| Message ID | 20230306104036.1298529-1-roberto.sassu@huaweicloud.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp1768938wrd;
Mon, 6 Mar 2023 02:52:06 -0800 (PST)
X-Google-Smtp-Source:
AK7set9FdFR6YeQTeVG4vAmyrEcNDPGbMMjGIamqQFmzdVoxrKb6CEx2CAcdegswoAmChHvlyjRP
X-Received: by 2002:a05:6402:1655:b0:4af:8436:2f59 with SMTP id
s21-20020a056402165500b004af84362f59mr8715204edx.31.1678099926125;
Mon, 06 Mar 2023 02:52:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1678099926; cv=none;
d=google.com; s=arc-20160816;
b=nCfjlcLQjpAHcLrEpa1en2X+smZKElJ7w31k+jYNTy9Jq8fI/xXSSDXKCuPgxaDpOJ
Bb6zab1lTQxdf8OUJdDcSL9OYBhZ9fNPxPB+m3Ih99Q3iLFbNJ5ApzVn1dZDocmW+NY5
MvXUPWjmejktugICPmammby5BietBCbf2xDMmy4A4DtVQHrNyj8TMDGMoR6Um1+DqLU+
97CR/cAup0e+sfrJSROGZ++xrME0Q2Sbmk5NcuyuSspffDPcozyQEzZDWnLVDNpoAuMb
INcwPcQuxwivnOhUWY83JABfcsLivRkAjf1eoPTVIU/fd0OaIZHTnxGFlx3ZLzwuPMub
U5SQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=WnYpKqMhRru5JyDzt1hs/aKPhjDb8kKhDd3qrHsTDf0=;
b=xRPpdlDtErskuVBkvlHEFUCVEgeD47g1XWHLoNgb2z2Tnlkzr52JCSQtmPmYP8Oo+i
zOi7p3WdQ2nGdgzxNb0HyVjhJSQgdGdt/1RZIpitXwHszR0wxc+sQD7kOiqKpI8n+3Vz
sCbHy1BApfou/Mav4BgqfWli4r/LK5zHmcb1RAWKLOekEWlz4noLYmfWkezDRi6nBjSa
4YeiTaVpoC6/VFBwdRn6BTEklS/8VKX6uHb4axrbzjxdhIU5N1wCXWe1VFsL+CXlWkFJ
aETNbuuIrxTrjrWDdTu8eXFSShw7WWPy7HOI1xDFQt+le7IC4o0m9/40t7ae5KAzl3XU
8q9A==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
h1-20020aa7c601000000b004c07e5529e4si5049642edq.192.2023.03.06.02.51.42;
Mon, 06 Mar 2023 02:52:06 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229836AbjCFKmM (ORCPT <rfc822;toshivichauhan@gmail.com>
+ 99 others); Mon, 6 Mar 2023 05:42:12 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50600 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229819AbjCFKmK (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 6 Mar 2023 05:42:10 -0500
Received: from frasgout12.his.huawei.com (frasgout12.his.huawei.com
[14.137.139.154])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BAD3231D3;
Mon, 6 Mar 2023 02:42:08 -0800 (PST)
Received: from mail02.huawei.com (unknown [172.18.147.228])
by frasgout12.his.huawei.com (SkyGuard) with ESMTP id
4PVZfD12JMz9xHLw;
Mon, 6 Mar 2023 18:32:52 +0800 (CST)
Received: from huaweicloud.com (unknown [10.204.63.22])
by APP2 (Coremail) with SMTP id GxC2BwBnNl1qwwVkfKt0AQ--.17696S2;
Mon, 06 Mar 2023 11:41:54 +0100 (CET)
From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com
Cc: linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH] evm: Complete description of evm_inode_setattr()
Date: Mon, 6 Mar 2023 11:40:36 +0100
Message-Id: <20230306104036.1298529-1-roberto.sassu@huaweicloud.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: GxC2BwBnNl1qwwVkfKt0AQ--.17696S2
X-Coremail-Antispam: 1UD129KBjvdXoW7Gw1kJr4ruFW3XFyUWrW7Jwb_yoWkZrcE9F
WkZr4UWr4kXFs3Z34jkF4SvrWkWr1rJrn3K3srK39rZ345G3Z3XF4kXryfX348XrWUJrZr
uasIyryag347WjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
9fnUUIcSsGvfJTRUUUboAYFVCjjxCrM7AC8VAFwI0_Gr0_Xr1l1xkIjI8I6I8E6xAIw20E
Y4v20xvaj40_Wr0E3s1l1IIY67AEw4v_Jr0_Jr4l8cAvFVAK0II2c7xJM28CjxkF64kEwV
A0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWUJVWUCwA2z4x0Y4vE2Ix0cI8IcVCY1x02
67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIE14v26r4j6F4UM28EF7xvwVC2z280aVCY1x0267
AKxVW8JVW8Jr1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4CE5I8CrVC2
j2WlYx0E2Ix0cI8IcVAFwI0_Jrv_JF1lYx0Ex4A2jsIE14v26r1j6r4UMcvjeVCFs4IE7x
kEbVWUJVW8JwACjcxG0xvY0x0EwIxGrwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE
bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67
AF67kF1VAFwI0_Jw0_GFylIxkGc2Ij64vIr41lIxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI
42IY6xIIjxv20xvEc7CjxVAFwI0_Gr0_Cr1lIxAIcVCF04k26cxKx2IYs7xG6rWUJVWrZr
1UMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr0_Gr1UYxBI
daVFxhVjvjDU0xZFpf9x07UGYL9UUUUU=
X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAgAIBF1jj4Y8rgAAsr
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE,
SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1759615308084818167?=
X-GMAIL-MSGID: =?utf-8?q?1759615308084818167?=
|
| Series |
evm: Complete description of evm_inode_setattr()
|
|
Commit Message
Roberto Sassu
March 6, 2023, 10:40 a.m. UTC
From: Roberto Sassu <roberto.sassu@huawei.com> Add the description for missing parameters of evm_inode_setattr() to avoid the warning arising with W=n compile option. Fixes: 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm") Fixes: c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- security/integrity/evm/evm_main.c | 2 ++ 1 file changed, 2 insertions(+)
Comments
On Mon, 2023-03-06 at 11:40 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@huawei.com> > > Add the description for missing parameters of evm_inode_setattr() to > avoid the warning arising with W=n compile option. > > Fixes: 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm") > Fixes: c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Hi Mimi this probably got lost. It was also reviewed by Stefan: Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Could you please take it? Thanks Roberto > --- > security/integrity/evm/evm_main.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c > index cf24c525558..b1c2197473a 100644 > --- a/security/integrity/evm/evm_main.c > +++ b/security/integrity/evm/evm_main.c > @@ -795,7 +795,9 @@ static int evm_attr_change(struct mnt_idmap *idmap, > > /** > * evm_inode_setattr - prevent updating an invalid EVM extended attribute > + * @idmap: idmap of the mount > * @dentry: pointer to the affected dentry > + * @attr: iattr structure containing the new file attributes > * > * Permit update of file attributes when files have a valid EVM signature, > * except in the case of them having an immutable portable signature.
On Mon, 2023-06-05 at 13:57 +0200, Roberto Sassu wrote: > On Mon, 2023-03-06 at 11:40 +0100, Roberto Sassu wrote: > > From: Roberto Sassu <roberto.sassu@huawei.com> > > > > Add the description for missing parameters of evm_inode_setattr() to > > avoid the warning arising with W=n compile option. > > > > Fixes: 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm") > > Fixes: c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > Hi Mimi > > this probably got lost. It was also reviewed by Stefan: > > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > > Could you please take it? Thanks for the reminder. In case kernel-doc changes are backported to stable, I've added # v3.2+ and # v6.3+ respectively to the Fixes lines. There are two other warnings in EVM. Any chance you're planning on fixing them as well?
On Mon, 2023-06-05 at 09:12 -0400, Mimi Zohar wrote: > On Mon, 2023-06-05 at 13:57 +0200, Roberto Sassu wrote: > > On Mon, 2023-03-06 at 11:40 +0100, Roberto Sassu wrote: > > > From: Roberto Sassu <roberto.sassu@huawei.com> > > > > > > Add the description for missing parameters of evm_inode_setattr() to > > > avoid the warning arising with W=n compile option. > > > > > > Fixes: 817b54aa45db ("evm: add evm_inode_setattr to prevent updating an invalid security.evm") > > > Fixes: c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > > Hi Mimi > > > > this probably got lost. It was also reviewed by Stefan: > > > > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > > > > Could you please take it? > > Thanks for the reminder. In case kernel-doc changes are backported to > stable, I've added # v3.2+ and # v6.3+ respectively to the Fixes lines. Thanks! > There are two other warnings in EVM. Any chance you're planning on > fixing them as well? Yes, will do. Roberto
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index cf24c525558..b1c2197473a 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -795,7 +795,9 @@ static int evm_attr_change(struct mnt_idmap *idmap, /** * evm_inode_setattr - prevent updating an invalid EVM extended attribute + * @idmap: idmap of the mount * @dentry: pointer to the affected dentry + * @attr: iattr structure containing the new file attributes * * Permit update of file attributes when files have a valid EVM signature, * except in the case of them having an immutable portable signature.