On Tue, Oct 24, 2023 at 6:23 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > On 10/24/2023 2:35 PM, Paul Moore wrote: > > Zero out all of the size counters in the -E2BIG case (buffer too > > small) to help make the current code a bit more robust in the face of > > future code changes. > > I don't see how this change would have the described effect. > What it looks like it would do is change the return from -E2BIG > to 0, which would not have the desired result. When @toobig is true, which it will be when one of the individual LSMs return -E2BIG, the return value of security_getselfattr() is fixed to -E2BIG (check the if-statements at the end of the function). Setting @rc to zero as in this patch simply preserves some sanity in the @count variable as we are no longer subtracting the E2BIG errno from the @count value. Granted, in the @toobig case, @count doesn't do anything meaningful, but I believe this does harden the code against future changes. Look at the discussion between Mickaël and I in the v15 04/11 patch for more background. https://lore.kernel.org/linux-security-module/20230912205658.3432-5-casey@xxxxxxxxxxxxxxxx > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > > --- > > security/security.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/security/security.c b/security/security.c > > index 988483fcf153..9c63acded4ee 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -3951,8 +3951,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx, > > continue; > > } > > if (rc == -E2BIG) { > > - toobig = true; > > + rc = 0; > > left = 0; > > + toobig = true; > > } else if (rc < 0) > > return rc; > > else -- paul-moore.com
