From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0DD4C43334 for ; Thu, 9 Jun 2022 23:18:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 058E58D0063; Thu, 9 Jun 2022 19:18:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 00A776B00BB; Thu, 9 Jun 2022 19:18:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DF24B8D0063; Thu, 9 Jun 2022 19:18:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id CD3836B00BB for ; Thu, 9 Jun 2022 19:18:51 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id A8B6511D5 for ; Thu, 9 Jun 2022 23:18:51 +0000 (UTC) X-FDA: 79560264462.25.2DB164E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf31.hostedemail.com (Postfix) with ESMTP id CF9A020084; Thu, 9 Jun 2022 23:18:50 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1BA1C62008; Thu, 9 Jun 2022 23:18:44 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 580E0C34114; Thu, 9 Jun 2022 23:18:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1654816723; bh=jV7HoOubF6PTB2ncQUr11grjqLBwpz0PFhGJjzU5azE=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=GFF+OvYad586MW1XA098aEQbKkZR/csWDoiuq1bsWvvpmFu96w9PTb+Q1L3yeRM1m VAQ+RTjn4X2LdsCEMPHLp+CNprlppcO5JeRczRLxBIU1dqd7wuwnMztQ1p3TivfCv7 QeuvQoxzm+hJduo9ugf698Ws4UIxvWCW5t02Dp5WudTA0MgpCC3Xr4bMlV1XSyXC+w 82JghlyQfOk4n9LKvTCSGs7c1YyjvAUNaU6cQwM0Eam2KZQWOo9xuw5GAsvw09pIWK aSXRHVRr6b1g0LBCSakH0Z+xC/42BzxxKYxyGQqii4lUPxH4F4ECgdxEZl6EY1sRJW ilwdH5o4JlgeA== Date: Thu, 9 Jun 2022 16:18:41 -0700 From: Eric Biggers To: Frederick Lawler Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-aio@kvack.org, linux-fsdevel@vger.kernel.org, linux-cachefs@redhat.com, linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-mm@kvack.org, linux-nfs@vger.kernel.org, linux-unionfs@vger.kernel.org, linux-security-module@vger.kernel.org, netdev@vger.kernel.org, keyrings@vger.kernel.org, selinux@vger.kernel.org, serge@hallyn.com, amir73il@gmail.com, kernel-team@cloudflare.com, Jeff Moyer , Paul Moore Subject: Re: [PATCH v3] cred: Propagate security_prepare_creds() error code Message-ID: References: <20220608150942.776446-1-fred@cloudflare.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220608150942.776446-1-fred@cloudflare.com> ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1654816731; a=rsa-sha256; cv=none; b=jpT5L+Ej+/ZmncCWeZUXVYPKhz1vBbOfMfIl5IwcbNMMUbXrKOCwrNBmeio/+iciB8Kfz3 8hgQzVPNECgPZZ9QzysLlRuYIb1Q3LNlLz7JLiaHnjDGwZkc3dMlNcHOeXMuOPco9TNo+X RoGTelNrOTD0bfvf99b7PlJuRBdL+Uk= ARC-Authentication-Results: i=1; imf31.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GFF+OvYa; spf=pass (imf31.hostedemail.com: domain of ebiggers@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=ebiggers@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1654816731; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=z4LAbKwAlQdAyACq1GdBXWH4z1mVI+STl6Urbci8sMo=; b=aZHcbzqmGcoZOplklN9AGtmeFJdsUCZYqakLhAuRp0mZqE2MvlJndmGVFEW57zlnXyj3zR LJgmjpcxnW1wkAuKwPCj8apHmME2JCqMjalK22ds+krEsvlTsaddmqu+G60CQ3VlWW3AsW 7bs5loMfDULbKhCF+9Kh0lntPo0F0E4= X-Rspamd-Queue-Id: CF9A020084 Authentication-Results: imf31.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=GFF+OvYa; spf=pass (imf31.hostedemail.com: domain of ebiggers@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=ebiggers@kernel.org; dmarc=pass (policy=none) header.from=kernel.org X-Rspam-User: X-Rspamd-Server: rspam06 X-Stat-Signature: xkxdnkt1p6k3eprcgscgikoq1krb47pq X-HE-Tag: 1654816730-3967 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Jun 08, 2022 at 10:09:42AM -0500, Frederick Lawler wrote: > diff --git a/fs/aio.c b/fs/aio.c > index 3c249b938632..5abbe88c3ca7 100644 > --- a/fs/aio.c > +++ b/fs/aio.c > @@ -1620,6 +1620,8 @@ static void aio_fsync_work(struct work_struct *work) > static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb, > bool datasync) > { > + int err; > + > if (unlikely(iocb->aio_buf || iocb->aio_offset || iocb->aio_nbytes || > iocb->aio_rw_flags)) > return -EINVAL; > @@ -1628,8 +1630,11 @@ static int aio_fsync(struct fsync_iocb *req, const struct iocb *iocb, > return -EINVAL; > > req->creds = prepare_creds(); > - if (!req->creds) > - return -ENOMEM; > + if (IS_ERR(req->creds)) { > + err = PTR_ERR(req->creds); > + req->creds = NULL; > + return err; > + } This part is a little ugly. How about doing: creds = prepare_creds(); if (IS_ERR(creds)) return PTR_ERR(creds); req->creds = creds; > diff --git a/fs/exec.c b/fs/exec.c > index 0989fb8472a1..02624783e40e 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1468,15 +1468,19 @@ EXPORT_SYMBOL(finalize_exec); > */ > static int prepare_bprm_creds(struct linux_binprm *bprm) > { > + int err = -ERESTARTNOINTR; > if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex)) > - return -ERESTARTNOINTR; > + return err; > > bprm->cred = prepare_exec_creds(); > - if (likely(bprm->cred)) > - return 0; > + if (IS_ERR(bprm->cred)) { > + err = PTR_ERR(bprm->cred); > + bprm->cred = NULL; > + mutex_unlock(¤t->signal->cred_guard_mutex); > + return err; > + } > > - mutex_unlock(¤t->signal->cred_guard_mutex); > - return -ENOMEM; > + return 0; > } Similarly: static int prepare_bprm_creds(struct linux_binprm *bprm) { struct cred *cred; if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex)) return -ERESTARTNOINTR; cred = prepare_exec_creds(); if (IS_ERR(cred)) { mutex_unlock(¤t->signal->cred_guard_mutex); return PTR_ERR(cred); } bprm->cred = cred; return 0; } > diff --git a/kernel/nsproxy.c b/kernel/nsproxy.c > index eec72ca962e2..6cf75aa83b6c 100644 > --- a/kernel/nsproxy.c > +++ b/kernel/nsproxy.c > @@ -311,6 +311,7 @@ static void put_nsset(struct nsset *nsset) > > static int prepare_nsset(unsigned flags, struct nsset *nsset) > { > + int err = -ENOMEM; > struct task_struct *me = current; > > nsset->nsproxy = create_new_namespaces(0, me, current_user_ns(), me->fs); > @@ -324,6 +325,12 @@ static int prepare_nsset(unsigned flags, struct nsset *nsset) > if (!nsset->cred) > goto out; > > + if (IS_ERR(nsset->cred)) { > + err = PTR_ERR(nsset->cred); > + nsset->cred = NULL; > + goto out; > + } Why is the NULL check above being kept? Also, drivers/crypto/ccp/sev-dev.c needs to be updated. - Eric