diff options
| author | Jan Beulich <JBeulich@suse.com> | 2015-08-24 08:22:25 -0400 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2015-08-25 19:46:50 -0400 |
| commit | e308fd3bb2e469c4939d3f4bd22b468de3ed04ae (patch) | |
| tree | fd72ab25cd3d21001075f4d7188fa8330956c898 /security | |
| parent | b1713b135fb1ae4d52531a55f0687f985bffe271 (diff) | |
LSM: restore certain default error codes
While in most cases commit b1d9e6b064 ("LSM: Switch to lists of hooks")
retained previous error returns, in three cases it altered them without
any explanation in the commit message. Restore all of them - in the
security_old_inode_init_security() case this led to reiserfs using
uninitialized data, sooner or later crashing the system (the only other
user of this function - ocfs2 - was unaffected afaict, since it passes
pre-initialized structures).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/security.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/security.c b/security/security.c index 595fffab48b0..994283624bdb 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -380,8 +380,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, | |||
| 380 | return 0; | 380 | return 0; |
| 381 | 381 | ||
| 382 | if (!initxattrs) | 382 | if (!initxattrs) |
| 383 | return call_int_hook(inode_init_security, 0, inode, dir, qstr, | 383 | return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, |
| 384 | NULL, NULL, NULL); | 384 | dir, qstr, NULL, NULL, NULL); |
| 385 | memset(new_xattrs, 0, sizeof(new_xattrs)); | 385 | memset(new_xattrs, 0, sizeof(new_xattrs)); |
| 386 | lsm_xattr = new_xattrs; | 386 | lsm_xattr = new_xattrs; |
| 387 | ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, | 387 | ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr, |
| @@ -409,8 +409,8 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, | |||
| 409 | { | 409 | { |
| 410 | if (unlikely(IS_PRIVATE(inode))) | 410 | if (unlikely(IS_PRIVATE(inode))) |
| 411 | return -EOPNOTSUPP; | 411 | return -EOPNOTSUPP; |
| 412 | return call_int_hook(inode_init_security, 0, inode, dir, qstr, | 412 | return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, |
| 413 | name, value, len); | 413 | qstr, name, value, len); |
| 414 | } | 414 | } |
| 415 | EXPORT_SYMBOL(security_old_inode_init_security); | 415 | EXPORT_SYMBOL(security_old_inode_init_security); |
| 416 | 416 | ||
| @@ -1281,7 +1281,8 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, | |||
| 1281 | 1281 | ||
| 1282 | int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) | 1282 | int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) |
| 1283 | { | 1283 | { |
| 1284 | return call_int_hook(socket_getpeersec_dgram, 0, sock, skb, secid); | 1284 | return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, |
| 1285 | skb, secid); | ||
| 1285 | } | 1286 | } |
| 1286 | EXPORT_SYMBOL(security_socket_getpeersec_dgram); | 1287 | EXPORT_SYMBOL(security_socket_getpeersec_dgram); |
| 1287 | 1288 | ||