Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1091066lqb; Wed, 29 May 2024 23:01:38 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV1G2hsOSpK97H7V4u+ro1qUYt917WbV3WzYDcwJH7ITCC8DRMgM9JAl1OSUhgAoX9iFuB8mIKo43g6U96+5fXy23d2HHwgG6QQdDn0Qw== X-Google-Smtp-Source: AGHT+IF/ij5qRdQy4eCV+WhVcKdTZ8tz/FVP6uMbZeoeeviAcXdbLywIe7t6GCBwkpXMgUDIqYKe X-Received: by 2002:a05:6214:5245:b0:6ad:9df2:4837 with SMTP id 6a1803df08f44-6ae0cb1ebf2mr14417216d6.25.1717048897750; Wed, 29 May 2024 23:01:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717048896; cv=pass; d=google.com; s=arc-20160816; b=XjbJ1HRqRk7/C0cqtWeIbXd74ncd/rA845abw8Fq/Cqcy4IE7+vO42uMDXZcuQIdt0 jbyq02SeQCE4bKCTWndypZBRhu+vdpCWCKTpMHVj4bXH0pxJGdoHNhaoIupntQFehqCC h7QchyP33u3iQJTG4abu6Zw47deVEBkluEoo5PRTbcabZRoCNTzdTN/P6uLFj8C2+KBu Shur1ZpYrW6aNLLQhsWgdv3FZ1emYlyWTJiQW786f+AHuI1u7k3qefqfzpiScxfZeL8K D1rJFoyGGzWtNE8vMcwLJROesz2tNoY/yfbtIxldDGN1Q1UPmW4L/ZbJY9WRVvAICYnZ ruMg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=ewQ6cpKjHunBJ8P9JG4w1E2iE+G5Mg67OWG8UXAjRL4=; fh=XDYIWOiLcU0/9JiaHoVqjukgoUQpOe/CfS8C05KCX4U=; b=Vupao5fUy+Pe4/RaVG/BzdqAG47BS+PmeGGyuZG7PEwUI+hgvOcth+M3ESR61DZ0De jpjkTon4+6BfotzYiQ+TRt4V8Gr+EVCRtec5mYb04jNtUEOXv+0T1cPGKs1wygOL8qOG LlQ0r8xEPiDdov/y+UJsGbxshf2Iz64PhTiNcGHiU2WmJjDXErMaMhi5Onv9HyVFOUs9 hI8R5lbw5ztDel+nv5zS95wWJ16ATEVmFONGUWQukOx7FftCkXemmJfyBS7rqqzvCZ4I RbfENzf4sqCqW62P+R0RmtGFg0UZVEPllCI2xXA1bF+E+xIA6Trskw0WQchifaFGBed4 wUXQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UBRp6eqv; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-194974-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-194974-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id 6a1803df08f44-6ad78d9adf9si1791876d6.278.2024.05.29.23.01.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 23:01:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-194974-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=UBRp6eqv; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-194974-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-194974-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 8E47C1C22942 for ; Thu, 30 May 2024 06:01:36 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A1DD5143753; Thu, 30 May 2024 06:01:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="UBRp6eqv" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A635C7F; Thu, 30 May 2024 06:01:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717048883; cv=none; b=VQ3/uxPl71O00/L+RqBslCvi2/fs4TAN9q0WZnCotXxr6tXTJiDGes7jd/HRfTRnBDJCVIHmoBBonwgCopZ3ibbiNn4m9C8sM7rEmD8C7gf1oZp8KzSw1dWpNDkUsRublxPpRC+N/aE1ETrZMMdmO/PuADEdko7UiniSTF4GCsc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717048883; c=relaxed/simple; bh=sMQhmPMrxDqBb+GMiCUWSmUfWbT6ZYt7eWULOCQH4DM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=AYUz4xk7MYnx6qAHzx7SdDhLuox7ruguZNkDyijUlalHEYw1sHjATnitMGXOuy+hugr16JTKB0+w301VDTF9iqLj1EKAzNfA6fdxG9WouZf1YxgC+8sJsVGm1zj4N50RfidotHjUPoE7KM9Xge5G2QKZTDiQ2k3gxx6P9a6HZbY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=UBRp6eqv; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8E9A3C2BBFC; Thu, 30 May 2024 06:01:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717048883; bh=sMQhmPMrxDqBb+GMiCUWSmUfWbT6ZYt7eWULOCQH4DM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=UBRp6eqvNI28qzwp3VBZgtvsj6HNY6LqJJqqMJ3gkdd1e+NoHnhowjTUJml9Zz5mr xE0qa1rHiSRi52Clr720vSw5vX4kGfKkb7j54/uTuQME/7h8/yv4aSDG+BM5o2vpPE Wcdev3k7FILnPoC8D4SOrnsc71JsMiXOIPrChlA81EXYJJK9QTm2VayLusgGfm906a O7qnPrSxnxecjtir+BjogId3A4iY+lnb9V0SUjzE2OyfwbXNN6tm+H8Fqk031gje34 KcXa9IrzZtJENw/hLh6myIXWnrLuu966vCIRmpTJdMz156ZpVpkIKihdlhlVnR9Wac hLKSG2T2MsKEg== Date: Wed, 29 May 2024 23:01:20 -0700 From: Eric Biggers To: Jarkko Sakkinen Cc: Paul Moore , Fan Wu , corbet@lwn.net, zohar@linux.ibm.com, jmorris@namei.org, serge@hallyn.com, tytso@mit.edu, axboe@kernel.dk, agk@redhat.com, snitzer@kernel.org, mpatocka@redhat.com, eparis@redhat.com, linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, fsverity@lists.linux.dev, linux-block@vger.kernel.org, dm-devel@lists.linux.dev, audit@vger.kernel.org, linux-kernel@vger.kernel.org, Deven Bowers Subject: Re: [PATCH v19 15/20] fsverity: expose verified fsverity built-in signatures to LSMs Message-ID: <20240530060120.GB29189@sol.localdomain> References: <1716583609-21790-16-git-send-email-wufan@linux.microsoft.com> <06bb61dc838eeff63bb5f11cea6d4b53@paul-moore.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Thu, May 30, 2024 at 08:51:21AM +0300, Jarkko Sakkinen wrote: > On Thu May 30, 2024 at 4:44 AM EEST, Paul Moore wrote: > > > + err = security_inode_setintegrity(inode, > > > + LSM_INT_FSVERITY_BUILTINSIG_VALID, > > > + signature, > > > + le32_to_cpu(sig_size)); > > > > I like this much better without the explicit inode cast :) > > Would be nice btw if that was 'ret' or 'rc' because err is such > a common name for exception handler alike goto-labels... Looks > confusing just because of that :-) > A lot of kernel code, including the rest of fs/verity/, uses the convention that "0 or negative errno" return values are named 'err' (and return values that aren't necessarily an errno are named something else). So it's fine as-is. - Eric