From patchwork Mon Aug 29 11:45:59 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sargun Dhillon X-Patchwork-Id: 9303675 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 60318607F0 for ; Mon, 29 Aug 2016 11:46:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 526CD285E2 for ; Mon, 29 Aug 2016 11:46:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 47184287B6; Mon, 29 Aug 2016 11:46:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CCC8F285E2 for ; Mon, 29 Aug 2016 11:46:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932866AbcH2LqC (ORCPT ); Mon, 29 Aug 2016 07:46:02 -0400 Received: from mail-it0-f43.google.com ([209.85.214.43]:33278 "EHLO mail-it0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932849AbcH2LqB (ORCPT ); Mon, 29 Aug 2016 07:46:01 -0400 Received: by mail-it0-f43.google.com with SMTP id j128so15486389ith.0 for ; Mon, 29 Aug 2016 04:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sargun.me; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=g4BV50SpTL9vv4zjq/gxr/LKkKBTL5FDRGrTo1ELIzg=; b=DJq6a8f6WuYYffby9dpLajhPJ+oTryjYJ7d6fID7I1Cs5TjmvPwgr6ix0FsBtB7iY/ 6iIra5AsVPHzW0o4ZbjhDjMihNydpHvfdZ3XRdUFRk0z+gzt2Nogy8vZ4ta6OwUzemdF +e4I1OV3hJe5Ieh+ZKsC2JKRrzj+2VtxbURVg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=g4BV50SpTL9vv4zjq/gxr/LKkKBTL5FDRGrTo1ELIzg=; b=gZ/TsQ3D+FAxNNYlTNLeekjWCo/9twNO0s34dxBNqg7mqQR2IiJWpLdAxjHmHtI7so OKs37S+L+gXmGhL1zWGJ2ycXv/l24RhfRF2nOJtdu//KHEY00DBKk+W0qbSqWYGYrJCL w2VOju8pMvywJm8X2jF129TLtdi3CAzEpJM8mAp+reegTJvF3Y8IFOz3jzLd1fhpJJtJ KvnuzhwY+hQSVdk/KguRJ1Smd10bxdPbVHbhBEdreZ2ZgmN3oE4yH87FckRatdK8z3wB 8hyzB7hzZGCbk/aSSLEpkifYWwqTyQa6Fsg8Y2jrbXqMk2boNg4k+tR73xwGxWMeT6vX HQQg== X-Gm-Message-State: AE9vXwOIZOf7gm9SVUuFUuTeMGKNeufKuxvicYhCTWd/AvlOY34W/ZQUL8bhFrBkQcivwQ== X-Received: by 10.36.200.134 with SMTP id w128mr15726114itf.92.1472471160863; Mon, 29 Aug 2016 04:46:00 -0700 (PDT) Received: from ircssh.c.rugged-nimbus-611.internal (55.145.251.23.bc.googleusercontent.com. [23.251.145.55]) by smtp.gmail.com with ESMTPSA id o5sm6006510ith.20.2016.08.29.04.46.00 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Mon, 29 Aug 2016 04:46:00 -0700 (PDT) Date: Mon, 29 Aug 2016 04:45:59 -0700 From: Sargun Dhillon To: netdev@vger.kernel.org Cc: cgroups@vger.kernel.org, linux-security-module@vger.kernel.org, daniel@iogearbox.net, ast@fb.com Subject: [net-next RFC v2 1/9] net: Make cgroup sk data present when calling security_sk_(alloc/free) Message-ID: <20160829114557.GA20842@ircssh.c.rugged-nimbus-611.internal> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This patch changes the order of allocations / calls to allocate the sock_cgroup_data before calling security_sk_alloc. In addition, this patch also reorders the deallocation when calling security_sk_free so that LSMs can examine the cgroup that a particular sk belongs to. Signed-off-by: Sarguun Dhillon --- net/core/sock.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/core/sock.c b/net/core/sock.c index 51a7304..3f12f4d 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -1333,6 +1333,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority, if (sk != NULL) { kmemcheck_annotate_bitfield(sk, flags); + cgroup_sk_alloc(&sk->sk_cgrp_data); if (security_sk_alloc(sk, family, priority)) goto out_free; @@ -1340,7 +1341,6 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority, if (!try_module_get(prot->owner)) goto out_free_sec; sk_tx_queue_clear(sk); - cgroup_sk_alloc(&sk->sk_cgrp_data); } return sk; @@ -1348,6 +1348,7 @@ static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority, out_free_sec: security_sk_free(sk); out_free: + cgroup_sk_free(&sk->sk_cgrp_data); if (slab != NULL) kmem_cache_free(slab, sk); else @@ -1363,8 +1364,8 @@ static void sk_prot_free(struct proto *prot, struct sock *sk) owner = prot->owner; slab = prot->slab; - cgroup_sk_free(&sk->sk_cgrp_data); security_sk_free(sk); + cgroup_sk_free(&sk->sk_cgrp_data); if (slab != NULL) kmem_cache_free(slab, sk); else