diff options
| author | NeilBrown <neilb@suse.de> | 2015-03-23 13:37:39 +1100 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2015-05-11 08:13:11 -0400 |
| commit | bda0be7ad994812960e9f8f2d2757f72cb4a96cb (patch) | |
| tree | f769e7c4511b64432438f82a8426248e75a8ad7b /fs/namei.c | |
| parent | 7b20ea2579238f5e0da4bc93276c1b63c960c9ef (diff) | |
| download | linux-bda0be7ad994812960e9f8f2d2757f72cb4a96cb.tar.gz linux-bda0be7ad994812960e9f8f2d2757f72cb4a96cb.tar.bz2 linux-bda0be7ad994812960e9f8f2d2757f72cb4a96cb.zip | |
security: make inode_follow_link RCU-walk aware
inode_follow_link now takes an inode and rcu flag as well as the
dentry.
inode is used in preference to d_backing_inode(dentry), particularly
in RCU-walk mode.
selinux_inode_follow_link() gets dentry_has_perm() and
inode_has_perm() open-coded into it so that it can call
avc_has_perm_flags() in way that is safe if LOOKUP_RCU is set.
Calling avc_has_perm_flags() with rcu_read_lock() held means
that when avc_has_perm_noaudit calls avc_compute_av(), the attempt
to rcu_read_unlock() before calling security_compute_av() will not
actually drop the RCU read-lock.
However as security_compute_av() is completely in a read_lock()ed
region, it should be safe with the RCU read-lock held.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs/namei.c')
| -rw-r--r-- | fs/namei.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/namei.c b/fs/namei.c index 33b655de0ec0..0fa7af23cff6 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -881,8 +881,9 @@ const char *get_link(struct nameidata *nd) touch_atime(&last->link); - error = security_inode_follow_link(dentry); - if (error) + error = security_inode_follow_link(dentry, inode, + nd->flags & LOOKUP_RCU); + if (unlikely(error)) return ERR_PTR(error); nd->last_type = LAST_BIND; |