BACKPORT: LSM: restore certain default error codes

While in most cases commit b1d9e6b064 ("LSM: Switch to lists of hooks")
retained previous error returns, in three cases it altered them without
any explanation in the commit message. Restore all of them - in the
security_old_inode_init_security() case this led to reiserfs using
uninitialized data, sooner or later crashing the system (the only other
user of this function - ocfs2 - was unaffected afaict, since it passes
pre-initialized structures).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
(cherry-picked from upstream e308fd3bb2e469c4939d3f4bd22b468de3ed04ae)

diff --git a/security/security.c b/security/security.c
index 6081afaa1919ec4680ba3f5f9695eb36c92c27d0..37f0ebbcdbf4c996274ef49d1b5a9862e5eaa47f 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -345,8 +345,8 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
 
        memset(new_xattrs, 0, sizeof new_xattrs);
        if (!initxattrs)
-               return call_int_hook(inode_init_security, 0, inode, dir, qstr,
-                                                        NULL, NULL, NULL);
+               return call_int_hook(inode_init_security, -EOPNOTSUPP, inode,
+                                    dir, qstr, NULL, NULL, NULL);
        lsm_xattr = new_xattrs;
        ret = call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir, qstr,
                                                &lsm_xattr->name,
@@ -375,8 +375,8 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
 {
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
-       return call_int_hook(inode_init_security, 0, inode, dir, qstr,
-                               name, value, len);
+       return call_int_hook(inode_init_security, -EOPNOTSUPP, inode, dir,
+                            qstr, name, value, len);
 }
 EXPORT_SYMBOL(security_old_inode_init_security);
 
@@ -1213,7 +1213,8 @@ int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
 
 int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
 {
-       return call_int_hook(socket_getpeersec_dgram, 0, sock, skb, secid);
+       return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock,
+                            skb, secid);
 }
 EXPORT_SYMBOL(security_socket_getpeersec_dgram);