SMACK: Free the i_security blob in inode using RCU

There is race condition issue while freeing the i_security blob in SMACK module. There is existing condition where i_security can be freed while inode_permission is called from path lookup on second CPU. There has been observed the page fault with such condition. VFS code and Selinux module takes care of this condition by freeing the inode and i_security field using RCU via call_rcu(). But in SMACK directly the i_secuirty blob is being freed. Use call_rcu() to fix this race condition issue. Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com> Signed-off-by: Vishal Goel <vishal.goel@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
author: Himanshu Shukla <himanshu.sh@samsung.com> 2016-11-23 11:59:19 +0530
committer: Casey Schaufler <casey@schaufler-ca.com> 2017-01-10 09:47:20 -0800
commit: 3d4f673a6988f57e6f6ccd1a3b79eee171545e08 (patch)
tree: 9247044b309b7395a75f92b4e9247adad3eb6e5a /security/smack/smack.h
parent: d54a197964e7eb636a0c64fb0dbdd67759eb71f2 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h
index 2fac3b5bf44a..612b810fbbc6 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -114,6 +114,7 @@ struct inode_smack {
 	struct smack_known	*smk_mmap;	/* label of the mmap domain */
 	struct mutex		smk_lock;	/* initialization lock */
 	int			smk_flags;	/* smack inode flags */
+	struct rcu_head         smk_rcu;	/* for freeing inode_smack */
 };
 
 struct task_smack {
author	Himanshu Shukla <himanshu.sh@samsung.com>	2016-11-23 11:59:19 +0530
committer	Casey Schaufler <casey@schaufler-ca.com>	2017-01-10 09:47:20 -0800
commit	3d4f673a6988f57e6f6ccd1a3b79eee171545e08 (patch)
tree	9247044b309b7395a75f92b4e9247adad3eb6e5a /security/smack/smack.h
parent	d54a197964e7eb636a0c64fb0dbdd67759eb71f2 (diff)