[PATCH v4 2/20] lsm: Refactor return value of LSM hook inode_need_killpriv
Xu Kuohai
xukuohai at huaweicloud.com
Sat Jul 20 09:27:56 UTC 2024
On 7/19/2024 10:08 AM, Paul Moore wrote:
> On Jul 11, 2024 Xu Kuohai <xukuohai at huaweicloud.com> wrote:
>>
>> To be consistent with most LSM hooks, convert the return value of
>> hook inode_need_killpriv to 0 or a negative error code.
>>
>> Before:
>> - Both hook inode_need_killpriv and func security_inode_need_killpriv
>> return > 0 if security_inode_killpriv is required, 0 if not, and < 0
>> to abort the operation.
>>
>> After:
>> - Both hook inode_need_killpriv and func security_inode_need_killpriv
>> return 0 on success and a negative error code on failure.
>> On success, hook inode_need_killpriv sets output param @need to true
>> if security_inode_killpriv is required, and false if not. When @need
>> is true, func security_inode_need_killpriv sets ATTR_KILL_PRIV flag
>> in @attr; when false, it clears the flag.
>> On failure, @need and @attr remains unchanged.
>>
>> Signed-off-by: Xu Kuohai <xukuohai at huawei.com>
>> ---
>> fs/attr.c | 5 ++---
>> fs/inode.c | 4 +---
>> include/linux/lsm_hook_defs.h | 2 +-
>> include/linux/security.h | 20 ++++++++++++++++----
>> security/commoncap.c | 12 ++++++++----
>> security/security.c | 29 ++++++++++++++++++++++++-----
>> 6 files changed, 52 insertions(+), 20 deletions(-)
>
> In general I think a lot of these changes are a good improvement, thank
> you very much for the time and effort you've spent on this. However,
> I'm not in favor of passing the new hook parameter as a way of reducing
> the number of states represented by the security_inode_killpriv() return
> value. This particular hook may need to remain as one of the odd special
> cases.
>
I learned from previous discussions [1] to use a new output parameter to store
odd return values. Actually, I am not in favor of this method either, especially
since it requires extra work to enable BPF to access the output parameter. I
think we could just keep it as-is.
[1] https://lore.kernel.org/bpf/CAHC9VhQ_sTmoXwQ_AVfjTYQe4KR-uTnksPVfsei5JZ+VDJBQkA@mail.gmail.com/
More information about the Linux-security-module-archive
mailing list