diff options
author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-04-14 09:21:47 -0400 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2013-06-20 07:47:49 -0400 |
commit | 37ec43cdc4c776bd39aae469fdfa494bdf0344c7 (patch) | |
tree | 589b7010500c1a159ef25a6d4ce71d91c5ab765e /mm/shmem.c | |
parent | 8912176ce04368d3a0699860c5a0cc64c49a1eba (diff) | |
download | linux-stable-37ec43cdc4c776bd39aae469fdfa494bdf0344c7.tar.gz linux-stable-37ec43cdc4c776bd39aae469fdfa494bdf0344c7.tar.bz2 linux-stable-37ec43cdc4c776bd39aae469fdfa494bdf0344c7.zip |
evm: calculate HMAC after initializing posix acl on tmpfs
Included in the EVM hmac calculation is the i_mode. Any changes to
the i_mode need to be reflected in the hmac. shmem_mknod() currently
calls generic_acl_init(), which modifies the i_mode, after calling
security_inode_init_security(). This patch reverses the order in
which they are called.
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Hugh Dickins <hughd@google.com>
Diffstat (limited to 'mm/shmem.c')
-rw-r--r-- | mm/shmem.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/mm/shmem.c b/mm/shmem.c index 5e6a8422658b..a8e10722f8dc 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1939,6 +1939,13 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) inode = shmem_get_inode(dir->i_sb, dir, mode, dev, VM_NORESERVE); if (inode) { +#ifdef CONFIG_TMPFS_POSIX_ACL + error = generic_acl_init(inode, dir); + if (error) { + iput(inode); + return error; + } +#endif error = security_inode_init_security(inode, dir, &dentry->d_name, shmem_initxattrs, NULL); @@ -1948,15 +1955,8 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) return error; } } -#ifdef CONFIG_TMPFS_POSIX_ACL - error = generic_acl_init(inode, dir); - if (error) { - iput(inode); - return error; - } -#else + error = 0; -#endif dir->i_size += BOGO_DIRENT_SIZE; dir->i_ctime = dir->i_mtime = CURRENT_TIME; d_instantiate(dentry, inode); |