[PATCH v9 1/3] Add a new LSM-supporting anonymous inode interface

Eric Biggers ebiggers at kernel.org
Fri Oct 9 04:45:19 UTC 2020


On Wed, Sep 23, 2020 at 12:33:22PM -0700, Lokesh Gidra wrote:
> +static struct file *_anon_inode_getfile(const char *name,
> +					const struct file_operations *fops,
> +					void *priv, int flags,
> +					const struct inode *context_inode,
> +					bool secure)
> +{

Nit: in Linux kernel code, using double underscore function prefixes is much
more common than single underscores.

> +/**
> + * Like anon_inode_getfd(), but adds the @context_inode argument to
> + * allow security modules to control creation of the new file. Once the
> + * security module makes the decision, this inode is no longer needed
> + * and hence reference to it is not held.
> + */
> +int anon_inode_getfd_secure(const char *name, const struct file_operations *fops,
> +			    void *priv, int flags,
> +			    const struct inode *context_inode)
> +{
> +	return _anon_inode_getfd(name, fops, priv, flags, context_inode, true);
> +}
> +EXPORT_SYMBOL_GPL(anon_inode_getfd_secure);

This new function has two callers, one of which passes context_inode=NULL.

But from the comment, it sounds like the purpose of this function is just to add
the context_inode argument.  So one would expect anon_inode_getfd() to be
equivalent to anon_inode_getfd_secure(..., NULL).

Apparently, that's not actually the case though.  Can you fix the comment to
describe what the function actually does?

- Eric



More information about the Linux-security-module-archive mailing list