Quoting J. Bruce Fields (bfields@xxxxxxxxxxxx): > On Thu, May 09, 2013 at 12:49:26AM -0500, Serge Hallyn wrote: > > Quoting J. Bruce Fields (bfields@xxxxxxxxxxxx): > > > From: "J. Bruce Fields" <bfields@xxxxxxxxxx> > > > > > > We shouldn't be returning success from this function without also > > > filling in the return values ctx and ctxlen. > > > > > > Note currently this doesn't appear to cause bugs since the only > > > inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls > > > this if security_inode_setsecurity succeeds. Assuming > > > security_inode_setsecurity is set to cap_inode_setsecurity whenever > > > inode_getsecctx is set to cap_inode_getsecctx, this function can never > > > actually called. > > > > > > So I noticed this only because the server labeled NFS patches add a real > > > caller. > > > > > > Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx> > > > > Thanks, the comment in include/linux/security.h doesn't mention the > > return value at all, but based on the other implementations this looks > > right. > > > > Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxx> > > Thanks! Hm, would something like this help clarify?: > > @@ -1412,7 +1412,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) > * @ctxlen contains the length of @ctx. > * > * @inode_getsecctx: > - * Returns a string containing all relevant security context information > + * On success, fills out @ctx and @ctxlen with the security context > + * for the given @inode. ... and returns 0. That would be great, thanks! Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxx> > * > * @inode we wish to get the security context of. > * @ctx is a pointer in which to place the allocated security context. > > --b. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
