Re: [RFC][PATCH 2/4] lsm: Add missing return values doc in lsm_hooks.h and... | linux-security-module

[RFC][PATCH 0/4] security: Ensure LSMs return expected values · Roberto Sassu <hidden> · 2022-11-15
[RFC][PATCH 1/4] lsm: Clarify documentation of vm_enough_memory hook · Roberto Sassu <hidden> · 2022-11-15
Re: [RFC][PATCH 1/4] lsm: Clarify documentation of vm_enough_memory hook · Paul Moore <paul@paul-moore.com> · 2022-11-16
Re: [RFC][PATCH 1/4] lsm: Clarify documentation of vm_enough_memory hook · Roberto Sassu <hidden> · 2022-11-16
Re: [RFC][PATCH 1/4] lsm: Clarify documentation of vm_enough_memory hook · KP Singh <kpsingh@kernel.org> · 2022-11-16
Re: [RFC][PATCH 1/4] lsm: Clarify documentation of vm_enough_memory hook · Paul Moore <paul@paul-moore.com> · 2022-11-16
[RFC][PATCH 2/4] lsm: Add missing return values doc in lsm_hooks.h and fix formatting · Roberto Sassu <hidden> · 2022-11-15
Re: [RFC][PATCH 2/4] lsm: Add missing return values doc in lsm_hooks.h and fix formatting · Paul Moore <paul@paul-moore.com> · 2022-11-16
Re: [RFC][PATCH 2/4] lsm: Add missing return values doc in lsm_hooks.h and fix formatting · Roberto Sassu <hidden> · 2022-11-16
Re: [RFC][PATCH 2/4] lsm: Add missing return values doc in lsm_hooks.h and fix formatting · Paul Moore <paul@paul-moore.com> · 2022-11-16
[RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument · Roberto Sassu <hidden> · 2022-11-15
Re: [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument · Paul Moore <paul@paul-moore.com> · 2022-11-16
Re: [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument · Roberto Sassu <hidden> · 2022-11-16
Re: [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument · Paul Moore <paul@paul-moore.com> · 2022-11-16
Re: [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument · Greg KH <gregkh@linuxfoundation.org> · 2022-11-17
Re: [RFC][PATCH 3/4] lsm: Redefine LSM_HOOK() macro to add return value flags as argument · Paul Moore <paul@paul-moore.com> · 2022-11-17
[RFC][PATCH 4/4] security: Enforce limitations on return values from LSMs · Roberto Sassu <hidden> · 2022-11-15
Re: [RFC][PATCH 4/4] security: Enforce limitations on return values from LSMs · Paul Moore <paul@paul-moore.com> · 2022-11-16
Re: [RFC][PATCH 4/4] security: Enforce limitations on return values from LSMs · Roberto Sassu <hidden> · 2022-11-16
[PoC][PATCH] bpf: Call return value check function in the JITed code · Roberto Sassu <hidden> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Alexei Starovoitov <hidden> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Roberto Sassu <hidden> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Alexei Starovoitov <hidden> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Casey Schaufler <casey@schaufler-ca.com> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · KP Singh <kpsingh@kernel.org> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Paul Moore <paul@paul-moore.com> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Roberto Sassu <hidden> · 2022-11-30
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Casey Schaufler <casey@schaufler-ca.com> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · KP Singh <kpsingh@kernel.org> · 2022-11-16
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Roberto Sassu <hidden> · 2022-11-18
Re: [PoC][PATCH] bpf: Call return value check function in the JITed code · Roberto Sassu <hidden> · 2022-11-21
Re: [RFC][PATCH 4/4] security: Enforce limitations on return values from LSMs · Paul Moore <paul@paul-moore.com> · 2022-11-16
Re: [RFC][PATCH 0/4] security: Ensure LSMs return expected values · Casey Schaufler <casey@schaufler-ca.com> · 2022-11-15

Re: [RFC][PATCH 2/4] lsm: Add missing return values doc in lsm_hooks.h and fix formatting

From: Paul Moore <paul@paul-moore.com>
Date: 2022-11-16 02:23:18
Also in: bpf, lkml

On Tue, Nov 15, 2022 at 12:57 PM Roberto Sassu
[off-list ref] wrote:

From: Roberto Sassu <roberto.sassu@huawei.com>

Ensure that for non-void LSM hooks there is a description of the return
values. Also replace spaces with tab for indentation, remove empty lines
between the hook description and the list of parameters and add the period
at the end of the parameter description.

Finally, replace the description of the sb_parse_opts_str hook, which was
removed with commit 757cbe597fe8 ("LSM: new method: ->sb_add_mnt_opt()"),
with one for the new hook sb_add_mnt_opt.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 include/linux/lsm_hooks.h | 123 ++++++++++++++++++++++++++------------
 1 file changed, 86 insertions(+), 37 deletions(-)

...

quoted hunk ↗ jump to hunk

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index f40b82ca91e7..c0c570b7eabd 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h

@@ -176,18 +183,22 @@
  *     Set the security relevant mount options used for a superblock
  *     @sb the superblock to set security mount options for
  *     @opts binary data structure containing all lsm mount data
+ *     Return 0 on success, error on failure.
  * @sb_clone_mnt_opts:
  *     Copy all security options from a given superblock to another
  *     @oldsb old superblock which contain information to clone
  *     @newsb new superblock which needs filled in
- * @sb_parse_opts_str:
- *     Parse a string of security data filling in the opts structure
- *     @options string containing all mount options known by the LSM
- *     @opts binary data structure usable by the LSM
+ *     Return 0 on success, error on failure.
+ * @add_mnt_opt:
+ *     Add a new mount option @option with value @val and length @len to the
+ *     existing mount options @mnt_opts.
+ *     Return 0 if the option was successfully added, a negative value
+ *     otherwise.

I really appreciate the effort to improve the LSM hook comments/docs,
but the "sb_add_mnt_opt" hook was removed in 52f982f00b22
("security,selinux: remove security_add_mnt_opt()").

-- 
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help