landlock: Add missing kernel-doc "Return:" sections

+2

security/landlock/domain.c

··· 114 114 * restriction. The subjective credentials must not be in an overridden state. 115 115 * 116 116 * @hierarchy->parent and @hierarchy->usage should already be set. 117 + * 118 + * Return: 0 on success, -errno on failure. 117 119 */ 118 120 int landlock_init_hierarchy_log(struct landlock_hierarchy *const hierarchy) 119 121 {

+1 -1

security/landlock/fs.c

··· 1568 1568 * 1569 1569 * @file: File being opened. 1570 1570 * 1571 - * Returns the access rights that are required for opening the given file, 1571 + * Return: The access rights that are required for opening the given file, 1572 1572 * depending on the file type and open mode. 1573 1573 */ 1574 1574 static access_mask_t

+5 -3

security/landlock/ruleset.c

··· 201 201 * When merging a ruleset in a domain, or copying a domain, @layers will be 202 202 * added to @ruleset as new constraints, similarly to a boolean AND between 203 203 * access rights. 204 + * 205 + * Return: 0 on success, -errno on failure. 204 206 */ 205 207 static int insert_rule(struct landlock_ruleset *const ruleset, 206 208 const struct landlock_id id, ··· 532 530 * The current task is requesting to be restricted. The subjective credentials 533 531 * must not be in an overridden state. cf. landlock_init_hierarchy_log(). 534 532 * 535 - * Returns the intersection of @parent and @ruleset, or returns @parent if 536 - * @ruleset is empty, or returns a duplicate of @ruleset if @parent is empty. 533 + * Return: A new domain merging @parent and @ruleset on success, or ERR_PTR() 534 + * on failure. If @parent is NULL, the new domain duplicates @ruleset. 537 535 */ 538 536 struct landlock_ruleset * 539 537 landlock_merge_ruleset(struct landlock_ruleset *const parent, ··· 624 622 * @rule: A rule that grants a set of access rights for each layer 625 623 * @masks: A matrix of unfulfilled access rights for each layer 626 624 * 627 - * Returns true if the request is allowed (i.e. the access rights granted all 625 + * Return: True if the request is allowed (i.e. the access rights granted all 628 626 * remaining unfulfilled access rights and masks has no leftover set bits). 629 627 */ 630 628 bool landlock_unmask_layers(const struct landlock_rule *const rule,

+11 -6

security/landlock/syscalls.c

··· 60 60 * @ksize_min: Minimal required size to be copied. 61 61 * @src: User space pointer or NULL. 62 62 * @usize: (Alleged) size of the data pointed to by @src. 63 + * 64 + * Return: 0 on success, -errno on failure. 63 65 */ 64 66 static __always_inline int 65 67 copy_min_struct_from_user(void *const dst, const size_t ksize, ··· 180 178 * - %LANDLOCK_CREATE_RULESET_VERSION 181 179 * - %LANDLOCK_CREATE_RULESET_ERRATA 182 180 * 183 - * This system call enables to create a new Landlock ruleset, and returns the 184 - * related file descriptor on success. 181 + * This system call enables to create a new Landlock ruleset. 185 182 * 186 183 * If %LANDLOCK_CREATE_RULESET_VERSION or %LANDLOCK_CREATE_RULESET_ERRATA is 187 184 * set, then @attr must be NULL and @size must be 0. 188 185 * 189 - * Possible returned errors are: 186 + * Return: The ruleset file descriptor on success, the Landlock ABI version if 187 + * %LANDLOCK_CREATE_RULESET_VERSION is set, the errata value if 188 + * %LANDLOCK_CREATE_RULESET_ERRATA is set, or -errno on failure. Possible 189 + * returned errors are: 190 190 * 191 191 * - %EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time; 192 - * - %EINVAL: unknown @flags, or unknown access, or unknown scope, or too small @size; 192 + * - %EINVAL: unknown @flags, or unknown access, or unknown scope, or too small 193 + * @size; 193 194 * - %E2BIG: @attr or @size inconsistencies; 194 195 * - %EFAULT: @attr or @size inconsistencies; 195 196 * - %ENOMSG: empty &landlock_ruleset_attr.handled_access_fs. ··· 403 398 * This system call enables to define a new rule and add it to an existing 404 399 * ruleset. 405 400 * 406 - * Possible returned errors are: 401 + * Return: 0 on success, or -errno on failure. Possible returned errors are: 407 402 * 408 403 * - %EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time; 409 404 * - %EAFNOSUPPORT: @rule_type is %LANDLOCK_RULE_NET_PORT but TCP/IP is not ··· 469 464 * namespace or is running with no_new_privs. This avoids scenarios where 470 465 * unprivileged tasks can affect the behavior of privileged children. 471 466 * 472 - * Possible returned errors are: 467 + * Return: 0 on success, or -errno on failure. Possible returned errors are: 473 468 * 474 469 * - %EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time; 475 470 * - %EINVAL: @flags contains an unknown bit.

+5 -4

security/landlock/task.c

··· 37 37 * 38 38 * Checks if the @parent domain is less or equal to (i.e. an ancestor, which 39 39 * means a subset of) the @child domain. 40 + * 41 + * Return: True if @parent is an ancestor of or equal to @child, false 42 + * otherwise. 40 43 */ 41 44 static bool domain_scope_le(const struct landlock_ruleset *const parent, 42 45 const struct landlock_ruleset *const child) ··· 82 79 * If the current task has Landlock rules, then the child must have at least 83 80 * the same rules. Else denied. 84 81 * 85 - * Determines whether a process may access another, returning 0 if permission 86 - * granted, -errno if denied. 82 + * Return: 0 if permission is granted, -errno if denied. 87 83 */ 88 84 static int hook_ptrace_access_check(struct task_struct *const child, 89 85 const unsigned int mode) ··· 131 129 * If the parent has Landlock rules, then the current task must have the same 132 130 * or more rules. Else denied. 133 131 * 134 - * Determines whether the nominated task is permitted to trace the current 135 - * process, returning 0 if permission is granted, -errno if denied. 132 + * Return: 0 if permission is granted, -errno if denied. 136 133 */ 137 134 static int hook_ptrace_traceme(struct task_struct *const parent) 138 135 {

Configure Feed

Configure Feed