Kezdőlap Felfedezés Súgó
Bejelentkezés
GfA
/
linux_kernel
5
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Forráskód Böngészése

security: make inode_follow_link RCU-walk aware

inode_follow_link now takes an inode and rcu flag as well as the
dentry.

inode is used in preference to d_backing_inode(dentry), particularly
in RCU-walk mode.

selinux_inode_follow_link() gets dentry_has_perm() and
inode_has_perm() open-coded into it so that it can call
avc_has_perm_flags() in way that is safe if LOOKUP_RCU is set.

Calling avc_has_perm_flags() with rcu_read_lock() held means
that when avc_has_perm_noaudit calls avc_compute_av(), the attempt
to rcu_read_unlock() before calling security_compute_av() will not
actually drop the RCU read-lock.

However as security_compute_av() is completely in a read_lock()ed
region, it should be safe with the RCU read-lock held.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
NeilBrown 10 éve
szülő
7b20ea2579
commit
bda0be7ad9
5 módosított fájl, 32 hozzáadás és 11 törlés
Osztott Nézet Diff Statisztika Mutatása
  1. 3 2
      fs/namei.c
  2. 9 3
      include/linux/security.h
  3. 2 1
      security/capability.c
  4. 4 3
      security/security.c
  5. 14 2
      security/selinux/hooks.c

+ 3 - 2
fs/namei.c
Fájl Megtekintése 

@@ -881,8 +881,9 @@ const char *get_link(struct nameidata *nd)
 
 
 	touch_atime(&last->link);
 
 
-	error = security_inode_follow_link(dentry);
 
-	if (error)
 
+	error = security_inode_follow_link(dentry, inode,
 
+					   nd->flags & LOOKUP_RCU);
 
+	if (unlikely(error))
 
 		return ERR_PTR(error);
 
 
 	nd->last_type = LAST_BIND;

+ 9 - 3
include/linux/security.h
Fájl Megtekintése 

@@ -476,6 +476,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 
  * @inode_follow_link:
 
  *	Check permission to follow a symbolic link when looking up a pathname.
 
  *	@dentry contains the dentry structure for the link.
 
+ *	@inode contains the inode, which itself is not stable in RCU-walk
 
+ *	@rcu indicates whether we are in RCU-walk mode.
 
  *	Return 0 if permission is granted.
 
  * @inode_permission:
 
  *	Check permission before accessing an inode.  This hook is called by the
 
@@ -1551,7 +1553,8 @@ struct security_operations {
 
 	int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
 
 			     struct inode *new_dir, struct dentry *new_dentry);
 
 	int (*inode_readlink) (struct dentry *dentry);
 
-	int (*inode_follow_link) (struct dentry *dentry);
 
+	int (*inode_follow_link) (struct dentry *dentry, struct inode *inode,
 
+				  bool rcu);
 
 	int (*inode_permission) (struct inode *inode, int mask);
 
 	int (*inode_setattr)	(struct dentry *dentry, struct iattr *attr);
 
 	int (*inode_getattr) (const struct path *path);
 
@@ -1837,7 +1840,8 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
 
 			  struct inode *new_dir, struct dentry *new_dentry,
 
 			  unsigned int flags);
 
 int security_inode_readlink(struct dentry *dentry);
 
-int security_inode_follow_link(struct dentry *dentry);
 
+int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
 
+			       bool rcu);
 
 int security_inode_permission(struct inode *inode, int mask);
 
 int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
 
 int security_inode_getattr(const struct path *path);
 
@@ -2239,7 +2243,9 @@ static inline int security_inode_readlink(struct dentry *dentry)
 
 	return 0;
 
 }
 
 
-static inline int security_inode_follow_link(struct dentry *dentry)
 
+static inline int security_inode_follow_link(struct dentry *dentry,
 
+					     struct inode *inode,
 
+					     bool rcu)
 
 {
 
 	return 0;
 
 }

+ 2 - 1
security/capability.c
Fájl Megtekintése 

@@ -209,7 +209,8 @@ static int cap_inode_readlink(struct dentry *dentry)
 
 	return 0;
 
 }
 
 
-static int cap_inode_follow_link(struct dentry *dentry)
 
+static int cap_inode_follow_link(struct dentry *dentry, struct inode *inode,
 
+				 bool rcu)
 
 {
 
 	return 0;
 
 }

+ 4 - 3
security/security.c
Fájl Megtekintése 

@@ -581,11 +581,12 @@ int security_inode_readlink(struct dentry *dentry)
 
 	return security_ops->inode_readlink(dentry);
 
 }
 
 
-int security_inode_follow_link(struct dentry *dentry)
 
+int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
 
+			       bool rcu)
 
 {
 
-	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
 
+	if (unlikely(IS_PRIVATE(inode)))
 
 		return 0;
 
-	return security_ops->inode_follow_link(dentry);
 
+	return security_ops->inode_follow_link(dentry, inode, rcu);
 
 }
 
 
 int security_inode_permission(struct inode *inode, int mask)

+ 14 - 2
security/selinux/hooks.c
Fájl Megtekintése 

@@ -2861,11 +2861,23 @@ static int selinux_inode_readlink(struct dentry *dentry)
 
 	return dentry_has_perm(cred, dentry, FILE__READ);
 
 }
 
 
-static int selinux_inode_follow_link(struct dentry *dentry)
 
+static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
 
+				     bool rcu)
 
 {
 
 	const struct cred *cred = current_cred();
 
+	struct common_audit_data ad;
 
+	struct inode_security_struct *isec;
 
+	u32 sid;
 
 
-	return dentry_has_perm(cred, dentry, FILE__READ);
 
+	validate_creds(cred);
 
+
 
+	ad.type = LSM_AUDIT_DATA_DENTRY;
 
+	ad.u.dentry = dentry;
 
+	sid = cred_sid(cred);
 
+	isec = inode->i_security;
 
+
 
+	return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,
 
+				  rcu ? MAY_NOT_BLOCK : 0);
 
 }
 
 
 static noinline int audit_inode_permission(struct inode *inode,