERN_ERR "smackfs: could not mount!\n");
> >> + pr_err("smackfs: could not mount!\n");
> >> err = PTR_ERR(smackfs_mount);
> >> smackfs_mount = NULL;
> >> }
> > --
> > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> > the body of a message to [email protected]
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>

--
James Morris
<[email protected]>

2014-02-25 12:58:32

by Tetsuo Handa

[permalink] [raw]
Subject: Re: [PATCH 7/8] security: tomoyo: Use a more current logging style

Joe Perches wrote:
> Convert printks to pr_<level>
> Add pr_fmt to prefix output with "tomoyo: "
> Coalesce formats.
>
> Signed-off-by: Joe Perches <[email protected]>

Acked-by: Tetsuo Handa <[email protected]>

2014-02-25 19:10:12

by Serge Hallyn

[permalink] [raw]
Subject: Re: [PATCH 1/8] security: Use a more current logging style

Quoting Joe Perches ([email protected]):
> Convert printks to pr_<level>.
> Add pr_fmt to prefix output with "security: " or "capability: "
> Coalesce formats.
> Use a generic string for pr_debug to reduce object size.
>
> Signed-off-by: Joe Perches <[email protected]>
> ---

Acked-by: Serge E. Hallyn <[email protected]>

Though should warn_setuid_and_fcaps_mixed be using
pr_info_once()?

> security/capability.c | 16 +++++++++-------
> security/commoncap.c | 15 ++++++++-------
> security/security.c | 4 +++-
> 3 files changed, 20 insertions(+), 15 deletions(-)
>
> diff --git a/security/capability.c b/security/capability.c
> index 8b4f24a..086af9b 100644
> --- a/security/capability.c
> +++ b/security/capability.c
> @@ -10,6 +10,8 @@
> *
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/security.h>
>
> static int cap_syslog(int type)
> @@ -914,13 +916,13 @@ static void cap_audit_rule_free(void *lsmrule)
> #endif /* CONFIG_AUDIT */
>
> #define set_to_cap_if_null(ops, function) \
> - do { \
> - if (!ops->function) { \
> - ops->function = cap_##function; \
> - pr_debug("Had to override the " #function \
> - " security operation with the default.\n");\
> - } \
> - } while (0)
> +do { \
> + if (!ops->function) { \
> + ops->function = cap_##function; \
> + pr_debug("Had to override the %s security operation with the default\n", \
> + #function); \
> + } \
> +} while (0)
>
> void __init security_fixup_ops(struct security_operations *ops)
> {
> diff --git a/security/commoncap.c b/security/commoncap.c
> index b9d613e..b5c3bc4 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -7,6 +7,8 @@
> *
> */
>
> +#define pr_fmt(fmt) "capability: " fmt
> +
> #include <linux/capability.h>
> #include <linux/audit.h>
> #include <linux/module.h>
> @@ -46,9 +48,8 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
> {
> static int warned;
> if (!warned) {
> - printk(KERN_INFO "warning: `%s' has both setuid-root and"
> - " effective capabilities. Therefore not raising all"
> - " capabilities.\n", fname);
> + pr_info("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n",
> + fname);
> warned = 1;
> }
> }
> @@ -448,8 +449,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
> rc = get_vfs_caps_from_disk(dentry, &vcaps);
> if (rc < 0) {
> if (rc == -EINVAL)
> - printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n",
> - __func__, rc, bprm->filename);
> + pr_notice("%s: get_vfs_caps_from_disk returned %d for %s\n",
> + __func__, rc, bprm->filename);
> else if (rc == -ENODATA)
> rc = 0;
> goto out;
> @@ -457,8 +458,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
>
> rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap);
> if (rc == -EINVAL)
> - printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
> - __func__, rc, bprm->filename);
> + pr_notice("%s: cap_from_disk returned %d for %s\n",
> + __func__, rc, bprm->filename);
>
> out:
> dput(dentry);
> diff --git a/security/security.c b/security/security.c
> index 15b6928..53d1885 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -11,6 +11,8 @@
> * (at your option) any later version.
> */
>
> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
> +
> #include <linux/capability.h>
> #include <linux/dcache.h>
> #include <linux/module.h>
> @@ -64,7 +66,7 @@ static void __init do_security_initcalls(void)
> */
> int __init security_init(void)
> {
> - printk(KERN_INFO "Security Framework initialized\n");
> + pr_info("Security Framework initialized\n");
>
> security_fixup_ops(&default_security_ops);
> security_ops = &default_security_ops;
> --
> 1.8.1.2.459.gbcd45b4.dirty
>

2014-02-25 19:34:20

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 1/8] security: Use a more current logging style

On Tue, 2014-02-25 at 13:10 -0600, Serge Hallyn wrote:
> Quoting Joe Perches ([email protected]):
> > Convert printks to pr_<level>.
[]
> Acked-by: Serge E. Hallyn <[email protected]>
>
> Though should warn_setuid_and_fcaps_mixed be using
> pr_info_once()?

Yup, thanks. I'll send a follow-on with your reported-by
if/after this is applied and I'll send a V2 now so James
could apply that instead if that's what he prefers.

> > diff --git a/security/commoncap.c b/security/commoncap.c
[]
> > @@ -46,9 +48,8 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
> > {
> > static int warned;
> > if (!warned) {
> > - printk(KERN_INFO "warning: `%s' has both setuid-root and"
> > - " effective capabilities. Therefore not raising all"
> > - " capabilities.\n", fname);
> > + pr_info("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n",
> > + fname);

pr_info_once(etc...

> > warned = 1;
> > }
> > }

2014-02-25 19:41:14

by Joe Perches

[permalink] [raw]
Subject: [PATCH V2 1/8] security: Use a more current logging style

Convert printks to pr_<level>.
Convert printk with single time guard to pr_info_once.
Add pr_fmt to prefix output with "security: " or "capability: "
Coalesce formats.
Use a generic string for pr_debug to reduce object size.

Signed-off-by: Joe Perches <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Reported-by: Serge Hallyn <[email protected]> (pr_info_once)
---
security/capability.c | 16 +++++++++-------
security/commoncap.c | 19 ++++++++-----------
security/security.c | 4 +++-
3 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/security/capability.c b/security/capability.c
index 8b4f24a..086af9b 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -10,6 +10,8 @@
*
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/security.h>

static int cap_syslog(int type)
@@ -914,13 +916,13 @@ static void cap_audit_rule_free(void *lsmrule)
#endif /* CONFIG_AUDIT */

#define set_to_cap_if_null(ops, function) \
- do { \
- if (!ops->function) { \
- ops->function = cap_##function; \
- pr_debug("Had to override the " #function \
- " security operation with the default.\n");\
- } \
- } while (0)
+do { \
+ if (!ops->function) { \
+ ops->function = cap_##function; \
+ pr_debug("Had to override the %s security operation with the default\n", \
+ #function); \
+ } \
+} while (0)

void __init security_fixup_ops(struct security_operations *ops)
{
diff --git a/security/commoncap.c b/security/commoncap.c
index b9d613e..09da086 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -7,6 +7,8 @@
*
*/

+#define pr_fmt(fmt) "capability: " fmt
+
#include <linux/capability.h>
#include <linux/audit.h>
#include <linux/module.h>
@@ -44,13 +46,8 @@
*/
static void warn_setuid_and_fcaps_mixed(const char *fname)
{
- static int warned;
- if (!warned) {
- printk(KERN_INFO "warning: `%s' has both setuid-root and"
- " effective capabilities. Therefore not raising all"
- " capabilities.\n", fname);
- warned = 1;
- }
+ pr_info_once("warning: `%s' has both setuid-root and effective capabilities, therefore not raising all capabilities\n",
+ fname);
}

int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
@@ -448,8 +445,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c
rc = get_vfs_caps_from_disk(dentry, &vcaps);
if (rc < 0) {
if (rc == -EINVAL)
- printk(KERN_NOTICE "%s: get_vfs_caps_from_disk returned %d for %s\n",
- __func__, rc, bprm->filename);
+ pr_notice("%s: get_vfs_caps_from_disk returned %d for %s\n",
+ __func__, rc, bprm->filename);
else if (rc == -ENODATA)
rc = 0;
goto out;
@@ -457,8 +454,8 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c

rc = bprm_caps_from_vfs_caps(&vcaps, bprm, effective, has_cap);
if (rc == -EINVAL)
- printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
- __func__, rc, bprm->filename);
+ pr_notice("%s: cap_from_disk returned %d for %s\n",
+ __func__, rc, bprm->filename);

out:
dput(dentry);
diff --git a/security/security.c b/security/security.c
index 15b6928..53d1885 100644
--- a/security/security.c
+++ b/security/security.c
@@ -11,6 +11,8 @@
* (at your option) any later version.
*/

+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
#include <linux/capability.h>
#include <linux/dcache.h>
#include <linux/module.h>
@@ -64,7 +66,7 @@ static void __init do_security_initcalls(void)
*/
int __init security_init(void)
{
- printk(KERN_INFO "Security Framework initialized\n");
+ pr_info("Security Framework initialized\n");

security_fixup_ops(&default_security_ops);
security_ops = &default_security_ops;
--
1.8.1.2.459.gbcd45b4.dirty

2014-02-25 20:05:47

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 5/8] security: selinux: Use a more current logging style

On Monday, February 24, 2014 01:59:58 PM Joe Perches wrote:
> Convert printk to pr_<level>.
> Add pr_fmt.
> Coalesce formats, add missing space where appropriate.
> Standardize on one space after "SELinux: " prefix.
>
> Signed-off-by: Joe Perches <[email protected]>

A few minor comments inline ...

> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index fc3e662..f9bb683 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -13,6 +13,9 @@
> * it under the terms of the GNU General Public License version 2,
> * as published by the Free Software Foundation.
> */
> +
> +#define pr_fmt(fmt) "SELinux: " KBUILD_MODNAME ": " fmt
> +

Wouldn't this result in "SELinux: selinux: ..."? If not great, if so, let's
just specify "avc" the old fashioned way.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index d07413d..49a4a3d 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c

> /* Set the security state for the initial task. */
> cred_init_security();
> @@ -5976,9 +5958,9 @@ static __init int selinux_init(void)
> panic("SELinux: Unable to register with kernel.\n");
>
> if (selinux_enforcing)
> - printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
> + printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
> else
> - printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
> + printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
>
> return 0;
> }

What about using 'pr_fmt("...")' in the printks above? Seems like it would
help with consistency.

> @@ -5990,10 +5972,10 @@ static void delayed_superblock_init(struct
> super_block *sb, void *unused)
>
> void selinux_complete_init(void)
> {
> - printk(KERN_DEBUG "SELinux: Completing initialization.\n");
> + printk(KERN_DEBUG "SELinux: Completing initialization\n");
>
> /* Set up any superblocks initialized prior to the policy load. */
> - printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
> + printk(KERN_DEBUG "SELinux: Setting up existing superblocks\n");
> iterate_supers(delayed_superblock_init, NULL);
> }

Same.

> @@ -6055,7 +6037,7 @@ static int __init selinux_nf_ip_init(void)
> if (!selinux_enabled)
> goto out;
>
> - printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
> + printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
>
> err = nf_register_hooks(selinux_ipv4_ops, ARRAY_SIZE(selinux_ipv4_ops));
> if (err)
> @@ -6076,7 +6058,7 @@ __initcall(selinux_nf_ip_init);
> #ifdef CONFIG_SECURITY_SELINUX_DISABLE
> static void selinux_nf_ip_exit(void)
> {
> - printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
> + printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");

Same.

> diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> index d353797..20a4ed0 100644
> --- a/security/selinux/netport.c
> +++ b/security/selinux/netport.c
> @@ -12,7 +12,6 @@
> * (see security/selinux/netif.c for more information)
> *
> */
> -
> /*
> * (c) Copyright Hewlett-Packard Development Company, L.P., 2008
> *

Whitespace noise.

> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index c0f4988..ff9e193 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -25,6 +25,8 @@
> * the Free Software Foundation, version 2.
> */
>
> +#define pr_fmt(fmt) "SELinux: " fmt
> +
> #include <linux/kernel.h>
> #include <linux/sched.h>
> #include <linux/slab.h>
> @@ -515,14 +517,14 @@ static int policydb_index(struct policydb *p)
> {
> int i, rc;
>
> - printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
> + printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
> p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
> p->p_bools.nprim); if (p->mls_enabled)
> printk(", %d sens, %d cats", p->p_levels.nprim,
> p->p_cats.nprim);
> printk("\n");
>
> - printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
> + printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
> p->p_classes.nprim, p->te_avtab.nel);

More potential 'pr_fmt(x)' uses ...

--
paul moore
http://www.paul-moore.com

2014-02-25 20:20:39

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 5/8] security: selinux: Use a more current logging style

On Tue, 2014-02-25 at 15:05 -0500, Paul Moore wrote:
> On Monday, February 24, 2014 01:59:58 PM Joe Perches wrote:
> > Convert printk to pr_<level>.
> > Add pr_fmt.
> > Coalesce formats, add missing space where appropriate.
> > Standardize on one space after "SELinux: " prefix.
> >
> > Signed-off-by: Joe Perches <[email protected]>
>
> A few minor comments inline ...
>
> > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
[]
> > @@ -13,6 +13,9 @@
> > * it under the terms of the GNU General Public License version 2,
> > * as published by the Free Software Foundation.
> > */
> > +
> > +#define pr_fmt(fmt) "SELinux: " KBUILD_MODNAME ": " fmt
> > +
>
> Wouldn't this result in "SELinux: selinux: ..."? If not great, if so, let's
> just specify "avc" the old fashioned way.

Yup, you're right. Thanks. I stuffed that one up.

$ strings security/selinux/avc.o | grep "^[0-6]"
4SELinux: selinux: seqno %d < latest_notif %d

I'll send a v2.

> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
[]
> > @@ -5976,9 +5958,9 @@ static __init int selinux_init(void)
> > panic("SELinux: Unable to register with kernel.\n");
> >
> > if (selinux_enforcing)
> > - printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
> > + printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
> > else
> > - printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
> > + printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");

These printks should/will be converted to pr_debug in a
separate patch. I didn't want to mix these conversions
with the other pr_<level> ones.

2014-02-26 00:56:26

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 6/8] security: smack: Use a more current logging style

On Tue, 2014-02-25 at 18:53 -0600, Kodiak Furr wrote:
> Chghf1111111111

Sorry, I can't read this.

2014-02-26 07:31:56

by John Johansen

[permalink] [raw]
Subject: Re: [PATCH 2/8] security: apparmor: Use a more current logging style

On 02/24/2014 01:59 PM, Joe Perches wrote:
> Convert printks to pr_<level>.
> Add pr_fmt.
> Coalesce formats.
> Remove embedded prefixes from logging.
>

you missed one place,

--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -50,7 +50,7 @@ extern unsigned int aa_g_path_max;
#define AA_DEBUG(fmt, args...) \
do { \
if (aa_g_debug && printk_ratelimit()) \
- printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
+ pr_debug(fmt, ##args); \
} while (0)

#define AA_ERROR(fmt, args...) \

other than that looks good.

> Signed-off-by: Joe Perches <[email protected]>
Acked-by: John Johansen <[email protected]>

> ---
> security/apparmor/apparmorfs.c | 2 ++
> security/apparmor/crypto.c | 2 ++
> security/apparmor/include/apparmor.h | 2 +-
> security/apparmor/lib.c | 4 +++-
> security/apparmor/lsm.c | 2 ++
> security/apparmor/match.c | 5 +++--
> security/apparmor/policy.c | 2 ++
> security/apparmor/procattr.c | 2 ++
> 8 files changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 7db9954..d4b65cc 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -12,6 +12,8 @@
> * License.
> */
>
> +#define pr_fmt(fmt) "AppArmor: " fmt
> +
> #include <linux/ctype.h>
> #include <linux/security.h>
> #include <linux/vmalloc.h>
> diff --git a/security/apparmor/crypto.c b/security/apparmor/crypto.c
> index 532471d..9506544 100644
> --- a/security/apparmor/crypto.c
> +++ b/security/apparmor/crypto.c
> @@ -15,6 +15,8 @@
> * it should be.
> */
>
> +#define pr_fmt(fmt) "AppArmor: " fmt
> +
> #include <crypto/hash.h>
>
> #include "include/apparmor.h"
> diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
> index 8fb1488..3065025 100644
> --- a/security/apparmor/include/apparmor.h
> +++ b/security/apparmor/include/apparmor.h
> @@ -56,7 +56,7 @@ extern unsigned int aa_g_path_max;
> #define AA_ERROR(fmt, args...) \
> do { \
> if (printk_ratelimit()) \
> - printk(KERN_ERR "AppArmor: " fmt, ##args); \
> + pr_err(fmt, ##args); \
> } while (0)
>
> /* Flag indicating whether initialization completed */
> diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c
> index 6968992..432b1b6 100644
> --- a/security/apparmor/lib.c
> +++ b/security/apparmor/lib.c
> @@ -12,6 +12,8 @@
> * License.
> */
>
> +#define pr_fmt(fmt) "AppArmor: " fmt
> +
> #include <linux/mm.h>
> #include <linux/slab.h>
> #include <linux/string.h>
> @@ -73,7 +75,7 @@ void aa_info_message(const char *str)
> aad.info = str;
> aa_audit_msg(AUDIT_APPARMOR_STATUS, &sa, NULL);
> }
> - printk(KERN_INFO "AppArmor: %s\n", str);
> + pr_info("%s\n", str);
> }
>
> /**
> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> index 9981000..49f0180 100644
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -12,6 +12,8 @@
> * License.
> */
>
> +#define pr_fmt(fmt) "AppArmor: " fmt
> +
> #include <linux/security.h>
> #include <linux/moduleparam.h>
> #include <linux/mm.h>
> diff --git a/security/apparmor/match.c b/security/apparmor/match.c
> index 727eb42..688482a 100644
> --- a/security/apparmor/match.c
> +++ b/security/apparmor/match.c
> @@ -12,6 +12,8 @@
> * License.
> */
>
> +#define pr_fmt(fmt) "AppArmor: " fmt
> +
> #include <linux/errno.h>
> #include <linux/kernel.h>
> #include <linux/mm.h>
> @@ -140,8 +142,7 @@ static int verify_dfa(struct aa_dfa *dfa, int flags)
> if (DEFAULT_TABLE(dfa)[i] >= state_count)
> goto out;
> if (base_idx(BASE_TABLE(dfa)[i]) + 255 >= trans_count) {
> - printk(KERN_ERR "AppArmor DFA next/check upper "
> - "bounds error\n");
> + pr_err("DFA next/check upper bounds error\n");
> goto out;
> }
> }
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index 705c287..4e20c1f 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -73,6 +73,8 @@
> * FIXME: move profile lists to using rcu_lists
> */
>
> +#define pr_fmt(fmt) "AppArmor: " fmt
> +
> #include <linux/slab.h>
> #include <linux/spinlock.h>
> #include <linux/string.h>
> diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
> index b125acc..c105fc5 100644
> --- a/security/apparmor/procattr.c
> +++ b/security/apparmor/procattr.c
> @@ -12,6 +12,8 @@
> * License.
> */
>
> +#define pr_fmt(fmt) "AppArmor: " fmt
> +
> #include "include/apparmor.h"
> #include "include/context.h"
> #include "include/policy.h"
>

2014-02-26 14:43:21

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 2/8] security: apparmor: Use a more current logging style

On Tue, 2014-02-25 at 23:31 -0800, John Johansen wrote:
> On 02/24/2014 01:59 PM, Joe Perches wrote:
> > Convert printks to pr_<level>.
> > Add pr_fmt.
> > Coalesce formats.
> > Remove embedded prefixes from logging.
> >
>
> you missed one place,

No, not really.

pr_debug differs from printk(KERN_DEBUG in that
pr_debug is only enabled with a #define DEBUG
or CONFIG_DYNAMIC_DEBUG setting.

I did not want to convert any of the printks
with KERN_DEBUG in this pass as that would
change the message logging by requiring
dynamic debugging be included in the CONFIG.

A subsequent pass converting these uses will
be done if or after these initial patches are
applied.

thanks, Joe

> --- a/security/apparmor/include/apparmor.h
> +++ b/security/apparmor/include/apparmor.h
> @@ -50,7 +50,7 @@ extern unsigned int aa_g_path_max;
> #define AA_DEBUG(fmt, args...) \
> do { \
> if (aa_g_debug && printk_ratelimit()) \
> - printk(KERN_DEBUG "AppArmor: " fmt, ##args); \
> + pr_debug(fmt, ##args); \
> } while (0)
>
> #define AA_ERROR(fmt, args...) \
>
> other than that looks good.
>
> > Signed-off-by: Joe Perches <[email protected]>
> Acked-by: John Johansen <[email protected]>