Linux Security Modules development
 help / color / mirror / Atom feed
* [PATCH -next] lockdown: Add break in lockdown_write
@ 2026-01-19  9:12 Cai Xinchen
  2026-01-22  9:31 ` Xiu Jianfeng
  0 siblings, 1 reply; 5+ messages in thread
From: Cai Xinchen @ 2026-01-19  9:12 UTC (permalink / raw)
  To: nicolas.bouchinet, xiujianfeng, paul, jmorris, serge
  Cc: linux-security-module, linux-kernel, caixinchen1

After the label is matched successful, any other levels judgements
are meaningless. Therefore, add break to return early

Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
---
 security/lockdown/lockdown.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 8d46886d2cca..263dcc80d839 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -139,8 +139,10 @@ static ssize_t lockdown_write(struct file *file, const char __user *buf,
 		enum lockdown_reason level = lockdown_levels[i];
 		const char *label = lockdown_reasons[level];
 
-		if (label && !strcmp(state, label))
+		if (label && !strcmp(state, label)) {
 			err = lock_kernel_down("securityfs", level);
+			break;
+		}
 	}
 
 	kfree(state);
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH -next] lockdown: Add break in lockdown_write
  2026-01-19  9:12 [PATCH -next] lockdown: Add break in lockdown_write Cai Xinchen
@ 2026-01-22  9:31 ` Xiu Jianfeng
  2026-01-22 17:41   ` Paul Moore
  0 siblings, 1 reply; 5+ messages in thread
From: Xiu Jianfeng @ 2026-01-22  9:31 UTC (permalink / raw)
  To: Cai Xinchen, nicolas.bouchinet, paul, jmorris, serge
  Cc: linux-security-module, linux-kernel

On 1/19/2026 5:12 PM, Cai Xinchen wrote:
> After the label is matched successful, any other levels judgements
> are meaningless. Therefore, add break to return early
> 
> Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>

Looks good to me, thanks.

Acked-by: Xiu Jianfeng <xiujianfeng@huawei.com>

Paul,

Would you mind if this patch went through the LSM tree? :)

Best regards
Xiu Jianfeng

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH -next] lockdown: Add break in lockdown_write
  2026-01-22  9:31 ` Xiu Jianfeng
@ 2026-01-22 17:41   ` Paul Moore
  2026-07-02 16:50     ` Paul Moore
  0 siblings, 1 reply; 5+ messages in thread
From: Paul Moore @ 2026-01-22 17:41 UTC (permalink / raw)
  To: Xiu Jianfeng
  Cc: Cai Xinchen, nicolas.bouchinet, jmorris, serge,
	linux-security-module, linux-kernel

On Thu, Jan 22, 2026 at 4:31 AM Xiu Jianfeng <xiujianfeng@huawei.com> wrote:
> On 1/19/2026 5:12 PM, Cai Xinchen wrote:
> > After the label is matched successful, any other levels judgements
> > are meaningless. Therefore, add break to return early
> >
> > Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
>
> Looks good to me, thanks.
>
> Acked-by: Xiu Jianfeng <xiujianfeng@huawei.com>
>
> Paul,
>
> Would you mind if this patch went through the LSM tree? :)

Assuming Nicolas is okay with that, I can take this through the LSM tree.

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH -next] lockdown: Add break in lockdown_write
  2026-01-22 17:41   ` Paul Moore
@ 2026-07-02 16:50     ` Paul Moore
  2026-07-03  7:39       ` Nicolas Bouchinet
  0 siblings, 1 reply; 5+ messages in thread
From: Paul Moore @ 2026-07-02 16:50 UTC (permalink / raw)
  To: Xiu Jianfeng, nicolas.bouchinet
  Cc: Cai Xinchen, jmorris, serge, linux-security-module, linux-kernel

On Thu, Jan 22, 2026 at 12:41 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Thu, Jan 22, 2026 at 4:31 AM Xiu Jianfeng <xiujianfeng@huawei.com> wrote:
> > On 1/19/2026 5:12 PM, Cai Xinchen wrote:
> > > After the label is matched successful, any other levels judgements
> > > are meaningless. Therefore, add break to return early
> > >
> > > Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
> >
> > Looks good to me, thanks.
> >
> > Acked-by: Xiu Jianfeng <xiujianfeng@huawei.com>
> >
> > Paul,
> >
> > Would you mind if this patch went through the LSM tree? :)
>
> Assuming Nicolas is okay with that, I can take this through the LSM tree.

Following up on this as I never saw a response on-list and the patch
doesn't appear to be in Linus' tree.

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH -next] lockdown: Add break in lockdown_write
  2026-07-02 16:50     ` Paul Moore
@ 2026-07-03  7:39       ` Nicolas Bouchinet
  0 siblings, 0 replies; 5+ messages in thread
From: Nicolas Bouchinet @ 2026-07-03  7:39 UTC (permalink / raw)
  To: Paul Moore
  Cc: Xiu Jianfeng, Cai Xinchen, jmorris, serge, linux-security-module,
	linux-kernel

On Thu, Jul 02, 2026 at 12:50:18PM -0400, Paul Moore wrote:
> On Thu, Jan 22, 2026 at 12:41???PM Paul Moore <paul@paul-moore.com> wrote:
> >
> > On Thu, Jan 22, 2026 at 4:31???AM Xiu Jianfeng <xiujianfeng@huawei.com> wrote:
> > > On 1/19/2026 5:12 PM, Cai Xinchen wrote:
> > > > After the label is matched successful, any other levels judgements
> > > > are meaningless. Therefore, add break to return early
> > > >
> > > > Signed-off-by: Cai Xinchen <caixinchen1@huawei.com>
> > >
> > > Looks good to me, thanks.
> > >
> > > Acked-by: Xiu Jianfeng <xiujianfeng@huawei.com>
> > >
> > > Paul,
> > >
> > > Would you mind if this patch went through the LSM tree? :)
> >
> > Assuming Nicolas is okay with that, I can take this through the LSM tree.
> 
> Following up on this as I never saw a response on-list and the patch
> doesn't appear to be in Linus' tree.

Your right, my bad,

First of all, thanks Cai for your contribution and I appologize for the
really late reply.

This is pretty much the same kind of patch as [1], while it effectively
cleans up Lockdown code, in my opinion it doesn't directly add much. I'd
personally prefer to keep those small patches on hold for now, waiting
for a bigger review of Lockdown's code where I will pick them both up.
Sadly, I really don't have much time to work on this right now.

Nicolas

---

[1]: https://lore.kernel.org/all/20260501174448.47154-1-kalevi@kolttonen.fi/

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-07-03  8:07 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-19  9:12 [PATCH -next] lockdown: Add break in lockdown_write Cai Xinchen
2026-01-22  9:31 ` Xiu Jianfeng
2026-01-22 17:41   ` Paul Moore
2026-07-02 16:50     ` Paul Moore
2026-07-03  7:39       ` Nicolas Bouchinet

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox