tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

LSM: restore certain default error codes

While in most cases commit b1d9e6b064 ("LSM: Switch to lists of hooks")
retained previous error returns, in three cases it altered them without
any explanation in the commit message. Restore all of them - in the
security_old_inode_init_security() case this led to reiserfs using
uninitialized data, sooner or later crashing the system (the only other
user of this function - ocfs2 - was unaffected afaict, since it passes
pre-initialized structures).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

authored by

Jan Beulich and committed by
James Morris e308fd3b b1713b13

+6 -5
+6 -5
security/security.c
··· 380 380 return 0; 381 381 382 382 if (!initxattrs) 383 - return call_int_hook(inode_init_security, 0, inode, dir, qstr, 384 - NULL, NULL, NULL); 383 + return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, 384 + dir, qstr, NULL, NULL, NULL); 385 385 memset(new_xattrs, 0, sizeof(new_xattrs)); 386 386 lsm_xattr = new_xattrs; 387 387 ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, ··· 409 409 { 410 410 if (unlikely(IS_PRIVATE(inode))) 411 411 return -EOPNOTSUPP; 412 - return call_int_hook(inode_init_security, 0, inode, dir, qstr, 413 - name, value, len); 412 + return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, 413 + qstr, name, value, len); 414 414 } 415 415 EXPORT_SYMBOL(security_old_inode_init_security); 416 416 ··· 1281 1281 1282 1282 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) 1283 1283 { 1284 - return call_int_hook(socket_getpeersec_dgram, 0, sock, skb, secid); 1284 + return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, 1285 + skb, secid); 1285 1286 } 1286 1287 EXPORT_SYMBOL(security_socket_getpeersec_dgram); 1287 1288