Re: [RFC][PATCH] trimming includes from linux/security.h
From: Paul Gortmaker
Date: Wed Nov 30 2011 - 15:41:10 EST
On Wed, Nov 30, 2011 at 1:50 AM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
> linux/security.h pulls a lot of garbage; most of it can be avoided
> by several more struct ....; added in there, the rest is a matter of adding
> explicit includes in places that (weirdly) relied on security.h to pull
> what they wanted. Plus taking round_hit_to_min() to the only place using
> it (mm/mmap.c)...
>
> NOTE: it almost certainly won't build on some configs; it *does*
> survive allmodconfig on amd64, but that's all it had been tested on. Help
> with review and (build-)testing would be very appreciated... Fortunately,
> all breakage will show up on build, which makes finding it less painful.
>
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Hi Al,
I did some testing on this for powerpc and arm. The one snag I came
across was that security.h uses things like current->mm and fields in
task_struct, so you get fallout like I've pasted below. But to put
sched.h (and all its 300 sub-includes) back into security.h kind of
defeats the purpose of what you were trying to do, I think.
A proper fix would be to somehow really make security.h a real
standalone header, via using defines instead of inlines or similar?
For now, I just added sched.h to the files that were breaking, but
it seems wrong to penalize random C files for the breakage in the
security.h header file.
This tree seems to survive most powerpc and arm defconfigs:
http://git.kernel.org/?p=linux/kernel/git/paulg/linux.git;a=shortlog;h=refs/heads/al-security-Nov30
but as I said above, I'm not really liking the last commit on it
that adds sched.h to 20-odd files.
Paul.
---
In file included from /home/paul/git/linux-head/fs/super.c:28:
/home/paul/git/linux-head/include/linux/security.h: In function
'security_real_capable':
/home/paul/git/linux-head/include/linux/security.h:1890: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1890: warning: type
defaults to 'int' in declaration of '_________p1'
/home/paul/git/linux-head/include/linux/security.h:1890: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1890: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1890: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1890: warning: type
defaults to 'int' in declaration of 'type name'
/home/paul/git/linux-head/include/linux/security.h:1890: warning: type
defaults to 'int' in declaration of 'type name'
/home/paul/git/linux-head/include/linux/security.h:1890: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1890: warning: type
defaults to 'int' in declaration of 'type name'
/home/paul/git/linux-head/include/linux/security.h:1890: warning:
passing argument 2 of 'cap_capable' from incompatible pointer type
/home/paul/git/linux-head/include/linux/security.h:71: note: expected
'const struct cred *' but argument is of type 'int *'
/home/paul/git/linux-head/include/linux/security.h: In function
'security_real_capable_noaudit':
/home/paul/git/linux-head/include/linux/security.h:1901: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1901: warning: type
defaults to 'int' in declaration of '_________p1'
/home/paul/git/linux-head/include/linux/security.h:1901: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1901: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1901: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1901: warning: type
defaults to 'int' in declaration of 'type name'
/home/paul/git/linux-head/include/linux/security.h:1901: warning: type
defaults to 'int' in declaration of 'type name'
/home/paul/git/linux-head/include/linux/security.h:1901: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1901: warning: type
defaults to 'int' in declaration of 'type name'
/home/paul/git/linux-head/include/linux/security.h:1902: warning:
passing argument 2 of 'cap_capable' from incompatible pointer type
/home/paul/git/linux-head/include/linux/security.h:71: note: expected
'const struct cred *' but argument is of type 'int *'
/home/paul/git/linux-head/include/linux/security.h: In function
'security_vm_enough_memory':
/home/paul/git/linux-head/include/linux/security.h:1931: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h:1932: error:
dereferencing pointer to incomplete type
/home/paul/git/linux-head/include/linux/security.h: In function
'security_vm_enough_memory_kern':
/home/paul/git/linux-head/include/linux/security.h:1945: error:
dereferencing pointer to incomplete type
make[3]: *** [fs/super.o] Error 1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/