nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

security: make inode_follow_link RCU-walk aware

Browse source 
inode_follow_link now takes an inode and rcu flag as well as the
dentry.

inode is used in preference to d_backing_inode(dentry), particularly
in RCU-walk mode.

selinux_inode_follow_link() gets dentry_has_perm() and
inode_has_perm() open-coded into it so that it can call
avc_has_perm_flags() in way that is safe if LOOKUP_RCU is set.

Calling avc_has_perm_flags() with rcu_read_lock() held means
that when avc_has_perm_noaudit calls avc_compute_av(), the attempt
to rcu_read_unlock() before calling security_compute_av() will not
actually drop the RCU read-lock.

However as security_compute_av() is completely in a read_lock()ed
region, it should be safe with the RCU read-lock held.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
NeilBrown 2015-03-23 13:37:39 +11:00 committed by Al Viro
parent 7b20ea2579
commit bda0be7ad9
5 changed files with 32 additions and 11 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

5
fs/namei.c
View file

@ -881,8 +881,9 @@ const char *get_link(struct nameidata *nd)
touch_atime(&last->link); touch_atime(&last->link);
error = security_inode_follow_link(dentry); error = security_inode_follow_link(dentry, inode,
if (error) nd->flags & LOOKUP_RCU);
if (unlikely(error))
return ERR_PTR(error); return ERR_PTR(error);
nd->last_type = LAST_BIND; nd->last_type = LAST_BIND;

12
include/linux/security.h
View file

@ -476,6 +476,8 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @inode_follow_link: * @inode_follow_link:
* Check permission to follow a symbolic link when looking up a pathname. * Check permission to follow a symbolic link when looking up a pathname.
* @dentry contains the dentry structure for the link. * @dentry contains the dentry structure for the link.
* @inode contains the inode, which itself is not stable in RCU-walk
* @rcu indicates whether we are in RCU-walk mode.
* Return 0 if permission is granted. * Return 0 if permission is granted.
* @inode_permission: * @inode_permission:
* Check permission before accessing an inode. This hook is called by the * Check permission before accessing an inode. This hook is called by the
@ -1551,7 +1553,8 @@ struct security_operations {
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry); struct inode *new_dir, struct dentry *new_dentry);
int (*inode_readlink) (struct dentry *dentry); int (*inode_readlink) (struct dentry *dentry);
int (*inode_follow_link) (struct dentry *dentry); int (*inode_follow_link) (struct dentry *dentry, struct inode *inode,
bool rcu);
int (*inode_permission) (struct inode *inode, int mask); int (*inode_permission) (struct inode *inode, int mask);
int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
int (*inode_getattr) (const struct path *path); int (*inode_getattr) (const struct path *path);
@ -1837,7 +1840,8 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry, struct inode *new_dir, struct dentry *new_dentry,
unsigned int flags); unsigned int flags);
int security_inode_readlink(struct dentry *dentry); int security_inode_readlink(struct dentry *dentry);
int security_inode_follow_link(struct dentry *dentry); int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu);
int security_inode_permission(struct inode *inode, int mask); int security_inode_permission(struct inode *inode, int mask);
int security_inode_setattr(struct dentry *dentry, struct iattr *attr); int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
int security_inode_getattr(const struct path *path); int security_inode_getattr(const struct path *path);
@ -2239,7 +2243,9 @@ static inline int security_inode_readlink(struct dentry *dentry)
return 0; return 0;
} }
static inline int security_inode_follow_link(struct dentry *dentry) static inline int security_inode_follow_link(struct dentry *dentry,
struct inode *inode,
bool rcu)
{ {
return 0; return 0;
} }

3
security/capability.c
View file

@ -209,7 +209,8 @@ static int cap_inode_readlink(struct dentry *dentry)
return 0; return 0;
} }
static int cap_inode_follow_link(struct dentry *dentry) static int cap_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
{ {
return 0; return 0;
} }

7
security/security.c
View file

@ -581,11 +581,12 @@ int security_inode_readlink(struct dentry *dentry)
return security_ops->inode_readlink(dentry); return security_ops->inode_readlink(dentry);
} }
int security_inode_follow_link(struct dentry *dentry) int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
{ {
if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) if (unlikely(IS_PRIVATE(inode)))
return 0; return 0;
return security_ops->inode_follow_link(dentry); return security_ops->inode_follow_link(dentry, inode, rcu);
} }
int security_inode_permission(struct inode *inode, int mask) int security_inode_permission(struct inode *inode, int mask)

16
security/selinux/hooks.c
View file

@ -2861,11 +2861,23 @@ static int selinux_inode_readlink(struct dentry *dentry)
return dentry_has_perm(cred, dentry, FILE__READ); return dentry_has_perm(cred, dentry, FILE__READ);
} }
static int selinux_inode_follow_link(struct dentry *dentry) static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
bool rcu)
{ {
const struct cred *cred = current_cred(); const struct cred *cred = current_cred();
struct common_audit_data ad;
struct inode_security_struct *isec;
u32 sid;
return dentry_has_perm(cred, dentry, FILE__READ); validate_creds(cred);
ad.type = LSM_AUDIT_DATA_DENTRY;
ad.u.dentry = dentry;
sid = cred_sid(cred);
isec = inode->i_security;
return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad,
rcu ? MAY_NOT_BLOCK : 0);
} }
static noinline int audit_inode_permission(struct inode *inode, static noinline int audit_inode_permission(struct inode *inode,