Merge tag 'fixes-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer fixes from James Morris: "Miscellaneous minor fixes" * tag 'fixes-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: commoncap: clean up kernel-doc comments security: commoncap: fix -Wstringop-overread warning

Merge tag 'fixes-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer fixes from James Morris: "Miscellaneous minor fixes" * tag 'fixes-v5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: security: commoncap: clean up kernel-doc comments security: commoncap: fix -Wstringop-overread warning
acd3d285 · Linus Torvalds · 1e9599df · 049ae601 · acd3d285
Commit acd3d285 authored Apr 27, 2021 by Linus Torvalds
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 18 deletions

security/commoncap.c security/commoncap.c +34 -18

No files found.
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -50,7 +50,7 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
 /**
 * cap_capable - Determine whether a task has a particular effective capability
 * @cred: The credentials to use
- * @ns:  The user namespace in which we need the capability
+ * @targ_ns:  The user namespace in which we need the capability
 * @cap: The capability to check for
 * @opts: Bitmask of options defined in include/linux/security.h
 *
@@ -289,7 +289,7 @@ int cap_capset(struct cred *new,
 * affects the security markings on that inode, and if it is, should
 * inode_killpriv() be invoked or the change rejected.
 *
- * Returns 1 if security.capability has a value, meaning inode_killpriv()
+ * Return: 1 if security.capability has a value, meaning inode_killpriv()
 * is required, 0 otherwise, meaning inode_killpriv() is not required.
 */
 int cap_inode_need_killpriv(struct dentry *dentry)
@@ -315,7 +315,7 @@ int cap_inode_need_killpriv(struct dentry *dentry)
 * permissions. On non-idmapped mounts or if permission checking is to be
 * performed on the raw inode simply passs init_user_ns.
 *
- * Returns 0 if successful, -ve on error.
+ * Return: 0 if successful, -ve on error.
 */
 int cap_inode_killpriv(struct user_namespace *mnt_userns, struct dentry *dentry)
 {
@@ -400,7 +400,7 @@ int cap_inode_getsecurity(struct user_namespace *mnt_userns,
 				      &tmpbuf, size, GFP_NOFS);
 	dput(dentry);

-	if (ret < 0)
+	if (ret < 0 || !tmpbuf)
 		return ret;

 	fs_ns = inode->i_sb->s_user_ns;
@@ -532,7 +532,7 @@ static bool validheader(size_t size, const struct vfs_cap_data *cap)
 * permissions. On non-idmapped mounts or if permission checking is to be
 * performed on the raw inode simply passs init_user_ns.
 *
- * If all is ok, we return the new size, on error return < 0.
+ * Return: On success, return the new size; on error, return < 0.
 */
 int cap_convert_nscap(struct user_namespace *mnt_userns, struct dentry *dentry,
 		      const void **ivalue, size_t size)
@@ -881,7 +881,9 @@ static inline bool nonroot_raised_pE(struct cred *new, const struct cred *old,
 *
 * Set up the proposed credentials for a new execution context being
 * constructed by execve().  The proposed creds in @bprm->cred is altered,
- * which won't take effect immediately.  Returns 0 if successful, -ve on error.
+ * which won't take effect immediately.
+ *
+ * Return: 0 if successful, -ve on error.
 */
 int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file)
 {
@@ -1117,7 +1119,9 @@ static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old)
 * @flags: Indications of what has changed
 *
 * Fix up the results of setuid() call before the credential changes are
- * actually applied, returning 0 to grant the changes, -ve to deny them.
+ * actually applied.
+ *
+ * Return: 0 to grant the changes, -ve to deny them.
 */
 int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)
 {
@@ -1187,7 +1191,9 @@ static int cap_safe_nice(struct task_struct *p)
 * @p: The task to affect
 *
 * Detemine if the requested scheduler policy change is permitted for the
- * specified task, returning 0 if permission is granted, -ve if denied.
+ * specified task.
+ *
+ * Return: 0 if permission is granted, -ve if denied.
 */
 int cap_task_setscheduler(struct task_struct *p)
 {
@@ -1195,12 +1201,14 @@ int cap_task_setscheduler(struct task_struct *p)
 }

 /**
- * cap_task_ioprio - Detemine if I/O priority change is permitted
+ * cap_task_setioprio - Detemine if I/O priority change is permitted
 * @p: The task to affect
 * @ioprio: The I/O priority to set
 *
 * Detemine if the requested I/O priority change is permitted for the specified
- * task, returning 0 if permission is granted, -ve if denied.
+ * task.
+ *
+ * Return: 0 if permission is granted, -ve if denied.
 */
 int cap_task_setioprio(struct task_struct *p, int ioprio)
 {
@@ -1208,12 +1216,14 @@ int cap_task_setioprio(struct task_struct *p, int ioprio)
 }

 /**
- * cap_task_ioprio - Detemine if task priority change is permitted
+ * cap_task_setnice - Detemine if task priority change is permitted
 * @p: The task to affect
 * @nice: The nice value to set
 *
 * Detemine if the requested task priority change is permitted for the
- * specified task, returning 0 if permission is granted, -ve if denied.
+ * specified task.
+ *
+ * Return: 0 if permission is granted, -ve if denied.
 */
 int cap_task_setnice(struct task_struct *p, int nice)
 {
@@ -1243,12 +1253,15 @@ static int cap_prctl_drop(unsigned long cap)
 /**
 * cap_task_prctl - Implement process control functions for this security module
 * @option: The process control function requested
- * @arg2, @arg3, @arg4, @arg5: The argument data for this function
+ * @arg2: The argument data for this function
+ * @arg3: The argument data for this function
+ * @arg4: The argument data for this function
+ * @arg5: The argument data for this function
 *
 * Allow process control functions (sys_prctl()) to alter capabilities; may
 * also deny access to other functions not otherwise implemented here.
 *
- * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
+ * Return: 0 or +ve on success, -ENOSYS if this function is not implemented
 * here, other -ve on error.  If -ENOSYS is returned, sys_prctl() and other LSM
 * modules will consider performing the function.
 */
@@ -1383,7 +1396,9 @@ int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 * @pages: The size of the mapping
 *
 * Determine whether the allocation of a new virtual mapping by the current
- * task is permitted, returning 1 if permission is granted, 0 if not.
+ * task is permitted.
+ *
+ * Return: 1 if permission is granted, 0 if not.
 */
 int cap_vm_enough_memory(struct mm_struct *mm, long pages)
 {
@@ -1396,14 +1411,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
 	return cap_sys_admin;
 }

-/*
+/**
 * cap_mmap_addr - check if able to map given addr
 * @addr: address attempting to be mapped
 *
 * If the process is attempting to map memory below dac_mmap_min_addr they need
 * CAP_SYS_RAWIO.  The other parameters to this function are unused by the
- * capability security module.  Returns 0 if this mapping should be allowed
- * -EPERM if not.
+ * capability security module.
+ *
+ * Return: 0 if this mapping should be allowed or -EPERM if not.
 */
 int cap_mmap_addr(unsigned long addr)
 {