From: Simon Horman <horms@kernel.org>
To: Xu Kuohai <xukuohai@huaweicloud.com>
Cc: bpf@vger.kernel.org, netdev@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-integrity@vger.kernel.org,
apparmor@lists.ubuntu.com, selinux@vger.kernel.org,
Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
Matt Bobrowski <mattbobrowski@google.com>,
Brendan Jackman <jackmanb@chromium.org>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
Khadija Kamran <kamrankhadijadj@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
Kees Cook <keescook@chromium.org>,
John Johansen <john.johansen@canonical.com>,
Lukas Bulwahn <lukas.bulwahn@gmail.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Shung-Hsi Yu <shung-hsi.yu@suse.com>,
Edward Cree <ecree.xilinx@gmail.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>,
Trond Myklebust <trond.myklebust@hammerspace.com>,
Anna Schumaker <anna@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>
Subject: Re: [PATCH bpf-next v4 03/20] lsm: Refactor return value of LSM hook inode_getsecurity
Date: Fri, 12 Jul 2024 14:31:41 +0100 [thread overview]
Message-ID: <20240712133141.GB120802@kernel.org> (raw)
In-Reply-To: <20240711111908.3817636-4-xukuohai@huaweicloud.com>
On Thu, Jul 11, 2024 at 07:18:51PM +0800, Xu Kuohai wrote:
> From: Xu Kuohai <xukuohai@huawei.com>
>
> To be consistent with most LSM hooks, convert the return value of
> hook inode_getsecurity to 0 or a negative error code.
>
> Before:
> - Hook inode_getsecurity returns size of buffer on success or a
> negative error code on failure.
>
> After:
> - Hook inode_getsecurity returns 0 on success or a negative error
> code on failure. An output parameter @len is introduced to hold
> the buffer size on success.
>
> Signed-off-by: Xu Kuohai <xukuohai@huawei.com>
> ---
> fs/xattr.c | 19 ++++++++++---------
> include/linux/lsm_hook_defs.h | 3 ++-
> include/linux/security.h | 12 ++++++------
> security/commoncap.c | 9 ++++++---
> security/security.c | 11 ++++++-----
> security/selinux/hooks.c | 16 ++++++----------
> security/smack/smack_lsm.c | 14 +++++++-------
> 7 files changed, 43 insertions(+), 41 deletions(-)
>
> diff --git a/fs/xattr.c b/fs/xattr.c
> index f8b643f91a98..f4e3bedf7272 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -339,27 +339,28 @@ xattr_getsecurity(struct mnt_idmap *idmap, struct inode *inode,
> const char *name, void *value, size_t size)
> {
> void *buffer = NULL;
> - ssize_t len;
> + int error;
> + u32 len;
>
> if (!value || !size) {
> - len = security_inode_getsecurity(idmap, inode, name,
> - &buffer, false);
> + error = security_inode_getsecurity(idmap, inode, name,
> + false, &buffer, &len);
> goto out_noalloc;
> }
>
> - len = security_inode_getsecurity(idmap, inode, name, &buffer,
> - true);
> - if (len < 0)
> - return len;
> + error = security_inode_getsecurity(idmap, inode, name, true,
> + &buffer, &len);
> + if (error)
> + return error;
> if (size < len) {
> - len = -ERANGE;
> + error = -ERANGE;
> goto out;
> }
> memcpy(value, buffer, len);
> out:
> kfree(buffer);
> out_noalloc:
> - return len;
> + return error < 0 ? error : len;
Hi Xu Kuohai,
len is an unsigned 32-bit entity, but the return type of this function
is an unsigned value (ssize_t). So in theory, if len is very large,
a negative error value error will be returned.
> }
Similarly for the handling of nattr in lsm_get_self_attr in
lsm_syscalls.c in a subsequent patch.
Flagged by Smatch.
...
next prev parent reply other threads:[~2024-07-12 13:31 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-11 11:18 [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 01/20] lsm: Refactor return value of LSM hook vm_enough_memory Xu Kuohai
2024-07-11 13:46 ` Serge Hallyn
2024-07-19 2:07 ` [PATCH v4 1/20] " Paul Moore
2024-07-11 11:18 ` [PATCH bpf-next v4 02/20] lsm: Refactor return value of LSM hook inode_need_killpriv Xu Kuohai
2024-07-11 14:15 ` Serge Hallyn
2024-07-13 8:06 ` Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 2/20] " Paul Moore
2024-07-20 9:27 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 03/20] lsm: Refactor return value of LSM hook inode_getsecurity Xu Kuohai
2024-07-12 13:31 ` Simon Horman [this message]
2024-07-13 8:07 ` Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 3/20] " Paul Moore
2024-07-20 9:28 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 04/20] lsm: Refactor return value of LSM hook inode_listsecurity Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 4/20] " Paul Moore
2024-07-20 9:29 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 05/20] lsm: Refactor return value of LSM hook inode_copy_up_xattr Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 5/20] " Paul Moore
2024-07-20 9:29 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 06/20] lsm: Refactor return value of LSM hook getselfattr Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 6/20] " Paul Moore
2024-07-20 9:30 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 07/20] lsm: Refactor return value of LSM hook setprocattr Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 7/20] " Paul Moore
2024-07-20 9:31 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 08/20] lsm: Refactor return value of LSM hook getprocattr Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 8/20] " Paul Moore
2024-07-20 9:30 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 09/20] lsm: Refactor return value of LSM hook key_getsecurity Xu Kuohai
2024-07-19 2:08 ` [PATCH v4 9/20] " Paul Moore
2024-07-20 9:31 ` Xu Kuohai
2024-07-22 21:35 ` Paul Moore
2024-07-23 7:04 ` Xu Kuohai
2024-07-23 18:34 ` Paul Moore
2024-07-11 11:18 ` [PATCH bpf-next v4 10/20] lsm: Refactor return value of LSM hook audit_rule_match Xu Kuohai
2024-07-19 2:08 ` [PATCH " Paul Moore
2024-07-20 9:31 ` Xu Kuohai
2024-07-11 11:18 ` [PATCH bpf-next v4 11/20] bpf, lsm: Add disabled BPF LSM hook list Xu Kuohai
2024-07-12 17:56 ` Alexei Starovoitov
2024-07-13 8:11 ` Xu Kuohai
2024-07-11 11:19 ` [PATCH bpf-next v4 12/20] bpf, lsm: Enable BPF LSM prog to read/write return value parameters Xu Kuohai
2024-07-12 15:56 ` [PATCH bpf-next v4 00/20] Add return value range check for BPF LSM Paul Moore
2024-07-12 16:00 ` Paul Moore
2024-07-12 21:44 ` Paul Moore
2024-07-19 2:13 ` Paul Moore
2024-07-19 3:55 ` Xu Kuohai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240712133141.GB120802@kernel.org \
--to=horms@kernel.org \
--cc=andrii@kernel.org \
--cc=anna@kernel.org \
--cc=apparmor@lists.ubuntu.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=casey@schaufler-ca.com \
--cc=daniel@iogearbox.net \
--cc=ecree.xilinx@gmail.com \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=jackmanb@chromium.org \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=john.johansen@canonical.com \
--cc=jolsa@kernel.org \
--cc=kamrankhadijadj@gmail.com \
--cc=keescook@chromium.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lukas.bulwahn@gmail.com \
--cc=martin.lau@linux.dev \
--cc=mattbobrowski@google.com \
--cc=netdev@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=pabeni@redhat.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=sdf@google.com \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=shung-hsi.yu@suse.com \
--cc=song@kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=trond.myklebust@hammerspace.com \
--cc=viro@zeniv.linux.org.uk \
--cc=xukuohai@huaweicloud.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.