From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753596AbdARVw0 (ORCPT <rfc822;w@1wt.eu>);
        Wed, 18 Jan 2017 16:52:26 -0500
Received: from mail-lf0-f65.google.com ([209.85.215.65]:35190 "EHLO
        mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752218AbdARVwY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 18 Jan 2017 16:52:24 -0500
Date: Thu, 19 Jan 2017 02:52:07 +0300
From: Alexey Dobriyan <adobriyan@gmail.com>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: LSM <linux-security-module@vger.kernel.org>,
        LKLM <linux-kernel@vger.kernel.org>, James Morris <jmorris@namei.org>,
        Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH] LSM: Add a Smack subdirectory in /proc/.../attr
Message-ID: <20170118235207.GA17613@avx2>
References: <b7abb223-4211-adb4-c2fa-39d895cda1bc@schaufler-ca.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <b7abb223-4211-adb4-c2fa-39d895cda1bc@schaufler-ca.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jan 18, 2017 at 11:07:19AM -0800, Casey Schaufler wrote:

> -int security_getprocattr(struct task_struct *p, char *name, char **value)
> +int security_getprocattr(struct task_struct *p, const char *lsm, char *name,
> +				char **value)
>  {
> -	return call_int_hook(getprocattr, -EINVAL, p, name, value);
> +	struct security_hook_list *hp;
> +	int rc = -EINVAL;

This is dead write.

> +	list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
> +		if (lsm != NULL && strcmp(lsm, hp->lsm))
> +			continue;
> +		rc = hp->hook.getprocattr(p, name, value);
> +		if (rc != -ENOENT)
> +			return rc;
> +	}
> +	return -EINVAL;		<-------+
					|
> -int security_setprocattr(struct task_|struct *p, char *name, void *value, size_t size)
> +int security_setprocattr(struct task_|struct *p, const char *lsm, char *name,
> +				void *va|lue, size_t size)
>  {					|
> -	return call_int_hook(setprocattr|, -EINVAL, p, name, value, size);
> +	struct security_hook_list *hp;	|
> +	int rc = -EINVAL;		|
					|
This one is not.			|
					|
> +					|
> +	list_for_each_entry(hp, &securit|y_hook_heads.setprocattr, list) {
> +		if (lsm != NULL && strcm|p(lsm, hp->lsm))
> +			continue;	|
> +		rc = hp->hook.setprocatt|r(p, name, value, size);
> +		if (rc != -ENOENT)	|
> +			break;		|
> +	}				|
> +	return rc;		<-------+