Message ID | 20191216223621.5127-17-casey@schaufler-ca.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v12,01/25] LSM: Infrastructure management of the sock security | expand |
On 12/16/19 5:36 PM, Casey Schaufler wrote: > Change the security_dentry_init_security() interface to > fill an lsmcontext structure instead of a void * data area > and a length. The lone caller of this interface is NFS4, > which may make copies of the data using its own mechanisms. > A rework of the nfs4 code to use the lsmcontext properly > is a significant project, so the coward's way out is taken, > and the lsmcontext data from security_dentry_init_security() > is copied, then released directly. > > This interface does not use the "display". There is currently > not case where that is useful or reasonable. > > Reviewed-by: Kees Cook <keescook@chromium.org> > Reviewed-by: John Johansen <john.johansen@canonical.com> > Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> > --- > fs/nfs/nfs4proc.c | 26 ++++++++++++++++---------- > include/linux/security.h | 7 +++---- > security/security.c | 29 +++++++++++++++++++++++++---- > 3 files changed, 44 insertions(+), 18 deletions(-) > > diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c > index a30e36654c57..78d63f7f0088 100644 > --- a/fs/nfs/nfs4proc.c > +++ b/fs/nfs/nfs4proc.c > @@ -112,6 +112,7 @@ static inline struct nfs4_label * > nfs4_label_init_security(struct inode *dir, struct dentry *dentry, > struct iattr *sattr, struct nfs4_label *label) > { > + struct lsmcontext context; > int err; > > if (label == NULL) > @@ -121,21 +122,26 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, > return NULL; > > err = security_dentry_init_security(dentry, sattr->ia_mode, > - &dentry->d_name, (void **)&label->label, &label->len); > - if (err == 0) > - return label; > + &dentry->d_name, &context); > + > + if (err) > + return NULL; > + > + label->label = kmemdup(context.context, context.len, GFP_KERNEL); This seems unfortunate; it introduces an extra allocation/copy of the context. I'd prefer to avoid it. Also wondering if GFP_KERNEL is always safe here. > + if (label->label == NULL) > + label = NULL; > + else > + label->len = context.len; > + > + security_release_secctx(&context); > + > + return label; > > - return NULL; > } > static inline void > nfs4_label_release_security(struct nfs4_label *label) > { > - struct lsmcontext scaff; /* scaffolding */ > - > - if (label) { > - lsmcontext_init(&scaff, label->label, label->len, 0); > - security_release_secctx(&scaff); > - } > + kfree(label->label); > } > static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) > { > diff --git a/include/linux/security.h b/include/linux/security.h > index 00421941f683..a5eba06a9382 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -398,8 +398,8 @@ int security_add_mnt_opt(const char *option, const char *val, > int len, void **mnt_opts); > int security_move_mount(const struct path *from_path, const struct path *to_path); > int security_dentry_init_security(struct dentry *dentry, int mode, > - const struct qstr *name, void **ctx, > - u32 *ctxlen); > + const struct qstr *name, > + struct lsmcontext *ctx); > int security_dentry_create_files_as(struct dentry *dentry, int mode, > struct qstr *name, > const struct cred *old, > @@ -790,8 +790,7 @@ static inline void security_inode_free(struct inode *inode) > static inline int security_dentry_init_security(struct dentry *dentry, > int mode, > const struct qstr *name, > - void **ctx, > - u32 *ctxlen) > + struct lsmcontext *ctx) > { > return -EOPNOTSUPP; > } > diff --git a/security/security.c b/security/security.c > index 4ba1a6ed36e0..8aa107b57af9 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -1011,12 +1011,33 @@ void security_inode_free(struct inode *inode) > inode_free_by_rcu); > } > > +/* > + * security_dentry_init_security - initial context for a dentry > + * @dentry: directory entry > + * @mode: access mode > + * @name: path name > + * @context: resulting security context > + * > + * Use at most one security module to get the initial > + * security context. Do not use the "display". > + * > + * Returns -EOPNOTSUPP if not supplied by any module or the module result. > + */ > int security_dentry_init_security(struct dentry *dentry, int mode, > - const struct qstr *name, void **ctx, > - u32 *ctxlen) > + const struct qstr *name, > + struct lsmcontext *cp) > { > - return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, > - name, ctx, ctxlen); > + struct security_hook_list *hp; > + > + hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security, > + list) { > + cp->slot = hp->lsmid->slot; > + return hp->hook.dentry_init_security(dentry, mode, name, > + (void **)&cp->context, > + &cp->len); > + } > + > + return -EOPNOTSUPP; > } > EXPORT_SYMBOL(security_dentry_init_security); > >
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c index a30e36654c57..78d63f7f0088 100644 --- a/fs/nfs/nfs4proc.c +++ b/fs/nfs/nfs4proc.c @@ -112,6 +112,7 @@ static inline struct nfs4_label * nfs4_label_init_security(struct inode *dir, struct dentry *dentry, struct iattr *sattr, struct nfs4_label *label) { + struct lsmcontext context; int err; if (label == NULL) @@ -121,21 +122,26 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry, return NULL; err = security_dentry_init_security(dentry, sattr->ia_mode, - &dentry->d_name, (void **)&label->label, &label->len); - if (err == 0) - return label; + &dentry->d_name, &context); + + if (err) + return NULL; + + label->label = kmemdup(context.context, context.len, GFP_KERNEL); + if (label->label == NULL) + label = NULL; + else + label->len = context.len; + + security_release_secctx(&context); + + return label; - return NULL; } static inline void nfs4_label_release_security(struct nfs4_label *label) { - struct lsmcontext scaff; /* scaffolding */ - - if (label) { - lsmcontext_init(&scaff, label->label, label->len, 0); - security_release_secctx(&scaff); - } + kfree(label->label); } static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label) { diff --git a/include/linux/security.h b/include/linux/security.h index 00421941f683..a5eba06a9382 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -398,8 +398,8 @@ int security_add_mnt_opt(const char *option, const char *val, int len, void **mnt_opts); int security_move_mount(const struct path *from_path, const struct path *to_path); int security_dentry_init_security(struct dentry *dentry, int mode, - const struct qstr *name, void **ctx, - u32 *ctxlen); + const struct qstr *name, + struct lsmcontext *ctx); int security_dentry_create_files_as(struct dentry *dentry, int mode, struct qstr *name, const struct cred *old, @@ -790,8 +790,7 @@ static inline void security_inode_free(struct inode *inode) static inline int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, - void **ctx, - u32 *ctxlen) + struct lsmcontext *ctx) { return -EOPNOTSUPP; } diff --git a/security/security.c b/security/security.c index 4ba1a6ed36e0..8aa107b57af9 100644 --- a/security/security.c +++ b/security/security.c @@ -1011,12 +1011,33 @@ void security_inode_free(struct inode *inode) inode_free_by_rcu); } +/* + * security_dentry_init_security - initial context for a dentry + * @dentry: directory entry + * @mode: access mode + * @name: path name + * @context: resulting security context + * + * Use at most one security module to get the initial + * security context. Do not use the "display". + * + * Returns -EOPNOTSUPP if not supplied by any module or the module result. + */ int security_dentry_init_security(struct dentry *dentry, int mode, - const struct qstr *name, void **ctx, - u32 *ctxlen) + const struct qstr *name, + struct lsmcontext *cp) { - return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, - name, ctx, ctxlen); + struct security_hook_list *hp; + + hlist_for_each_entry(hp, &security_hook_heads.dentry_init_security, + list) { + cp->slot = hp->lsmid->slot; + return hp->hook.dentry_init_security(dentry, mode, name, + (void **)&cp->context, + &cp->len); + } + + return -EOPNOTSUPP; } EXPORT_SYMBOL(security_dentry_init_security);