diff options
author | Jan Beulich <JBeulich@suse.com> | 2015-08-24 06:22:25 -0600 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2015-08-26 09:46:50 +1000 |
commit | e308fd3bb2e469c4939d3f4bd22b468de3ed04ae (patch) | |
tree | fd72ab25cd3d21001075f4d7188fa8330956c898 /security/security.c | |
parent | b1713b135fb1ae4d52531a55f0687f985bffe271 (diff) | |
download | lwn-e308fd3bb2e469c4939d3f4bd22b468de3ed04ae.tar.gz lwn-e308fd3bb2e469c4939d3f4bd22b468de3ed04ae.zip |
LSM: restore certain default error codes
While in most cases commit b1d9e6b064 ("LSM: Switch to lists of hooks")
retained previous error returns, in three cases it altered them without
any explanation in the commit message. Restore all of them - in the
security_old_inode_init_security() case this led to reiserfs using
uninitialized data, sooner or later crashing the system (the only other
user of this function - ocfs2 - was unaffected afaict, since it passes
pre-initialized structures).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/security.c')
-rw-r--r-- | security/security.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/security.c b/security/security.c index 595fffab48b0..994283624bdb 100644 --- a/security/security.c +++ b/security/security.c @@ -380,8 +380,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, return 0; if (!initxattrs) - return call_int_hook(inode_init_security, 0, inode, dir, qstr, - NULL, NULL, NULL); + return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, + dir, qstr, NULL, NULL, NULL); memset(new_xattrs, 0, sizeof(new_xattrs)); lsm_xattr = new_xattrs; ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, @@ -409,8 +409,8 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, { if (unlikely(IS_PRIVATE(inode))) return -EOPNOTSUPP; - return call_int_hook(inode_init_security, 0, inode, dir, qstr, - name, value, len); + return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, + qstr, name, value, len); } EXPORT_SYMBOL(security_old_inode_init_security); @@ -1281,7 +1281,8 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) { - return call_int_hook(socket_getpeersec_dgram, 0, sock, skb, secid); + return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, + skb, secid); } EXPORT_SYMBOL(security_socket_getpeersec_dgram); |