| Message ID | 20230724145204.534703-1-roberto.sassu@huaweicloud.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9010:0:b0:3e4:2afc:c1 with SMTP id l16csp1869531vqg;
Mon, 24 Jul 2023 08:19:31 -0700 (PDT)
X-Google-Smtp-Source:
APBJJlHYA5mjuoyxiGoYceJnY4vG/ECFwjfL73C8uqRFAzALxVnckQCg2JKjpZXbiIJtpEBF6JXB
X-Received: by 2002:a05:6358:6f1d:b0:134:c37f:4b63 with SMTP id
r29-20020a0563586f1d00b00134c37f4b63mr7991714rwn.2.1690211970852;
Mon, 24 Jul 2023 08:19:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690211970; cv=none;
d=google.com; s=arc-20160816;
b=UZeecjPUbd8F67kH+tDjAg+TjSVGnUKWcq8JjnzlWJUYHo5RrkvjCrGCTU9qlJCkfj
DnUkr99iHK4SKg76s2UgwbggT/eGFvXHMX0ydgcxMBohjuocsoJCeYEsi4fyV5X7gk7C
ohABo7zg5pWMfxk5sAe2lNeRvR7F3CapefO0cw4nyAlnAVr/m9SIRw4HG4HifDbkfzFN
K2DPnVKtntJZXDXta8t+K1tnb13bgMoSv54Km7KEFlY4Jii3A+gE+YjJ0hHuuqF2Tt2h
RwH6NhzZQ9ly6x7kbgCzoyOixeqMY5WH4gdQzNl+tpi4/Ahuav7vDxhDXcNi8OKrZeZw
B5Og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from;
bh=Jt/UJR/0jxrYrFB3QQx4StclQaDnAZ1eAXK4/HG7dKE=;
fh=w2msnr3yG3Rv1td2qF+by/F7ifmNbVCq9QScMJA61XU=;
b=TEDSWYOj/QfAagyoKGL4EKUAg/YMsKB2tgpyS2zqn5PjjsUMR2xdn6d7I0V3GV5jkL
QlT1LPitIbHI01xdpfxypa3e7lD4yIOqGCsLU7dk/LSRB4mGaeeIRMHGqWEaYvCbe/9+
3em4gzVKVQKDF2wT9qnlhxRx1st2Jl6IPhr78LnDtQAPz8vyCT+oeLBMHVugySGW2VDp
7EWbhRw1GrInlbHiBilb8WEThZoznPa/Y3/8e32n7ukh04p0z0Y8Lr43LFTYrwBUsK/S
WEt1kKsGcvjD0XydYlPJeyLbQ0Gqaski1pnarE6+mlAGgSa+lRDPFSzrXgda3ECqR3RS
TDAw==
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
m68-20020a633f47000000b005538b4e729csi9471808pga.171.2023.07.24.08.19.17;
Mon, 24 Jul 2023 08:19:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S230196AbjGXOxE (ORCPT <rfc822;kautuk.consul.80@gmail.com>
+ 99 others); Mon, 24 Jul 2023 10:53:04 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34434 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231674AbjGXOwq (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 24 Jul 2023 10:52:46 -0400
Received: from frasgout13.his.huawei.com (unknown [14.137.139.46])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 251F710DC;
Mon, 24 Jul 2023 07:52:44 -0700 (PDT)
Received: from mail02.huawei.com (unknown [172.18.147.227])
by frasgout13.his.huawei.com (SkyGuard) with ESMTP id
4R8jXN1mnyz9y0Yq;
Mon, 24 Jul 2023 22:41:24 +0800 (CST)
Received: from huaweicloud.com (unknown [10.204.63.22])
by APP1 (Coremail) with SMTP id LxC2BwDnbwspkL5kT9D+BA--.29494S2;
Mon, 24 Jul 2023 15:52:30 +0100 (CET)
From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com
Cc: linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH] security: Fix ret values doc for
security_inode_init_security()
Date: Mon, 24 Jul 2023 16:52:04 +0200
Message-Id: <20230724145204.534703-1-roberto.sassu@huaweicloud.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: LxC2BwDnbwspkL5kT9D+BA--.29494S2
X-Coremail-Antispam: 1UD129KBjvJXoW7Zr1xKr17tFWUZr47ZrWxCrg_yoW8XF4kpa
1UKF1UWr15tFy7WFn5AF47u3WSkay5Gr4DGrsxZr17A3WDZrn5tr4Fyr15ury3XrWUAw10
qw42kr43Jr1DA37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
9KBjDU0xBIdaVrnRJUUUyEb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I20VC2zVCF04k2
6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4
vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7Cj
xVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxV
AFwI0_Cr1j6rxdM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40E
x7xfMcIj6xIIjxv20xvE14v26r106r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x
0Yz7v_Jr0_Gr1lF7xvr2IYc2Ij64vIr41lc7CjxVAaw2AFwI0_GFv_Wryl42xK82IYc2Ij
64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x
8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMIIYrxkI7VAKI48JMIIF0xvE
2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42
xK8VAvwI8IcIk0rVW3JVWrJr1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY
1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7IU8imRUUUUUU==
X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQAIBF1jj5Db5QACsQ
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS,
MAY_BE_FORGED,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE
autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1772315707560324675
X-GMAIL-MSGID: 1772315707560324675
|
| Series |
security: Fix ret values doc for security_inode_init_security()
|
|
Commit Message
Roberto Sassu
July 24, 2023, 2:52 p.m. UTC
From: Roberto Sassu <roberto.sassu@huawei.com> Commit 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for inode_init_security hook") unified the !initxattrs and initxattrs cases. By doing that, security_inode_init_security() cannot return -EOPNOTSUPP anymore, as it is always replaced with zero at the end of the function. Also, mentioning -ENOMEM as the only possible error is not correct. For example, evm_inode_init_security() could return -ENOKEY. Fix these issues in the documentation of security_inode_init_security(). Fixes: 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for inode_init_security hook") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> --- security/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
Comments
On Mon, Jul 24, 2023 at 10:52 AM Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > > From: Roberto Sassu <roberto.sassu@huawei.com> > > Commit 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for > inode_init_security hook") unified the !initxattrs and initxattrs cases. By > doing that, security_inode_init_security() cannot return -EOPNOTSUPP > anymore, as it is always replaced with zero at the end of the function. > > Also, mentioning -ENOMEM as the only possible error is not correct. For > example, evm_inode_init_security() could return -ENOKEY. > > Fix these issues in the documentation of security_inode_init_security(). > > Fixes: 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for inode_init_security hook") > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > --- > security/security.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/security.c b/security/security.c > index cfdd0cbbcb9..5aa9cb91f0f 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -1604,8 +1604,8 @@ EXPORT_SYMBOL(security_dentry_create_files_as); > * a security attribute on this particular inode, then it should return > * -EOPNOTSUPP to skip this processing. > * > - * Return: Returns 0 on success, -EOPNOTSUPP if no security attribute is > - * needed, or -ENOMEM on memory allocation failure. > + * Return: Returns 0 on success or on -EOPNOTSUPP error, a negative value other > + * than -EOPNOTSUPP otherwise. How about "Returns 0 if the LSM successfully initialized all of the inode security attributes that are required, negative values otherwise."? The caller doesn't need to worry about the individual LSMs returning -EOPNOTSUPP in the case of no security attributes, and if they really care, they are likely reading the description above (or the code) which explains it in much better detail. Thoughts? -- paul-moore.com
On Mon, 2023-07-24 at 17:54 -0400, Paul Moore wrote: > On Mon, Jul 24, 2023 at 10:52 AM Roberto Sassu > <roberto.sassu@huaweicloud.com> wrote: > > > > From: Roberto Sassu <roberto.sassu@huawei.com> > > > > Commit 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for > > inode_init_security hook") unified the !initxattrs and initxattrs cases. By > > doing that, security_inode_init_security() cannot return -EOPNOTSUPP > > anymore, as it is always replaced with zero at the end of the function. > > > > Also, mentioning -ENOMEM as the only possible error is not correct. For > > example, evm_inode_init_security() could return -ENOKEY. > > > > Fix these issues in the documentation of security_inode_init_security(). > > > > Fixes: 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for inode_init_security hook") > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > --- > > security/security.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/security/security.c b/security/security.c > > index cfdd0cbbcb9..5aa9cb91f0f 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -1604,8 +1604,8 @@ EXPORT_SYMBOL(security_dentry_create_files_as); > > * a security attribute on this particular inode, then it should return > > * -EOPNOTSUPP to skip this processing. > > * > > - * Return: Returns 0 on success, -EOPNOTSUPP if no security attribute is > > - * needed, or -ENOMEM on memory allocation failure. > > + * Return: Returns 0 on success or on -EOPNOTSUPP error, a negative value other > > + * than -EOPNOTSUPP otherwise. > > How about "Returns 0 if the LSM successfully initialized all of the > inode security attributes that are required, negative values > otherwise."? The caller doesn't need to worry about the individual > LSMs returning -EOPNOTSUPP in the case of no security attributes, and > if they really care, they are likely reading the description above (or > the code) which explains it in much better detail. Maybe this could be better: Return 0 if security attributes initialization is successful or not necessary, a negative value otherwise. Thanks Roberto
On Tue, Jul 25, 2023 at 3:02 AM Roberto Sassu <roberto.sassu@huaweicloud.com> wrote: > On Mon, 2023-07-24 at 17:54 -0400, Paul Moore wrote: > > On Mon, Jul 24, 2023 at 10:52 AM Roberto Sassu > > <roberto.sassu@huaweicloud.com> wrote: > > > > > > From: Roberto Sassu <roberto.sassu@huawei.com> > > > > > > Commit 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for > > > inode_init_security hook") unified the !initxattrs and initxattrs cases. By > > > doing that, security_inode_init_security() cannot return -EOPNOTSUPP > > > anymore, as it is always replaced with zero at the end of the function. > > > > > > Also, mentioning -ENOMEM as the only possible error is not correct. For > > > example, evm_inode_init_security() could return -ENOKEY. > > > > > > Fix these issues in the documentation of security_inode_init_security(). > > > > > > Fixes: 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for inode_init_security hook") > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > --- > > > security/security.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/security/security.c b/security/security.c > > > index cfdd0cbbcb9..5aa9cb91f0f 100644 > > > --- a/security/security.c > > > +++ b/security/security.c > > > @@ -1604,8 +1604,8 @@ EXPORT_SYMBOL(security_dentry_create_files_as); > > > * a security attribute on this particular inode, then it should return > > > * -EOPNOTSUPP to skip this processing. > > > * > > > - * Return: Returns 0 on success, -EOPNOTSUPP if no security attribute is > > > - * needed, or -ENOMEM on memory allocation failure. > > > + * Return: Returns 0 on success or on -EOPNOTSUPP error, a negative value other > > > + * than -EOPNOTSUPP otherwise. > > > > How about "Returns 0 if the LSM successfully initialized all of the > > inode security attributes that are required, negative values > > otherwise."? The caller doesn't need to worry about the individual > > LSMs returning -EOPNOTSUPP in the case of no security attributes, and > > if they really care, they are likely reading the description above (or > > the code) which explains it in much better detail. > > Maybe this could be better: > > Return 0 if security attributes initialization is successful or not > necessary, a negative value otherwise. Well, I'm trying to avoid differentiating between the non-zero, but successful attribute initialization and the zero attribute case; from a caller's perspective it doesn't matter (and why we don't differentiate between the two with different error codes). If the distinction between the two states is important from a caller's perspective, there should be different return codes.
On Tue, 2023-07-25 at 14:38 -0400, Paul Moore wrote: > On Tue, Jul 25, 2023 at 3:02 AM Roberto Sassu > <roberto.sassu@huaweicloud.com> wrote: > > On Mon, 2023-07-24 at 17:54 -0400, Paul Moore wrote: > > > On Mon, Jul 24, 2023 at 10:52 AM Roberto Sassu > > > <roberto.sassu@huaweicloud.com> wrote: > > > > > > > > From: Roberto Sassu <roberto.sassu@huawei.com> > > > > > > > > Commit 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for > > > > inode_init_security hook") unified the !initxattrs and initxattrs cases. By > > > > doing that, security_inode_init_security() cannot return -EOPNOTSUPP > > > > anymore, as it is always replaced with zero at the end of the function. > > > > > > > > Also, mentioning -ENOMEM as the only possible error is not correct. For > > > > example, evm_inode_init_security() could return -ENOKEY. > > > > > > > > Fix these issues in the documentation of security_inode_init_security(). > > > > > > > > Fixes: 6bcdfd2cac55 ("security: Allow all LSMs to provide xattrs for inode_init_security hook") > > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> > > > > --- > > > > security/security.c | 4 ++-- > > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/security/security.c b/security/security.c > > > > index cfdd0cbbcb9..5aa9cb91f0f 100644 > > > > --- a/security/security.c > > > > +++ b/security/security.c > > > > @@ -1604,8 +1604,8 @@ EXPORT_SYMBOL(security_dentry_create_files_as); > > > > * a security attribute on this particular inode, then it should return > > > > * -EOPNOTSUPP to skip this processing. > > > > * > > > > - * Return: Returns 0 on success, -EOPNOTSUPP if no security attribute is > > > > - * needed, or -ENOMEM on memory allocation failure. > > > > + * Return: Returns 0 on success or on -EOPNOTSUPP error, a negative value other > > > > + * than -EOPNOTSUPP otherwise. > > > > > > How about "Returns 0 if the LSM successfully initialized all of the > > > inode security attributes that are required, negative values > > > otherwise."? The caller doesn't need to worry about the individual > > > LSMs returning -EOPNOTSUPP in the case of no security attributes, and > > > if they really care, they are likely reading the description above (or > > > the code) which explains it in much better detail. > > > > Maybe this could be better: > > > > Return 0 if security attributes initialization is successful or not > > necessary, a negative value otherwise. > > Well, I'm trying to avoid differentiating between the non-zero, but > successful attribute initialization and the zero attribute case; from > a caller's perspective it doesn't matter (and why we don't > differentiate between the two with different error codes). If the > distinction between the two states is important from a caller's > perspective, there should be different return codes. Ok, fine for me. I take your suggestion. Thanks Roberto
diff --git a/security/security.c b/security/security.c index cfdd0cbbcb9..5aa9cb91f0f 100644 --- a/security/security.c +++ b/security/security.c @@ -1604,8 +1604,8 @@ EXPORT_SYMBOL(security_dentry_create_files_as); * a security attribute on this particular inode, then it should return * -EOPNOTSUPP to skip this processing. * - * Return: Returns 0 on success, -EOPNOTSUPP if no security attribute is - * needed, or -ENOMEM on memory allocation failure. + * Return: Returns 0 on success or on -EOPNOTSUPP error, a negative value other + * than -EOPNOTSUPP otherwise. */ int security_inode_init_security(struct inode *inode, struct inode *dir, const struct qstr *qstr,