[PATCH v1 06/11] landlock: Add support for file reparenting with LANDLOCK_ACCESS_FS_REFER
Mickaël Salaün
mic at digikod.net
Thu Mar 24 10:31:32 UTC 2022
On 17/03/2022 13:04, Mickaël Salaün wrote:
>
> On 17/03/2022 02:26, Paul Moore wrote:
[...]
>>> @@ -269,16 +270,188 @@ static inline bool is_nouser_or_private(const
>>> struct dentry *dentry)
>>>
>>> unlikely(IS_PRIVATE(d_backing_inode(dentry))));
>>> }
>>>
>>> -static int check_access_path(const struct landlock_ruleset *const
>>> domain,
>>> - const struct path *const path,
>>> +static inline access_mask_t get_handled_accesses(
>>> + const struct landlock_ruleset *const domain)
>>> +{
>>> + access_mask_t access_dom = 0;
>>> + unsigned long access_bit;
>>
>> Would it be better to declare @access_bit as an access_mask_t type?
>> You're not using any macros like for_each_set_bit() in this function
>> so I believe it should be safe.
>
> Right, I'll change that.
Well, thinking about it again, access_bit is not an access mask but an
index in such mask. access_mask_t gives enough space for such index but
it is definitely not the right semantic. The best type should be size_t,
but I prefer to stick to unsigned long (used for size_t anyway) for
consistency with the other access_bit variable types. There is no need
to use for_each_set_bit() here now but that could change, and I prefer
to do my best to prevent future issues. ;)
Anyway, I guess the compiler can optimize such code.
More information about the Linux-security-module-archive
mailing list