Re: [PATCH] SELinux: Add security hook definition for getioprio and insert hooks

[Serge E. Hallyn]

Quoting James Morris (jmorris@xxxxxxxxx):
...
> +static int get_task_ioprio(struct task_struct *p)
> +{
> +	int ret;
> +
> +	ret = security_task_getioprio(p);
> +	if (ret)
> +		goto out;
> +	ret = p->ioprio;
> +out:
> +	return ret;
> +}
...
>  			do_each_task_pid(who, PIDTYPE_PGID, p) {
> +				tmpio = get_task_ioprio(p);
> +				if (tmpio < 0)
> +					continue;
>  				if (ret == -ESRCH)
> -					ret = p->ioprio;
> +					ret = tmpio;
>  				else
> -					ret = ioprio_best(ret, p->ioprio);
> +					ret = ioprio_best(ret, tmpio);
...
> + * @task_getioprio
> + *	Check permission before getting the ioprio value of @p.
> + *	@p contains the task_struct of process.
> + *	Return 0 if permission is granted.

A return value >0 is a problem here but isn't mentioned.  the
get_task_ioprio() helper will return the the security_task_getioprio()
return value in htat case, but the do_each_task_pid loop will take it
as a valid return value.

-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/