Re: [PATCH] 64 bit capabilities

Serge E. Hallyn Sat, 10 Nov 2007 15:17:28 -0800

Quoting Andrew Morgan ([EMAIL PROTECTED]):
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Serge,
> 
> I guess I'm not sure what to do about this.
> 
> In the caller there is an explicit check for negative rc in which case
> the modifed function is not called.


Yeah, and it's only used to compare to two constants anyway.  (I was
thinking it was used more directly to control # bytes copied, but it
isn't.)  It does seem to have the potential of confusing future coders,
so from that point of view it might be safest to have

        if (rc < 0)
                goto out;
        unsigned size = (unsigned)rc;
        rc = cap_from_disk(v1caps, bprm, size);

But it sure looks like I'm being pedantic so please feel free to ignore
me.

thanks,
-serge

> The argument really is an unsigned quantity and I felt this change was
> an improvement/fix.
> 
> Can you suggest a change that would satisfy you here?
> 
> Thanks
> 
> Andrew
> 
> Serge E. Hallyn wrote:
> 
> > Other than the one comment below,
> 
> > Acked-by: Serge Hallyn <[EMAIL PROTECTED]>
> 
> 
> >>
> - -static inline int cap_from_disk(__le32 *caps, struct linux_binprm *bprm,
> - -                           int size)
> +static inline int cap_from_disk(struct vfs_cap_data *caps,
> +                             struct linux_binprm *bprm, unsigned size)
> 
> > Note that you switched this to unsigned, but the caller is still sending
> > in an int (rc).
> 
> [..]
> 
> @@ -219,7 +245,7 @@ static int get_file_caps(struct linux_binprm *bprm)
>  {
>       struct dentry *dentry;
>       int rc = 0;
> - -   __le32 v1caps[XATTR_CAPS_SZ];
> +     struct vfs_cap_data vcaps;
>       struct inode *inode;
> >>
>       if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) {
> @@ -232,8 +258,8 @@ static int get_file_caps(struct linux_binprm *bprm)
>       if (!inode->i_op || !inode->i_op->getxattr)
>               goto out;
> >>
> - -   rc = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, &v1caps,
> - -                                                   XATTR_CAPS_SZ);
> +     rc = inode->i_op->getxattr(dentry, XATTR_NAME_CAPS, &vcaps,
> +                                XATTR_CAPS_SZ);
>       if (rc == -ENODATA || rc == -EOPNOTSUPP) {
>               /* no data, that's ok */
>               rc = 0;
> @@ -242,7 +268,7 @@ static int get_file_caps(struct linux_binprm *bprm)
>       if (rc < 0)
>               goto out;
> >>
> - -   rc = cap_from_disk(v1caps, bprm, rc);
> +     rc = cap_from_disk(&vcaps, bprm, rc);
>       if (rc)
>               printk(KERN_NOTICE "%s: cap_from_disk returned %d for %s\n",
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFHNTXnmwytjiwfWMwRAl+SAKCWzzeTd/5/gRA3wqE+cb9yfPS9cwCfVjC0
> w4D0isaFXnOCW77WcG+1d7o=
> =kRqk
> -----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe 
linux-security-module" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] 64 bit capabilities

Reply via email to