security: Fix security_old_inode_init_security() when CONFIG_SECURITY is not set
authorJan Kara <jack@suse.cz>
Tue, 3 Jan 2012 12:14:29 +0000 (13:14 +0100)
committerLinus Torvalds <torvalds@linux-foundation.org>
Wed, 4 Jan 2012 00:12:19 +0000 (16:12 -0800)
Commit 1e39f384bb01 ("evm: fix build problems") makes the stub version
of security_old_inode_init_security() return 0 when CONFIG_SECURITY is
not set.

But that makes callers such as reiserfs_security_init() assume that
security_old_inode_init_security() has set name, value, and len
arguments properly - but security_old_inode_init_security() left them
uninitialized which then results in interesting failures.

Revert security_old_inode_init_security() to the old behavior of
returning EOPNOTSUPP since both callers (reiserfs and ocfs2) handle this
just fine.

[ Also fixed the S_PRIVATE(inode) case of the actual non-stub
  security_old_inode_init_security() function to return EOPNOTSUPP
  for the same reason, as pointed out by Mimi Zohar.

  It got incorrectly changed to match the new function in commit
  fb88c2b6cbb1: "evm: fix security/security_old_init_security return
  code".   - Linus ]

Reported-by: Jorge Bastos <mysql.jorge@decimal.pt>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
include/linux/security.h
security/security.c

index 19d8e04e16884c2bfb860fe2f72715306753ea15..e8c619d39291b4c18b028224299d882dbf56aa16 100644 (file)
@@ -2056,7 +2056,7 @@ static inline int security_old_inode_init_security(struct inode *inode,
                                                   char **name, void **value,
                                                   size_t *len)
 {
-       return 0;
+       return -EOPNOTSUPP;
 }
 
 static inline int security_inode_create(struct inode *dir,
index 0c6cc69c8f86d68fb24f1b954c64370e8da88c4a..e2f684aeb70c152a61038c0d2d19525774144d59 100644 (file)
@@ -381,7 +381,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
                                     void **value, size_t *len)
 {
        if (unlikely(IS_PRIVATE(inode)))
-               return 0;
+               return -EOPNOTSUPP;
        return security_ops->inode_init_security(inode, dir, qstr, name, value,
                                                 len);
 }