diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-12-14 16:57:44 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-12-14 16:57:44 -0500 |
| commit | 683b96f4d1d132fcefa4a0bd11916649800d7361 (patch) | |
| tree | 95ba7e1c1edc15639be080773b4c32d2be60b0a4 /fs/proc/base.c | |
| parent | 0f1d6dfe03ca4e36132221b918499c6f0b0f048d (diff) | |
| parent | 50523a29d900d5a403e0352d3d7aeda6a33df25c (diff) | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris:
"Generally pretty quiet for this release. Highlights:
Yama:
- allow ptrace access for original parent after re-parenting
TPM:
- add documentation
- many bugfixes & cleanups
- define a generic open() method for ascii & bios measurements
Integrity:
- Harden against malformed xattrs
SELinux:
- bugfixes & cleanups
Smack:
- Remove unnecessary smack_known_invalid label
- Do not apply star label in smack_setprocattr hook
- parse mnt opts after privileges check (fixes unpriv DoS vuln)"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (56 commits)
Yama: allow access for the current ptrace parent
tpm: adjust return value of tpm_read_log
tpm: vtpm_proxy: conditionally call tpm_chip_unregister
tpm: Fix handling of missing event log
tpm: Check the bios_dir entry for NULL before accessing it
tpm: return -ENODEV if np is not set
tpm: cleanup of printk error messages
tpm: replace of_find_node_by_name() with dev of_node property
tpm: redefine read_log() to handle ACPI/OF at runtime
tpm: fix the missing .owner in tpm_bios_measurements_ops
tpm: have event log use the tpm_chip
tpm: drop tpm1_chip_register(/unregister)
tpm: replace dynamically allocated bios_dir with a static array
tpm: replace symbolic permission with octal for securityfs files
char: tpm: fix kerneldoc tpm2_unseal_trusted name typo
tpm_tis: Allow tpm_tis to be bound using DT
tpm, tpm_vtpm_proxy: add kdoc comments for VTPM_PROXY_IOC_NEW_DEV
tpm: Only call pm_runtime_get_sync if device has a parent
tpm: define a generic open() method for ascii & bios measurements
Documentation: tpm: add the Physical TPM device tree binding documentation
...
Diffstat (limited to 'fs/proc/base.c')
| -rw-r--r-- | fs/proc/base.c | 23 |
1 files changed, 9 insertions, 14 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c index 9b99df4893a4..2e5b2e379cdf 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c | |||
| @@ -1667,7 +1667,8 @@ const struct inode_operations proc_pid_link_inode_operations = { | |||
| 1667 | 1667 | ||
| 1668 | /* building an inode */ | 1668 | /* building an inode */ |
| 1669 | 1669 | ||
| 1670 | struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *task) | 1670 | struct inode *proc_pid_make_inode(struct super_block * sb, |
| 1671 | struct task_struct *task, umode_t mode) | ||
| 1671 | { | 1672 | { |
| 1672 | struct inode * inode; | 1673 | struct inode * inode; |
| 1673 | struct proc_inode *ei; | 1674 | struct proc_inode *ei; |
| @@ -1681,6 +1682,7 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t | |||
| 1681 | 1682 | ||
| 1682 | /* Common stuff */ | 1683 | /* Common stuff */ |
| 1683 | ei = PROC_I(inode); | 1684 | ei = PROC_I(inode); |
| 1685 | inode->i_mode = mode; | ||
| 1684 | inode->i_ino = get_next_ino(); | 1686 | inode->i_ino = get_next_ino(); |
| 1685 | inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); | 1687 | inode->i_mtime = inode->i_atime = inode->i_ctime = current_time(inode); |
| 1686 | inode->i_op = &proc_def_inode_operations; | 1688 | inode->i_op = &proc_def_inode_operations; |
| @@ -2007,7 +2009,9 @@ proc_map_files_instantiate(struct inode *dir, struct dentry *dentry, | |||
| 2007 | struct proc_inode *ei; | 2009 | struct proc_inode *ei; |
| 2008 | struct inode *inode; | 2010 | struct inode *inode; |
| 2009 | 2011 | ||
| 2010 | inode = proc_pid_make_inode(dir->i_sb, task); | 2012 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFLNK | |
| 2013 | ((mode & FMODE_READ ) ? S_IRUSR : 0) | | ||
| 2014 | ((mode & FMODE_WRITE) ? S_IWUSR : 0)); | ||
| 2011 | if (!inode) | 2015 | if (!inode) |
| 2012 | return -ENOENT; | 2016 | return -ENOENT; |
| 2013 | 2017 | ||
| @@ -2016,12 +2020,6 @@ proc_map_files_instantiate(struct inode *dir, struct dentry *dentry, | |||
| 2016 | 2020 | ||
| 2017 | inode->i_op = &proc_map_files_link_inode_operations; | 2021 | inode->i_op = &proc_map_files_link_inode_operations; |
| 2018 | inode->i_size = 64; | 2022 | inode->i_size = 64; |
| 2019 | inode->i_mode = S_IFLNK; | ||
| 2020 | |||
| 2021 | if (mode & FMODE_READ) | ||
| 2022 | inode->i_mode |= S_IRUSR; | ||
| 2023 | if (mode & FMODE_WRITE) | ||
| 2024 | inode->i_mode |= S_IWUSR; | ||
| 2025 | 2023 | ||
| 2026 | d_set_d_op(dentry, &tid_map_files_dentry_operations); | 2024 | d_set_d_op(dentry, &tid_map_files_dentry_operations); |
| 2027 | d_add(dentry, inode); | 2025 | d_add(dentry, inode); |
| @@ -2375,12 +2373,11 @@ static int proc_pident_instantiate(struct inode *dir, | |||
| 2375 | struct inode *inode; | 2373 | struct inode *inode; |
| 2376 | struct proc_inode *ei; | 2374 | struct proc_inode *ei; |
| 2377 | 2375 | ||
| 2378 | inode = proc_pid_make_inode(dir->i_sb, task); | 2376 | inode = proc_pid_make_inode(dir->i_sb, task, p->mode); |
| 2379 | if (!inode) | 2377 | if (!inode) |
| 2380 | goto out; | 2378 | goto out; |
| 2381 | 2379 | ||
| 2382 | ei = PROC_I(inode); | 2380 | ei = PROC_I(inode); |
| 2383 | inode->i_mode = p->mode; | ||
| 2384 | if (S_ISDIR(inode->i_mode)) | 2381 | if (S_ISDIR(inode->i_mode)) |
| 2385 | set_nlink(inode, 2); /* Use getattr to fix if necessary */ | 2382 | set_nlink(inode, 2); /* Use getattr to fix if necessary */ |
| 2386 | if (p->iop) | 2383 | if (p->iop) |
| @@ -3062,11 +3059,10 @@ static int proc_pid_instantiate(struct inode *dir, | |||
| 3062 | { | 3059 | { |
| 3063 | struct inode *inode; | 3060 | struct inode *inode; |
| 3064 | 3061 | ||
| 3065 | inode = proc_pid_make_inode(dir->i_sb, task); | 3062 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | S_IXUGO); |
| 3066 | if (!inode) | 3063 | if (!inode) |
| 3067 | goto out; | 3064 | goto out; |
| 3068 | 3065 | ||
| 3069 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | ||
| 3070 | inode->i_op = &proc_tgid_base_inode_operations; | 3066 | inode->i_op = &proc_tgid_base_inode_operations; |
| 3071 | inode->i_fop = &proc_tgid_base_operations; | 3067 | inode->i_fop = &proc_tgid_base_operations; |
| 3072 | inode->i_flags|=S_IMMUTABLE; | 3068 | inode->i_flags|=S_IMMUTABLE; |
| @@ -3354,11 +3350,10 @@ static int proc_task_instantiate(struct inode *dir, | |||
| 3354 | struct dentry *dentry, struct task_struct *task, const void *ptr) | 3350 | struct dentry *dentry, struct task_struct *task, const void *ptr) |
| 3355 | { | 3351 | { |
| 3356 | struct inode *inode; | 3352 | struct inode *inode; |
| 3357 | inode = proc_pid_make_inode(dir->i_sb, task); | 3353 | inode = proc_pid_make_inode(dir->i_sb, task, S_IFDIR | S_IRUGO | S_IXUGO); |
| 3358 | 3354 | ||
| 3359 | if (!inode) | 3355 | if (!inode) |
| 3360 | goto out; | 3356 | goto out; |
| 3361 | inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO; | ||
| 3362 | inode->i_op = &proc_tid_base_inode_operations; | 3357 | inode->i_op = &proc_tid_base_inode_operations; |
| 3363 | inode->i_fop = &proc_tid_base_operations; | 3358 | inode->i_fop = &proc_tid_base_operations; |
| 3364 | inode->i_flags|=S_IMMUTABLE; | 3359 | inode->i_flags|=S_IMMUTABLE; |