From: Aleksandr Nogikh <nogikh@google.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Aleksandr Nogikh <aleksandrnogikh@gmail.com>,
jmorris@namei.org, serge@hallyn.com,
Akinobu Mita <akinobu.mita@gmail.com>,
Andrey Konovalov <andreyknvl@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Marco Elver <elver@google.com>,
Alexander Potapenko <glider@google.com>,
Kees Cook <keescook@google.com>,
Casey Schaufler <casey@schaufler-ca.com>,
LKML <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 1/2] security: add fault injection capability
Date: Tue, 10 Nov 2020 21:35:02 +0300 [thread overview]
Message-ID: <CANp29Y5USTozWhFjaBBCwEQJf8Ape2ivNK1zSpySJW_PT1H7Bg@mail.gmail.com> (raw)
In-Reply-To: <04d8c32a-06cd-d71a-43d9-47b1de6c7684@i-love.sakura.ne.jp>
On Tue, Nov 10, 2020 at 7:43 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
[...]
>
> By the way, fail_lsm_hooks.retval is "signed int" but debugfs_create_u32() handles "unsigned int".
> Do we want to allow lsm_hooks_inject_fail() to inject arbitrary !IS_ERR_VALUE() values?
Thanks for pointing it out. Technically, now it's possible to set a
negative value - internally, the kernel
will process negative integers anyway, and after casting the unsigned
value to a signed one, retval
will contain exactly what the user provided. However, if the user
retrieves the attribute value, they won't
get the exact value that was set (if it was negative).
I'll change debugfs_create_u32 to something else in v4, so that it'll
be more explicit and so that it'll be
possible to read negative values normally.
next prev parent reply other threads:[~2020-11-10 18:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-29 18:35 [PATCH v3 0/2] security: add fault injection to LSM hooks Aleksandr Nogikh
2020-10-29 18:35 ` [PATCH v3 1/2] security: add fault injection capability Aleksandr Nogikh
2020-11-02 14:03 ` Marco Elver
2020-11-10 4:43 ` Tetsuo Handa
2020-11-10 18:35 ` Aleksandr Nogikh [this message]
2020-11-10 17:42 ` Andrey Konovalov
2020-10-29 18:35 ` [PATCH v3 2/2] docs: add fail_lsm_hooks info to fault-injection.rst Aleksandr Nogikh
2020-11-09 19:06 ` [PATCH v3 0/2] security: add fault injection to LSM hooks Aleksandr Nogikh
2020-11-10 3:14 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANp29Y5USTozWhFjaBBCwEQJf8Ape2ivNK1zSpySJW_PT1H7Bg@mail.gmail.com \
--to=nogikh@google.com \
--cc=akinobu.mita@gmail.com \
--cc=aleksandrnogikh@gmail.com \
--cc=andreyknvl@google.com \
--cc=casey@schaufler-ca.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=jmorris@namei.org \
--cc=keescook@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).