From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D27D0C10F11 for ; Wed, 10 Apr 2019 18:02:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B23C4206BA for ; Wed, 10 Apr 2019 18:02:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730728AbfDJSCL (ORCPT ); Wed, 10 Apr 2019 14:02:11 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:40800 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728749AbfDJSCK (ORCPT ); Wed, 10 Apr 2019 14:02:10 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.92 #3 (Red Hat Linux)) id 1hEHXp-0008Fj-1d; Wed, 10 Apr 2019 18:01:57 +0000 Date: Wed, 10 Apr 2019 19:01:57 +0100 From: Al Viro To: James Morris Cc: Kangjie Lu , pakki001@umn.edu, "Serge E. Hallyn" , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] security: inode: fix a missing check for securityfs_create_file Message-ID: <20190410180156.GZ2217@ZenIV.linux.org.uk> References: <20190315210025.17832-1-kjlu@umn.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: On Thu, Apr 11, 2019 at 03:34:43AM +1000, James Morris wrote: > On Fri, 15 Mar 2019, Kangjie Lu wrote: > > > securityfs_create_file may fail. The fix checks its status and > > returns the error code upstream if it fails. > > > > Signed-off-by: Kangjie Lu > > > > Applied to > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-general > > > --- > > Return the exact error code upstream. > > --- > > security/inode.c | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/security/inode.c b/security/inode.c > > index b7772a9b315e..667f8b15027d 100644 > > --- a/security/inode.c > > +++ b/security/inode.c > > @@ -339,6 +339,11 @@ static int __init securityfs_init(void) > > #ifdef CONFIG_SECURITY > > lsm_dentry = securityfs_create_file("lsm", 0444, NULL, NULL, > > &lsm_ops); > > + if (IS_ERR(lsm_dentry)) { > > + unregister_filesystem(&fs_type); > > + sysfs_remove_mount_point(kernel_kobj, "security"); > > + return PTR_ERR(lsm_dentry); > > + } Rather bad way to do it - generally, register_filesystem() should be the last thing done by initialization. Any modular code that does unregister_filesystem() on failure exit is flat-out broken; here it's not instantly FUBAR, but it's a bloody bad example. What's more, why not let simple_fill_super() do it? Just static int fill_super(struct super_block *sb, void *data, int silent) { static const struct tree_descr files[] = { #ifdef CONFIG_SECURITY {"lsm", &lsm_ops, 0444}, #endif {""} }; and to hell with that call of securityfs_create_file() and all its failure handling...