lsm: move the io_uring hook comments to security/security.c

This patch relocates the LSM hook function comments to the function
definitions, in keeping with the current kernel conventions.  This
should make the hook descriptions more easily discoverable and easier
to maintain.

While formatting changes have been done to better fit the kernel-doc
style, content changes have been kept to a minimum and limited to
text which was obviously incorrect and/or outdated.  It is expected
the future patches will improve the quality of the function header
comments.

Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 3d8d430e271adef723c14cd927317efcca3fe1e6..8e006df1db568d2fcefc3fa45237a9ede95de3c3 100644 (file)
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -196,23 +196,6 @@
  *     @what: kernel feature being accessed.
  *     Return 0 if permission is granted.
  *
- * Security hooks for io_uring
- *
- * @uring_override_creds:
- *     Check if the current task, executing an io_uring operation, is allowed
- *     to override it's credentials with @new.
- *     @new: the new creds to use.
- *     Return 0 if permission is granted.
- *
- * @uring_sqpoll:
- *     Check whether the current task is allowed to spawn a io_uring polling
- *     thread (IORING_SETUP_SQPOLL).
- *     Return 0 if permission is granted.
- *
- * @uring_cmd:
- *     Check whether the file_operations uring_cmd is allowed to run.
- *     Return 0 if permission is granted.
- *
  */
 union security_list_options {
        #define LSM_HOOK(RET, DEFAULT, NAME, ...) RET (*NAME)(__VA_ARGS__);

diff --git a/security/security.c b/security/security.c
index 47506ae1b1871a34791616a086b51467ae682541..af1db3fa7cd0fb70e0dc66a9273c5bae8852d82c 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -4993,15 +4993,41 @@ int security_perf_event_write(struct perf_event *event)
 #endif /* CONFIG_PERF_EVENTS */
 
 #ifdef CONFIG_IO_URING
+/**
+ * security_uring_override_creds() - Check if overriding creds is allowed
+ * @new: new credentials
+ *
+ * Check if the current task, executing an io_uring operation, is allowed to
+ * override it's credentials with @new.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
 int security_uring_override_creds(const struct cred *new)
 {
        return call_int_hook(uring_override_creds, 0, new);
 }
 
+/**
+ * security_uring_sqpoll() - Check if IORING_SETUP_SQPOLL is allowed
+ *
+ * Check whether the current task is allowed to spawn a io_uring polling thread
+ * (IORING_SETUP_SQPOLL).
+ *
+ * Return: Returns 0 if permission is granted.
+ */
 int security_uring_sqpoll(void)
 {
        return call_int_hook(uring_sqpoll, 0);
 }
+
+/**
+ * security_uring_cmd() - Check if a io_uring passthrough command is allowed
+ * @ioucmd: command
+ *
+ * Check whether the file_operations uring_cmd is allowed to run.
+ *
+ * Return: Returns 0 if permission is granted.
+ */
 int security_uring_cmd(struct io_uring_cmd *ioucmd)
 {
        return call_int_hook(uring_cmd, 0, ioucmd);