sem/security: Pass kern_ipc_perm not sem_array into the sem security hooks

All of the implementations of security hooks that take sem_array only access sem_perm the struct kern_ipc_perm member. This means the dependencies of the sem security hooks can be simplified by passing the kern_ipc_perm member of sem_array. Making this change will allow struct sem and struct sem_array to become private to ipc/sem.c. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2018-03-22 21:52:43 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2018-03-22 22:07:51 -0400
commit: aefad9593ec5ad4aae5346253a8b646364cd7317 (patch)
tree: 98f72912460afef0280f96f14880a8219c615f65 /ipc
parent: dd206bec9a446884805370b1c16c1d7a97036777 (diff)
1 files changed, 8 insertions, 11 deletions
diff --git a/ipc/sem.c b/ipc/sem.c
index a4af04979fd2..01f5c63670ae 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -265,7 +265,7 @@ static void sem_rcu_free(struct rcu_head *head)
        struct kern_ipc_perm *p = container_of(head, struct kern_ipc_perm, rcu);
        struct sem_array *sma = container_of(p, struct sem_array, sem_perm);
-        security_sem_free(sma);
+        security_sem_free(&sma->sem_perm);
        kvfree(sma);
 }
@@ -495,7 +495,7 @@ static int newary(struct ipc_namespace *ns, struct ipc_params *params)
        sma->sem_perm.key = key;
        sma->sem_perm.security = NULL;
-        retval = security_sem_alloc(sma);
+        retval = security_sem_alloc(&sma->sem_perm);
        if (retval) {
                kvfree(sma);
                return retval;
@@ -535,10 +535,7 @@ static int newary(struct ipc_namespace *ns, struct ipc_params *params)
 */
 static inline int sem_security(struct kern_ipc_perm *ipcp, int semflg)
 {
-        struct sem_array *sma;
+        return security_sem_associate(ipcp, semflg);
-        sma = container_of(ipcp, struct sem_array, sem_perm);
-        return security_sem_associate(sma, semflg);
 }
 /*
@@ -1209,7 +1206,7 @@ static int semctl_stat(struct ipc_namespace *ns, int semid,
        if (ipcperms(ns, &sma->sem_perm, S_IRUGO))
                goto out_unlock;
-        err = security_sem_semctl(sma, cmd);
+        err = security_sem_semctl(&sma->sem_perm, cmd);
        if (err)
                goto out_unlock;
@@ -1300,7 +1297,7 @@ static int semctl_setval(struct ipc_namespace *ns, int semid, int semnum,
                return -EACCES;
        }
-        err = security_sem_semctl(sma, SETVAL);
+        err = security_sem_semctl(&sma->sem_perm, SETVAL);
        if (err) {
                rcu_read_unlock();
                return -EACCES;
@@ -1354,7 +1351,7 @@ static int semctl_main(struct ipc_namespace *ns, int semid, int semnum,
        if (ipcperms(ns, &sma->sem_perm, cmd == SETALL ? S_IWUGO : S_IRUGO))
                goto out_rcu_wakeup;
-        err = security_sem_semctl(sma, cmd);
+        err = security_sem_semctl(&sma->sem_perm, cmd);
        if (err)
                goto out_rcu_wakeup;
@@ -1545,7 +1542,7 @@ static int semctl_down(struct ipc_namespace *ns, int semid,
        sma = container_of(ipcp, struct sem_array, sem_perm);
-        err = security_sem_semctl(sma, cmd);
+        err = security_sem_semctl(&sma->sem_perm, cmd);
        if (err)
                goto out_unlock1;
@@ -1962,7 +1959,7 @@ static long do_semtimedop(int semid, struct sembuf __user *tsops,
                goto out_free;
        }
-        error = security_sem_semop(sma, sops, nsops, alter);
+        error = security_sem_semop(&sma->sem_perm, sops, nsops, alter);
        if (error) {
                rcu_read_unlock();
                goto out_free;
author	Eric W. Biederman <ebiederm@xmission.com>	2018-03-22 21:52:43 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2018-03-22 22:07:51 -0400
commit	aefad9593ec5ad4aae5346253a8b646364cd7317 (patch)
tree	98f72912460afef0280f96f14880a8219c615f65 /ipc
parent	dd206bec9a446884805370b1c16c1d7a97036777 (diff)