Re: [PATCH] TOMOYO: Return error if fails to delete a domain.

walter harms <wharms@xxxxxx> · Sun, 18 Mar 2012 15:29:33 +0100

Am 16.03.2012 19:55, schrieb santosh nayak:
> From: Santosh Nayak <santoshprasadnayak@xxxxxxxxx>
> 
> Call sequence:
> tomoyo_write_domain() --> tomoyo_delete_domain()
> 
> In 'tomoyo_delete_domain',  return  -EINTR if locking attempt is
> interrupted by signal.
> 
> At present it returns success to its caller 'tomoyo_write_domain()'
> even though domain is not deleted. 'tomoyo_write_domain()' assumes
> domain is deleted and returns success to its caller. This is
> wrong behaviour.
> 
> 'tomoyo_write_domain' should return error '-EAGAIN' to its caller if
> tomoyo_delete_domain() returns -EINTR.
> 
> Signed-off-by: Santosh Nayak <santoshprasadnayak@xxxxxxxxx>
> ---
>  security/tomoyo/common.c |   12 ++++++++----
>  1 files changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
> index c47d3ce..3ee1c3a 100644
> --- a/security/tomoyo/common.c
> +++ b/security/tomoyo/common.c
> @@ -1081,7 +1081,7 @@ static int tomoyo_delete_domain(char *domainname)
>  	name.name = domainname;
>  	tomoyo_fill_path_info(&name);
>  	if (mutex_lock_interruptible(&tomoyo_policy_lock))
> -		return 0;
> +		return -EINTR;
>  	/* Is there an active domain? */
>  	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
>  		/* Never delete tomoyo_kernel_domain */
> @@ -1163,16 +1163,20 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head)
>  	const bool is_delete = head->w.is_delete;
>  	bool is_select = !is_delete && tomoyo_str_starts(&data, "select ");
>  	unsigned int profile;
> +	int ret = 0;
>  	if (*data == '<') {
>  		domain = NULL;
> -		if (is_delete)
> -			tomoyo_delete_domain(data);
> +		if (is_delete) {
> +			ret = tomoyo_delete_domain(data);
> +			if (ret)
> +				return -EAGAIN;
> +		}
>  		else if (is_select)
>  			domain = tomoyo_find_domain(data);
>  		else
>  			domain = tomoyo_assign_domain(data, false);
>  		head->w.domain = domain;
> -		return 0;
> +		return ret;

hi all,
does domain anything useful here ?

re,
 wh

>  	}
>  	if (!domain)
>  		return -EINVAL;
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html