From fe92c88fd99392eda0b71acfe933a4d9277685ee Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <>
Date: Thu, 9 Sep 2021 12:18:29 +0200
Subject: [PATCH 125/166] smack: Guard smack_ipv6_lock definition within a

The mutex smack_ipv6_lock is only used with the SMACK_IPV6_PORT_LABELING
block but its definition is outside of the block. This leads to a
defined-but-not-used warning on PREEMPT_RT.

Moving smack_ipv6_lock down to the block where it is used where it used
raises the question why is smk_ipv6_port_list read if nothing is added
to it.
Turns out, only smk_ipv6_port_check() is using it outside of an ifdef
SMACK_IPV6_PORT_LABELING block. However two of three caller invoke
smk_ipv6_port_check() from a ifdef block and only one is using
__is_defined() macro which requires the function and smk_ipv6_port_list
to be around.

Put the lock and list inside an ifdef SMACK_IPV6_PORT_LABELING block to
avoid the warning regarding unused mutex. Extend the ifdef-block to also
cover smk_ipv6_port_check(). Make smack_socket_connect() use ifdef
instead of __is_defined() to avoid complains about missing function.

Cc: Casey Schaufler <>
Cc: James Morris <>
Cc: "Serge E. Hallyn" <>
Signed-off-by: Sebastian Andrzej Siewior <>
 security/smack/smack_lsm.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

Index: linux-5.15.32-rt39/security/smack/smack_lsm.c
@ linux-5.15.32-rt39/security/smack/smack_lsm.c:54 @
 #define SMK_RECEIVING	1
 #define SMK_SENDING	2
 static DEFINE_MUTEX(smack_ipv6_lock);
 static LIST_HEAD(smk_ipv6_port_list);
 struct kmem_cache *smack_rule_cache;
 int smack_enabled __initdata;
@ linux-5.15.32-rt39/security/smack/smack_lsm.c:2608 @ static void smk_ipv6_port_label(struct s
  * smk_ipv6_port_check - check Smack port access
@ linux-5.15.32-rt39/security/smack/smack_lsm.c:2670 @ static int smk_ipv6_port_check(struct so
 	return smk_ipv6_check(skp, object, address, act);
  * smack_inode_setsecurity - set smack xattrs
@ linux-5.15.32-rt39/security/smack/smack_lsm.c:2857 @ static int smack_socket_connect(struct s
 			rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
-		if (__is_defined(SMACK_IPV6_PORT_LABELING))
-			rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
+		rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
 		return rc;