Re: [PATCH] security: Fix ret values doc for security_inode_init_security()

From: Roberto Sassu
Date: Tue Jul 25 2023 - 03:03:02 EST

Next message: Jan Beulich: "Re: [PATCH V3 1/2] xen: Update dm_op.h from Xen public header"
Previous message: Simon Ser: "Re: Non-robust apps and resets (was Re: [PATCH v5 1/1] drm/doc: Document DRM device reset expectations)"
In reply to: Paul Moore: "Re: [PATCH] security: Fix ret values doc for security_inode_init_security()"
Next in thread: Paul Moore: "Re: [PATCH] security: Fix ret values doc for security_inode_init_security()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2023-07-24 at 17:54 -0400, Paul Moore wrote:
> On Mon, Jul 24, 2023 at 10:52 AM Roberto Sassu
> <roberto.sassu@xxxxxxxxxxxxxxx> wrote:
> >
> > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> >
> > Commit 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for
> > inode_init_security hook") unified the !initxattrs and initxattrs cases. By
> > doing that, security_inode_init_security() cannot return -EOPNOTSUPP
> > anymore, as it is always replaced with zero at the end of the function.
> >
> > Also, mentioning -ENOMEM as the only possible error is not correct. For
> > example, evm_inode_init_security() could return -ENOKEY.
> >
> > Fix these issues in the documentation of security_inode_init_security().
> >
> > Fixes: 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for inode_init_security hook")
> > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> > ---
> > security/security.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/security/security.c b/security/security.c
> > index cfdd0cbbcb9..5aa9cb91f0f 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -1604,8 +1604,8 @@ EXPORT_SYMBOL(security_dentry_create_files_as);
> > * a security attribute on this particular inode, then it should return
> > * -EOPNOTSUPP to skip this processing.
> > *
> > - * Return: Returns 0 on success, -EOPNOTSUPP if no security attribute is
> > - * needed, or -ENOMEM on memory allocation failure.
> > + * Return: Returns 0 on success or on -EOPNOTSUPP error, a negative value other
> > + * than -EOPNOTSUPP otherwise.
>
> How about "Returns 0 if the LSM successfully initialized all of the
> inode security attributes that are required, negative values
> otherwise."? The caller doesn't need to worry about the individual
> LSMs returning -EOPNOTSUPP in the case of no security attributes, and
> if they really care, they are likely reading the description above (or
> the code) which explains it in much better detail.

Maybe this could be better:

Return 0 if security attributes initialization is successful or not
necessary, a negative value otherwise.

Thanks

Roberto

Next message: Jan Beulich: "Re: [PATCH V3 1/2] xen: Update dm_op.h from Xen public header"
Previous message: Simon Ser: "Re: Non-robust apps and resets (was Re: [PATCH v5 1/1] drm/doc: Document DRM device reset expectations)"
In reply to: Paul Moore: "Re: [PATCH] security: Fix ret values doc for security_inode_init_security()"
Next in thread: Paul Moore: "Re: [PATCH] security: Fix ret values doc for security_inode_init_security()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]