]> www.infradead.org Git - linux.git/commitdiff
projects / linux.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8e929cb)
ipe: return -ESTALE instead of -EINVAL on update when new policy has a lower version
authorLuca Boccassi <bluca@debian.org>
Wed, 25 Sep 2024 21:01:33 +0000 (23:01 +0200)
committerFan Wu <wufan@kernel.org>
Thu, 17 Oct 2024 18:37:13 +0000 (11:37 -0700)
When loading policies in userspace we want a recognizable error when an
update attempts to use an old policy, as that is an error that needs
to be treated differently from an invalid policy. Use -ESTALE as it is
clear enough for an update mechanism.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Fan Wu <wufan@kernel.org>
security/ipe/policy.c patch | blob | history

diff --git a/security/ipe/policy.c b/security/ipe/policy.c
index d8e7db857a2ea10b394c3959f649ce6b1d05fcfa..dcaac8c4bb38c82a6e1656d367bd3e0f194e4dfe 100644 (file)
--- a/security/ipe/policy.c
+++ b/security/ipe/policy.c
@@ -107,7 +107,7 @@ int ipe_update_policy(struct inode *root, const char *text, size_t textlen,
        }
 
        if (ver_to_u64(old) > ver_to_u64(new)) {
-               rc = -EINVAL;
+               rc = -ESTALE;
                goto err;
        }
 
Unnamed repository; edit this file 'description' to name the repository.