Re: [PATCH v3 1/2] security: add fault injection capability

From: Aleksandr Nogikh
Date: Tue Nov 10 2020 - 13:35:16 EST

Next message: Alex Deucher: "Re: [PATCH] amd/display/amdgpu_dm: delete same check in if condition"
Previous message: Serge Semin: "Re: [PATCH] ntb: idt: fix error check in ntb_hw_idt.c"
In reply to: Tetsuo Handa: "Re: [PATCH v3 1/2] security: add fault injection capability"
Next in thread: Andrey Konovalov: "Re: [PATCH v3 1/2] security: add fault injection capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Nov 10, 2020 at 7:43 AM Tetsuo Handa
<penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:
>
[...]
>
> By the way, fail_lsm_hooks.retval is "signed int" but debugfs_create_u32() handles "unsigned int".
> Do we want to allow lsm_hooks_inject_fail() to inject arbitrary !IS_ERR_VALUE() values?

Thanks for pointing it out. Technically, now it's possible to set a
negative value - internally, the kernel
will process negative integers anyway, and after casting the unsigned
value to a signed one, retval
will contain exactly what the user provided. However, if the user
retrieves the attribute value, they won't
get the exact value that was set (if it was negative).

I'll change debugfs_create_u32 to something else in v4, so that it'll
be more explicit and so that it'll be
possible to read negative values normally.

Next message: Alex Deucher: "Re: [PATCH] amd/display/amdgpu_dm: delete same check in if condition"
Previous message: Serge Semin: "Re: [PATCH] ntb: idt: fix error check in ntb_hw_idt.c"
In reply to: Tetsuo Handa: "Re: [PATCH v3 1/2] security: add fault injection capability"
Next in thread: Andrey Konovalov: "Re: [PATCH v3 1/2] security: add fault injection capability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]