From af901ca181d92aac3a7dc265144a9081a86d8f39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Goddard=20Rosa?= Date: Sat, 14 Nov 2009 13:09:05 -0200 Subject: tree-wide: fix assorted typos all over the place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That is "success", "unknown", "through", "performance", "[re|un]mapping" , "access", "default", "reasonable", "[con]currently", "temperature" , "channel", "[un]used", "application", "example","hierarchy", "therefore" , "[over|under]flow", "contiguous", "threshold", "enough" and others. Signed-off-by: André Goddard Rosa Signed-off-by: Jiri Kosina --- security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index e68823741ad..2534400317c 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -204,7 +204,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, * * Description * Call the NetLabel mechanism to set the label of a packet using @sid. - * Returns zero on auccess, negative values on failure. + * Returns zero on success, negative values on failure. * */ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ff17820d35e..5914eeb0b33 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -741,7 +741,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) goto out; } - /* type/domain unchaned */ + /* type/domain unchanged */ if (old_context->type == new_context->type) { rc = 0; goto out; -- cgit v1.2.3 From ec29ea544b1ce204ba3575ba05fccf3069d00c3f Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:47:44 -0500 Subject: ima: valid return code from ima_inode_alloc ima_inode_alloc returns 0 and 1, but the LSM hooks expects an errno. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima_iint.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index a4e2b1dac94..4a53f396d42 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -87,8 +87,6 @@ out: /** * ima_inode_alloc - allocate an iint associated with an inode * @inode: pointer to the inode - * - * Return 0 on success, 1 on failure. */ int ima_inode_alloc(struct inode *inode) { @@ -99,7 +97,7 @@ int ima_inode_alloc(struct inode *inode) iint = ima_iint_insert(inode); if (!iint) - return 1; + return -ENOMEM; return 0; } -- cgit v1.2.3 From 9353384ec8128cb443463016bbabb44ca857ff52 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:47:52 -0500 Subject: ima: only insert at inode creation time iints are supposed to be allocated when an inode is allocated (during security_inode_alloc()) But we have code which will attempt to allocate an iint during measurement calls. If we couldn't allocate the iint and we cared, we should have died during security_inode_alloc(). Not make the code more complex and less efficient. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_iint.c | 71 ++++++--------------------------------- security/integrity/ima/ima_main.c | 8 ++--- 3 files changed, 14 insertions(+), 66 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 165eb5397ea..349aabc8329 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -128,7 +128,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode); void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 4a53f396d42..2f6ab5258b1 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -45,22 +45,21 @@ out: return iint; } -/* Allocate memory for the iint associated with the inode - * from the iint_cache slab, initialize the iint, and - * insert it into the radix tree. - * - * On success return a pointer to the iint; on failure return NULL. +/** + * ima_inode_alloc - allocate an iint associated with an inode + * @inode: pointer to the inode */ -struct ima_iint_cache *ima_iint_insert(struct inode *inode) +int ima_inode_alloc(struct inode *inode) { struct ima_iint_cache *iint = NULL; int rc = 0; if (!ima_initialized) - return iint; + return 0; + iint = kmem_cache_alloc(iint_cache, GFP_NOFS); if (!iint) - return iint; + return -ENOMEM; rc = radix_tree_preload(GFP_NOFS); if (rc < 0) @@ -70,63 +69,13 @@ struct ima_iint_cache *ima_iint_insert(struct inode *inode) rc = radix_tree_insert(&ima_iint_store, (unsigned long)inode, iint); spin_unlock(&ima_iint_lock); out: - if (rc < 0) { + if (rc < 0) kmem_cache_free(iint_cache, iint); - if (rc == -EEXIST) { - spin_lock(&ima_iint_lock); - iint = radix_tree_lookup(&ima_iint_store, - (unsigned long)inode); - spin_unlock(&ima_iint_lock); - } else - iint = NULL; - } - radix_tree_preload_end(); - return iint; -} - -/** - * ima_inode_alloc - allocate an iint associated with an inode - * @inode: pointer to the inode - */ -int ima_inode_alloc(struct inode *inode) -{ - struct ima_iint_cache *iint; - - if (!ima_initialized) - return 0; - - iint = ima_iint_insert(inode); - if (!iint) - return -ENOMEM; - return 0; -} - -/* ima_iint_find_insert_get - get the iint associated with an inode - * - * Most insertions are done at inode_alloc, except those allocated - * before late_initcall. When the iint does not exist, allocate it, - * initialize and insert it, and increment the iint refcount. - * - * (Can't initialize at security_initcall before any inodes are - * allocated, got to wait at least until proc_init.) - * - * Return the iint. - */ -struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode) -{ - struct ima_iint_cache *iint = NULL; - iint = ima_iint_find_get(inode); - if (iint) - return iint; - - iint = ima_iint_insert(inode); - if (iint) - kref_get(&iint->refcount); + radix_tree_preload_end(); - return iint; + return rc; } -EXPORT_SYMBOL_GPL(ima_iint_find_insert_get); /* iint_free - called when the iint refcount goes to zero */ void iint_free(struct kref *kref) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b85e61bcf24..96fafc01e2c 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -161,7 +161,7 @@ int ima_path_check(struct path *path, int mask, int update_counts) if (!ima_initialized || !S_ISREG(inode->i_mode)) return 0; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return 0; @@ -219,7 +219,7 @@ static int process_measurement(struct file *file, const unsigned char *filename, if (!ima_initialized || !S_ISREG(inode->i_mode)) return 0; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return -ENOMEM; @@ -255,7 +255,7 @@ void ima_counts_put(struct path *path, int mask) */ if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) return; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return; @@ -286,7 +286,7 @@ void ima_counts_get(struct file *file) if (!ima_initialized || !S_ISREG(inode->i_mode)) return; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return; mutex_lock(&iint->mutex); -- cgit v1.2.3 From e0d5bd2aec4e69e720ee86958503923cafb45be5 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:00 -0500 Subject: IMA: clean up the IMA counts updating code We currently have a lot of duplicated code around ima file counts. Clean that all up. Signed-off-by: Eric Paris Acked-by: Serge Hallyn Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_main.c | 118 ++++++++++++++++++++++---------------- 2 files changed, 70 insertions(+), 49 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 349aabc8329..268ef57b914 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -97,7 +97,6 @@ static inline unsigned long ima_hash_key(u8 *digest) /* iint cache flags */ #define IMA_MEASURED 1 -#define IMA_IINT_DUMP_STACK 512 /* integrity data associated with an inode */ struct ima_iint_cache { diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 96fafc01e2c..e041233b4d2 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -13,8 +13,8 @@ * License. * * File: ima_main.c - * implements the IMA hooks: ima_bprm_check, ima_file_mmap, - * and ima_path_check. + * implements the IMA hooks: ima_bprm_check, ima_file_mmap, + * and ima_path_check. */ #include #include @@ -35,6 +35,69 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +/* + * Update the counts given an fmode_t + */ +static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) +{ + BUG_ON(!mutex_is_locked(&iint->mutex)); + + iint->opencount++; + if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) + iint->readcount++; + if (mode & FMODE_WRITE) + iint->writecount++; +} + +/* + * Update the counts given open flags instead of fmode + */ +static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags) +{ + ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE)); +} + +/* + * Decrement ima counts + */ +static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, + fmode_t mode) +{ + BUG_ON(!mutex_is_locked(&iint->mutex)); + + iint->opencount--; + if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) + iint->readcount--; + if (mode & FMODE_WRITE) { + iint->writecount--; + if (iint->writecount == 0) { + if (iint->version != inode->i_version) + iint->flags &= ~IMA_MEASURED; + } + } + + if ((iint->opencount < 0) || + (iint->readcount < 0) || + (iint->writecount < 0)) { + static int dumped; + + if (dumped) + return; + dumped = 1; + + printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld o:%ld)\n", + __FUNCTION__, iint->readcount, iint->writecount, + iint->opencount); + dump_stack(); + } +} + +static void ima_dec_counts_flags(struct ima_iint_cache *iint, + struct inode *inode, int flags) +{ + ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE)); +} + /** * ima_file_free - called on __fput() * @file: pointer to file structure being freed @@ -54,29 +117,7 @@ void ima_file_free(struct file *file) return; mutex_lock(&iint->mutex); - if (iint->opencount <= 0) { - printk(KERN_INFO - "%s: %s open/free imbalance (r:%ld w:%ld o:%ld f:%ld)\n", - __FUNCTION__, file->f_dentry->d_name.name, - iint->readcount, iint->writecount, - iint->opencount, atomic_long_read(&file->f_count)); - if (!(iint->flags & IMA_IINT_DUMP_STACK)) { - dump_stack(); - iint->flags |= IMA_IINT_DUMP_STACK; - } - } - iint->opencount--; - - if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) - iint->readcount--; - - if (file->f_mode & FMODE_WRITE) { - iint->writecount--; - if (iint->writecount == 0) { - if (iint->version != inode->i_version) - iint->flags &= ~IMA_MEASURED; - } - } + ima_dec_counts(iint, inode, file->f_mode); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); } @@ -116,8 +157,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, { int rc = 0; - iint->opencount++; - iint->readcount++; + ima_inc_counts(iint, file->f_mode); rc = ima_collect_measurement(iint, file); if (!rc) @@ -125,15 +165,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, return rc; } -static void ima_update_counts(struct ima_iint_cache *iint, int mask) -{ - iint->opencount++; - if ((mask & MAY_WRITE) || (mask == 0)) - iint->writecount++; - else if (mask & (MAY_READ | MAY_EXEC)) - iint->readcount++; -} - /** * ima_path_check - based on policy, collect/store measurement. * @path: contains a pointer to the path to be measured @@ -167,7 +198,7 @@ int ima_path_check(struct path *path, int mask, int update_counts) mutex_lock(&iint->mutex); if (update_counts) - ima_update_counts(iint, mask); + ima_inc_counts_flags(iint, mask); rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); if (rc < 0) @@ -260,11 +291,7 @@ void ima_counts_put(struct path *path, int mask) return; mutex_lock(&iint->mutex); - iint->opencount--; - if ((mask & MAY_WRITE) || (mask == 0)) - iint->writecount--; - else if (mask & (MAY_READ | MAY_EXEC)) - iint->readcount--; + ima_dec_counts_flags(iint, inode, mask); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); @@ -290,12 +317,7 @@ void ima_counts_get(struct file *file) if (!iint) return; mutex_lock(&iint->mutex); - iint->opencount++; - if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) - iint->readcount++; - - if (file->f_mode & FMODE_WRITE) - iint->writecount++; + ima_inc_counts(iint, file->f_mode); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); -- cgit v1.2.3 From 85a17f552dfe77efb44b971615e4f221a5f28f37 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:08 -0500 Subject: ima: call ima_inode_free ima_inode_free ima_inode_free() has some funky #define just to confuse the crap out of me. void ima_iint_delete(struct inode *inode) and then things actually call ima_inode_free() and nothing calls ima_iint_delete(). Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_iint.c | 6 ++---- 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 268ef57b914..c41afe6639a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -127,7 +127,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 2f6ab5258b1..fa592ff1ac1 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -19,8 +19,6 @@ #include #include "ima.h" -#define ima_iint_delete ima_inode_free - RADIX_TREE(ima_iint_store, GFP_ATOMIC); DEFINE_SPINLOCK(ima_iint_lock); @@ -111,12 +109,12 @@ void iint_rcu_free(struct rcu_head *rcu_head) } /** - * ima_iint_delete - called on integrity_inode_free + * ima_inode_free - called on security_inode_free * @inode: pointer to the inode * * Free the integrity information(iint) associated with an inode. */ -void ima_iint_delete(struct inode *inode) +void ima_inode_free(struct inode *inode) { struct ima_iint_cache *iint; -- cgit v1.2.3 From 1429b3eca23818f87f9fa569a15d9816de81f698 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 16 Dec 2009 06:38:01 -0500 Subject: Untangling ima mess, part 3: kill dead code in ima Kill the 'update' argument of ima_path_check(), kill dead code in ima. Current rules: ima counters are bumped at the same time when the file switches from put_filp() fodder to fput() one. Which happens exactly in two places - alloc_file() and __dentry_open(). Nothing else needs to do that at all. Signed-off-by: Al Viro --- security/integrity/ima/ima_main.c | 52 +++------------------------------------ 1 file changed, 4 insertions(+), 48 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e041233b4d2..16dc57d247d 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -49,20 +49,13 @@ static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) iint->writecount++; } -/* - * Update the counts given open flags instead of fmode - */ -static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags) -{ - ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE)); -} - /* * Decrement ima counts */ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, - fmode_t mode) + struct file *file) { + mode_t mode = file->f_mode; BUG_ON(!mutex_is_locked(&iint->mutex)); iint->opencount--; @@ -92,12 +85,6 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, } } -static void ima_dec_counts_flags(struct ima_iint_cache *iint, - struct inode *inode, int flags) -{ - ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE)); -} - /** * ima_file_free - called on __fput() * @file: pointer to file structure being freed @@ -117,7 +104,7 @@ void ima_file_free(struct file *file) return; mutex_lock(&iint->mutex); - ima_dec_counts(iint, inode, file->f_mode); + ima_dec_counts(iint, inode, file); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); } @@ -183,7 +170,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, * Always return 0 and audit dentry_open failures. * (Return code will be based upon measurement appraisal.) */ -int ima_path_check(struct path *path, int mask, int update_counts) +int ima_path_check(struct path *path, int mask) { struct inode *inode = path->dentry->d_inode; struct ima_iint_cache *iint; @@ -197,8 +184,6 @@ int ima_path_check(struct path *path, int mask, int update_counts) return 0; mutex_lock(&iint->mutex); - if (update_counts) - ima_inc_counts_flags(iint, mask); rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); if (rc < 0) @@ -268,35 +253,6 @@ out: return rc; } -/* - * ima_counts_put - decrement file counts - * - * File counts are incremented in ima_path_check. On file open - * error, such as ETXTBSY, decrement the counts to prevent - * unnecessary imbalance messages. - */ -void ima_counts_put(struct path *path, int mask) -{ - struct inode *inode = path->dentry->d_inode; - struct ima_iint_cache *iint; - - /* The inode may already have been freed, freeing the iint - * with it. Verify the inode is not NULL before dereferencing - * it. - */ - if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) - return; - iint = ima_iint_find_get(inode); - if (!iint) - return; - - mutex_lock(&iint->mutex); - ima_dec_counts_flags(iint, inode, mask); - mutex_unlock(&iint->mutex); - - kref_put(&iint->refcount, iint_free); -} - /* * ima_counts_get - increment file counts * -- cgit v1.2.3 From d1625436b4fe526fa463bc0519ba37d7e4b37bbc Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Fri, 4 Dec 2009 15:48:40 -0500 Subject: ima: limit imbalance msg Limit the number of imbalance messages to once per filesystem type instead of once per system boot. (it's actually slightly racy and could give you a couple per fs, but this isn't a real issue) Signed-off-by: Mimi Zohar Signed-off-by: Al Viro --- security/integrity/ima/ima_main.c | 62 +++++++++++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 9 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 16dc57d247d..a89f44d5e03 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -35,6 +35,55 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +struct ima_imbalance { + struct hlist_node node; + unsigned long fsmagic; +}; + +/* + * ima_limit_imbalance - emit one imbalance message per filesystem type + * + * Maintain list of filesystem types that do not measure files properly. + * Return false if unknown, true if known. + */ +static bool ima_limit_imbalance(struct file *file) +{ + static DEFINE_SPINLOCK(ima_imbalance_lock); + static HLIST_HEAD(ima_imbalance_list); + + struct super_block *sb = file->f_dentry->d_sb; + struct ima_imbalance *entry; + struct hlist_node *node; + bool found = false; + + rcu_read_lock(); + hlist_for_each_entry_rcu(entry, node, &ima_imbalance_list, node) { + if (entry->fsmagic == sb->s_magic) { + found = true; + break; + } + } + rcu_read_unlock(); + if (found) + goto out; + + entry = kmalloc(sizeof(*entry), GFP_NOFS); + if (!entry) + goto out; + entry->fsmagic = sb->s_magic; + spin_lock(&ima_imbalance_lock); + /* + * we could have raced and something else might have added this fs + * to the list, but we don't really care + */ + hlist_add_head_rcu(&entry->node, &ima_imbalance_list); + spin_unlock(&ima_imbalance_lock); + printk(KERN_INFO "IMA: unmeasured files on fsmagic: %lX\n", + entry->fsmagic); +out: + return found; +} + /* * Update the counts given an fmode_t */ @@ -69,15 +118,10 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, } } - if ((iint->opencount < 0) || - (iint->readcount < 0) || - (iint->writecount < 0)) { - static int dumped; - - if (dumped) - return; - dumped = 1; - + if (((iint->opencount < 0) || + (iint->readcount < 0) || + (iint->writecount < 0)) && + !ima_limit_imbalance(file)) { printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld o:%ld)\n", __FUNCTION__, iint->readcount, iint->writecount, iint->opencount); -- cgit v1.2.3 From fa1cc7b5a5c4171dfdcac855428295340ccf87ec Mon Sep 17 00:00:00 2001 From: Roel Kluin Date: Tue, 15 Dec 2009 15:05:12 -0800 Subject: keys: PTR_ERR return of wrong pointer in keyctl_get_security() Return the PTR_ERR of the correct pointer. Signed-off-by: Roel Kluin Signed-off-by: Andrew Morton Acked-by: David Howells Signed-off-by: James Morris --- security/keys/keyctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 06ec722897b..5f830bc6f28 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid, * have the authorisation token handy */ instkey = key_get_instantiation_authkey(keyid); if (IS_ERR(instkey)) - return PTR_ERR(key_ref); + return PTR_ERR(instkey); key_put(instkey); key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); -- cgit v1.2.3 From dd880fbe8e4792d1185a5101dc751f49eab0a509 Mon Sep 17 00:00:00 2001 From: H Hartley Sweeten Date: Tue, 15 Dec 2009 15:05:12 -0800 Subject: security/min_addr.c: make init_mmap_min_addr() static init_mmap_min_addr() is a pure_initcall and should be static. Signed-off-by: H Hartley Sweeten Signed-off-by: Andrew Morton Signed-off-by: James Morris --- security/min_addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/min_addr.c b/security/min_addr.c index fc43c9d3708..e86f297522b 100644 --- a/security/min_addr.c +++ b/security/min_addr.c @@ -43,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write, return ret; } -int __init init_mmap_min_addr(void) +static int __init init_mmap_min_addr(void) { update_mmap_min_addr(); -- cgit v1.2.3 From 6e1415467614e854fee660ff6648bd10fa976e95 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Dec 2009 19:27:45 +0000 Subject: NOMMU: Optimise away the {dac_,}mmap_min_addr tests In NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be skipped by the compiler. We do this as the minimum mmap address doesn't make any sense in NOMMU mode. mmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode. Signed-off-by: David Howells Acked-by: Eric Paris Signed-off-by: James Morris --- security/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/security/Makefile b/security/Makefile index bb44e350c61..da20a193c8d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo # always enable default capabilities -obj-y += commoncap.o min_addr.o +obj-y += commoncap.o +obj-$(CONFIG_MMU) += min_addr.o # Object file lists obj-$(CONFIG_SECURITY) += security.o capability.o -- cgit v1.2.3 From a00ae4d21b2fa9379914f270ffffd8d3bec55430 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Sun, 13 Dec 2009 20:21:34 +0100 Subject: Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support As of commit ee18d64c1f632043a02e6f5ba5e045bb26a5465f ("KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]"), CONFIG_KEYS=y fails to build on architectures that haven't implemented TIF_NOTIFY_RESUME yet: security/keys/keyctl.c: In function 'keyctl_session_to_parent': security/keys/keyctl.c:1312: error: 'TIF_NOTIFY_RESUME' undeclared (first use in this function) security/keys/keyctl.c:1312: error: (Each undeclared identifier is reported only once security/keys/keyctl.c:1312: error: for each function it appears in.) Make KEYCTL_SESSION_TO_PARENT depend on TIF_NOTIFY_RESUME until m68k, and xtensa have implemented it. Signed-off-by: Geert Uytterhoeven Signed-off-by: James Morris Acked-by: Mike Frysinger --- security/keys/keyctl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'security') diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 5f830bc6f28..e9c2e7c584d 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid, */ long keyctl_session_to_parent(void) { +#ifdef TIF_NOTIFY_RESUME struct task_struct *me, *parent; const struct cred *mycred, *pcred; struct cred *cred, *oldcred; @@ -1326,6 +1327,15 @@ not_permitted: error_keyring: key_ref_put(keyring_r); return ret; + +#else /* !TIF_NOTIFY_RESUME */ + /* + * To be removed when TIF_NOTIFY_RESUME has been implemented on + * m68k/xtensa + */ +#warning TIF_NOTIFY_RESUME not implemented + return -EOPNOTSUPP; +#endif /* !TIF_NOTIFY_RESUME */ } /*****************************************************************************/ -- cgit v1.2.3 From 5300990c0370e804e49d9a59d928c5d53fb73487 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 19 Dec 2009 10:15:07 -0500 Subject: Sanitize f_flags helpers * pull ACC_MODE to fs.h; we have several copies all over the place * nightmarish expression calculating f_mode by f_flags deserves a helper too (OPEN_FMODE(flags)) Signed-off-by: Al Viro --- security/tomoyo/file.c | 1 - 1 file changed, 1 deletion(-) (limited to 'security') diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8346938809b..9a6c58881c0 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -12,7 +12,6 @@ #include "common.h" #include "tomoyo.h" #include "realpath.h" -#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) /* * tomoyo_globally_readable_file_entry is a structure which is used for holding -- cgit v1.2.3 From 17740d89785aeb4143770923d67c293849414710 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Fri, 28 Aug 2009 10:47:16 +0200 Subject: SECURITY: selinux, fix update_rlimit_cpu parameter Don't pass current RLIMIT_RTTIME to update_rlimit_cpu() in selinux_bprm_committing_creds, since update_rlimit_cpu expects RLIMIT_CPU limit. Use proper rlim[RLIMIT_CPU].rlim_cur instead to fix that. Signed-off-by: Jiri Slaby Acked-by: James Morris Cc: Stephen Smalley Cc: Eric Paris Cc: David Howells --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7a374c2eb04..9a2ee845e9d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2365,7 +2365,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) initrlim = init_task.signal->rlim + i; rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); } - update_rlimit_cpu(rlim->rlim_cur); + update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur); } } -- cgit v1.2.3