LSM: Infrastructure management of the file security

Move management of the file->f_security blob out of the
individual security modules and into the infrastructure.
The modules no longer allocate or free the data, instead
they tell the infrastructure how much space they require.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
[kees: adjusted for ordered init series]
Signed-off-by: Kees Cook <keescook@chromium.org>

1 files changed, 51 insertions, 3 deletions

diff --git a/security/security.c b/security/security.c
index 09be8ce007a2..f32d7d2075c6 100644
--- a/security/security.c
+++ b/security/security.c
@@ -40,6 +40,8 @@
 struct security_hook_heads security_hook_heads __lsm_ro_after_init;
 static ATOMIC_NOTIFIER_HEAD(lsm_notifier_chain);
 
+static struct kmem_cache *lsm_file_cache;
+
 char *lsm_names;
 static struct lsm_blob_sizes blob_sizes __lsm_ro_after_init;
 
@@ -158,6 +160,7 @@ static void __init lsm_set_blob_sizes(struct lsm_blob_sizes *needed)
                 return;
 
         lsm_set_blob_size(&needed->lbs_cred, &blob_sizes.lbs_cred);
+        lsm_set_blob_size(&needed->lbs_file, &blob_sizes.lbs_file);
 }
 
 /* Prepare LSM for initialization. */
@@ -279,6 +282,15 @@ static void __init ordered_lsm_init(void)
                 prepare_lsm(*lsm);
 
         init_debug("cred blob size     = %d\n", blob_sizes.lbs_cred);
+        init_debug("file blob size     = %d\n", blob_sizes.lbs_file);
+
+        /*
+         * Create any kmem_caches needed for blobs
+         */
+        if (blob_sizes.lbs_file)
+                lsm_file_cache = kmem_cache_create("lsm_file_cache",
+                                                   blob_sizes.lbs_file, 0,
+                                                   SLAB_PANIC, NULL);
 
         for (lsm = ordered_lsms; *lsm; lsm++)
                 initialize_lsm(*lsm);
@@ -448,6 +460,27 @@ void __init lsm_early_cred(struct cred *cred)
                 panic("%s: Early cred alloc failed.\n", __func__);
 }
 
+/**
+ * lsm_file_alloc - allocate a composite file blob
+ * @file: the file that needs a blob
+ *
+ * Allocate the file blob for all the modules
+ *
+ * Returns 0, or -ENOMEM if memory can't be allocated.
+ */
+static int lsm_file_alloc(struct file *file)
+{
+        if (!lsm_file_cache) {
+                file->f_security = NULL;
+                return 0;
+        }
+
+        file->f_security = kmem_cache_zalloc(lsm_file_cache, GFP_KERNEL);
+        if (file->f_security == NULL)
+                return -ENOMEM;
+        return 0;
+}
+
 /*
  * Hook list operation macros.
  *
@@ -1144,12 +1177,27 @@ int security_file_permission(struct file *file, int mask)
 
 int security_file_alloc(struct file *file)
 {
-        return call_int_hook(file_alloc_security, 0, file);
+        int rc = lsm_file_alloc(file);
+
+        if (rc)
+                return rc;
+        rc = call_int_hook(file_alloc_security, 0, file);
+        if (unlikely(rc))
+                security_file_free(file);
+        return rc;
 }
 
 void security_file_free(struct file *file)
 {
+        void *blob;
+
         call_void_hook(file_free_security, file);
+
+        blob = file->f_security;
+        if (blob) {
+                file->f_security = NULL;
+                kmem_cache_free(lsm_file_cache, blob);
+        }
 }
 
 int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
@@ -1267,7 +1315,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
                 return rc;
 
         rc = call_int_hook(cred_alloc_blank, 0, cred, gfp);
-        if (rc)
+        if (unlikely(rc))
                 security_cred_free(cred);
         return rc;
 }
@@ -1288,7 +1336,7 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp)
                 return rc;
 
         rc = call_int_hook(cred_prepare, 0, new, old, gfp);
-        if (rc)
+        if (unlikely(rc))
                 security_cred_free(new);
         return rc;
 }