Question about inode security blob

KP Singh kpsingh at kernel.org
Tue Jan 12 08:10:37 UTC 2021


On Tue, Jan 12, 2021 at 5:39 AM James Morris <jmorris at namei.org> wrote:
>
> On Mon, 11 Jan 2021, Fan Wu wrote:
>
> > > The inode->i_security should never be NULL if the inode has been
> > > initialized. Any LSM hook that finds this to be NULL has probably
> > > identified a bug elsewhere in the system.
> > >
> >
> > Thanks for the quick reply. If I understand correctly, I should follow the
> > first pattern if I want to use the inode blob.
>
> I don't think it's necessary, and if there's a race somewhere causing
> this, we shouldn't just paper it over.
>
> Btw, none of the existing cases are even using WARN_ON or similar to let
> the user know there's a problem.

I agree, for BPF, I will send a patch to switch to using WARN_ON_ONCE or just
get rid of the check altogether.

>
>
> --
> James Morris
> <jmorris at namei.org>
>



More information about the Linux-security-module-archive mailing list