| Message ID | 1687986571-16823-7-git-send-email-wufan@linux.microsoft.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Integrity Policy Enforcement LSM (IPE) | expand |
On Jun 28, 2023 Fan Wu <wufan@linux.microsoft.com> wrote: > > When deleting a directory in the security file system, the existing > securityfs_remove requires the directory to be empty, otherwise > it will do nothing. This leads to a potential risk that the security > file system might be in an unclean state when the intentded deletion > did not happen. > > This commit introduces a new function securityfs_recursive_remove > to recursively delete a directory without leaving an unclean state. > > Co-developed-by: "Christian Brauner (Microsoft)" <brauner@kernel.org> > Signed-off-by: Fan Wu <wufan@linux.microsoft.com> > --- > include/linux/security.h | 1 + > security/inode.c | 25 +++++++++++++++++++++++++ > 2 files changed, 26 insertions(+) > > diff --git a/include/linux/security.h b/include/linux/security.h > index e2734e9e44d5..a88076ebc7b1 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -1971,6 +1971,7 @@ struct dentry *securityfs_create_symlink(const char *name, > const char *target, > const struct inode_operations *iops); > extern void securityfs_remove(struct dentry *dentry); > +extern void securityfs_recursive_remove(struct dentry *dentry); > > #else /* CONFIG_SECURITYFS */ > > diff --git a/security/inode.c b/security/inode.c > index 6c326939750d..13358e8547e8 100644 > --- a/security/inode.c > +++ b/security/inode.c > @@ -313,6 +313,31 @@ void securityfs_remove(struct dentry *dentry) > } > EXPORT_SYMBOL_GPL(securityfs_remove); > > +static void remove_one(struct dentry *victim) > +{ > + simple_release_fs(&mount, &mount_count); > +} > + > +/** > + * securityfs_recursive_remove - recursively removes a file or directory from the securityfs filesystem I really want to see lines less than or equal to 80 characters; I would suggest this: "securityfs_recursive_remove - recursively removes a file or directory" > + * @dentry: a pointer to a the dentry of the file or directory to be removed. > + * > + * This function recursively removes a file or directory in securityfs that was > + * previously created with a call to another securityfs function (like > + * securityfs_create_file() or variants thereof.) > + */ > +void securityfs_recursive_remove(struct dentry *dentry) > +{ > + if (IS_ERR_OR_NULL(dentry)) > + return; > + > + simple_pin_fs(&fs_type, &mount, &mount_count); > + simple_recursive_removal(dentry, remove_one); > + simple_release_fs(&mount, &mount_count); > +} > +EXPORT_SYMBOL_GPL(securityfs_recursive_remove); > + > #ifdef CONFIG_SECURITY > static struct dentry *lsm_dentry; > static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count, > -- > 2.25.1 -- paul-moore.com
On Sat, Jul 08, 2023 at 12:23:03AM -0400, Paul Moore wrote: > On Jun 28, 2023 Fan Wu <wufan@linux.microsoft.com> wrote: > > > > When deleting a directory in the security file system, the existing > > securityfs_remove requires the directory to be empty, otherwise > > it will do nothing. This leads to a potential risk that the security > > file system might be in an unclean state when the intentded deletion > > did not happen. > > > > This commit introduces a new function securityfs_recursive_remove > > to recursively delete a directory without leaving an unclean state. > > > > Co-developed-by: "Christian Brauner (Microsoft)" <brauner@kernel.org> > > Signed-off-by: Fan Wu <wufan@linux.microsoft.com> > > --- > > include/linux/security.h | 1 + > > security/inode.c | 25 +++++++++++++++++++++++++ > > 2 files changed, 26 insertions(+) > > > > diff --git a/include/linux/security.h b/include/linux/security.h > > index e2734e9e44d5..a88076ebc7b1 100644 > > --- a/include/linux/security.h > > +++ b/include/linux/security.h > > @@ -1971,6 +1971,7 @@ struct dentry *securityfs_create_symlink(const char *name, > > const char *target, > > const struct inode_operations *iops); > > extern void securityfs_remove(struct dentry *dentry); > > +extern void securityfs_recursive_remove(struct dentry *dentry); > > > > #else /* CONFIG_SECURITYFS */ > > > > diff --git a/security/inode.c b/security/inode.c > > index 6c326939750d..13358e8547e8 100644 > > --- a/security/inode.c > > +++ b/security/inode.c > > @@ -313,6 +313,31 @@ void securityfs_remove(struct dentry *dentry) > > } > > EXPORT_SYMBOL_GPL(securityfs_remove); > > > > +static void remove_one(struct dentry *victim) > > +{ > > + simple_release_fs(&mount, &mount_count); > > +} > > + > > +/** > > + * securityfs_recursive_remove - recursively removes a file or directory from the securityfs filesystem > > I really want to see lines less than or equal to 80 characters; I > would suggest this: > > "securityfs_recursive_remove - recursively removes a file or directory" > Thanks for the suggestion, I will make the change accordingly. -Fan > > + * @dentry: a pointer to a the dentry of the file or directory to be removed. > > + * > > + * This function recursively removes a file or directory in securityfs that was > > + * previously created with a call to another securityfs function (like > > + * securityfs_create_file() or variants thereof.) > > + */ > > +void securityfs_recursive_remove(struct dentry *dentry) > > +{ > > + if (IS_ERR_OR_NULL(dentry)) > > + return; > > + > > + simple_pin_fs(&fs_type, &mount, &mount_count); > > + simple_recursive_removal(dentry, remove_one); > > + simple_release_fs(&mount, &mount_count); > > +} > > +EXPORT_SYMBOL_GPL(securityfs_recursive_remove); > > + > > #ifdef CONFIG_SECURITY > > static struct dentry *lsm_dentry; > > static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count, > > -- > > 2.25.1 > > -- > paul-moore.com
diff --git a/include/linux/security.h b/include/linux/security.h index e2734e9e44d5..a88076ebc7b1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1971,6 +1971,7 @@ struct dentry *securityfs_create_symlink(const char *name, const char *target, const struct inode_operations *iops); extern void securityfs_remove(struct dentry *dentry); +extern void securityfs_recursive_remove(struct dentry *dentry); #else /* CONFIG_SECURITYFS */ diff --git a/security/inode.c b/security/inode.c index 6c326939750d..13358e8547e8 100644 --- a/security/inode.c +++ b/security/inode.c @@ -313,6 +313,31 @@ void securityfs_remove(struct dentry *dentry) } EXPORT_SYMBOL_GPL(securityfs_remove); +static void remove_one(struct dentry *victim) +{ + simple_release_fs(&mount, &mount_count); +} + +/** + * securityfs_recursive_remove - recursively removes a file or directory from the securityfs filesystem + * + * @dentry: a pointer to a the dentry of the file or directory to be removed. + * + * This function recursively removes a file or directory in securityfs that was + * previously created with a call to another securityfs function (like + * securityfs_create_file() or variants thereof.) + */ +void securityfs_recursive_remove(struct dentry *dentry) +{ + if (IS_ERR_OR_NULL(dentry)) + return; + + simple_pin_fs(&fs_type, &mount, &mount_count); + simple_recursive_removal(dentry, remove_one); + simple_release_fs(&mount, &mount_count); +} +EXPORT_SYMBOL_GPL(securityfs_recursive_remove); + #ifdef CONFIG_SECURITY static struct dentry *lsm_dentry; static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,
When deleting a directory in the security file system, the existing securityfs_remove requires the directory to be empty, otherwise it will do nothing. This leads to a potential risk that the security file system might be in an unclean state when the intentded deletion did not happen. This commit introduces a new function securityfs_recursive_remove to recursively delete a directory without leaving an unclean state. Co-developed-by: Christian Brauner (Microsoft) <brauner@kernel.org> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> --- v1-v8: + Not present v9: + Introduced v10: + No changes --- include/linux/security.h | 1 + security/inode.c | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+)