diff options
| author | Dustin Kirkland <dustin.kirkland@us.ibm.com> | 2005-11-16 10:53:13 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
| commit | 7306a0b9b3e2056a616c84841288ca2431a05627 (patch) | |
| tree | d3f61ef43c7079790d6b8ef9bf307689a7d9ea16 | |
| parent | 8c8570fb8feef2bc166bee75a85748b25cda22d9 (diff) | |
[PATCH] Miscellaneous bug and warning fixes
This patch fixes a couple of bugs revealed in new features recently
added to -mm1:
* fixes warnings due to inconsistent use of const struct inode *inode
* fixes bug that prevent a kernel from booting with audit on, and SELinux off
due to a missing function in security/dummy.c
* fixes a bug that throws spurious audit_panic() messages due to a missing
return just before an error_path label
* some reasonable house cleaning in audit_ipc_context(),
audit_inode_context(), and audit_log_task_context()
Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
| -rw-r--r-- | include/linux/security.h | 8 | ||||
| -rw-r--r-- | kernel/auditsc.c | 21 | ||||
| -rw-r--r-- | security/dummy.c | 8 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 |
4 files changed, 24 insertions, 15 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index ec0bbbc3ffc2..2a502250eb5c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -1173,8 +1173,8 @@ struct security_operations { | |||
| 1173 | int (*inode_getxattr) (struct dentry *dentry, char *name); | 1173 | int (*inode_getxattr) (struct dentry *dentry, char *name); |
| 1174 | int (*inode_listxattr) (struct dentry *dentry); | 1174 | int (*inode_listxattr) (struct dentry *dentry); |
| 1175 | int (*inode_removexattr) (struct dentry *dentry, char *name); | 1175 | int (*inode_removexattr) (struct dentry *dentry, char *name); |
| 1176 | char *(*inode_xattr_getsuffix) (void); | 1176 | const char *(*inode_xattr_getsuffix) (void); |
| 1177 | int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); | 1177 | int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); |
| 1178 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); | 1178 | int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); |
| 1179 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); | 1179 | int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); |
| 1180 | 1180 | ||
| @@ -1686,7 +1686,7 @@ static inline const char *security_inode_xattr_getsuffix(void) | |||
| 1686 | return security_ops->inode_xattr_getsuffix(); | 1686 | return security_ops->inode_xattr_getsuffix(); |
| 1687 | } | 1687 | } |
| 1688 | 1688 | ||
| 1689 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 1689 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
| 1690 | { | 1690 | { |
| 1691 | if (unlikely (IS_PRIVATE (inode))) | 1691 | if (unlikely (IS_PRIVATE (inode))) |
| 1692 | return 0; | 1692 | return 0; |
| @@ -2338,7 +2338,7 @@ static inline const char *security_inode_xattr_getsuffix (void) | |||
| 2338 | return NULL ; | 2338 | return NULL ; |
| 2339 | } | 2339 | } |
| 2340 | 2340 | ||
| 2341 | static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 2341 | static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
| 2342 | { | 2342 | { |
| 2343 | return -EOPNOTSUPP; | 2343 | return -EOPNOTSUPP; |
| 2344 | } | 2344 | } |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4e2256ec7cf3..4ef14515da35 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -892,21 +892,20 @@ static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask) | |||
| 892 | } | 892 | } |
| 893 | 893 | ||
| 894 | ctx = kmalloc(len, gfp_mask); | 894 | ctx = kmalloc(len, gfp_mask); |
| 895 | if (!ctx) { | 895 | if (!ctx) |
| 896 | goto error_path; | 896 | goto error_path; |
| 897 | return; | ||
| 898 | } | ||
| 899 | 897 | ||
| 900 | len = security_getprocattr(current, "current", ctx, len); | 898 | len = security_getprocattr(current, "current", ctx, len); |
| 901 | if (len < 0 ) | 899 | if (len < 0 ) |
| 902 | goto error_path; | 900 | goto error_path; |
| 903 | 901 | ||
| 904 | audit_log_format(ab, " subj=%s", ctx); | 902 | audit_log_format(ab, " subj=%s", ctx); |
| 903 | return; | ||
| 905 | 904 | ||
| 906 | error_path: | 905 | error_path: |
| 907 | if (ctx) | 906 | if (ctx) |
| 908 | kfree(ctx); | 907 | kfree(ctx); |
| 909 | audit_panic("security_getprocattr error in audit_log_task_context"); | 908 | audit_panic("error in audit_log_task_context"); |
| 910 | return; | 909 | return; |
| 911 | } | 910 | } |
| 912 | 911 | ||
| @@ -1304,13 +1303,16 @@ void audit_putname(const char *name) | |||
| 1304 | void audit_inode_context(int idx, const struct inode *inode) | 1303 | void audit_inode_context(int idx, const struct inode *inode) |
| 1305 | { | 1304 | { |
| 1306 | struct audit_context *context = current->audit_context; | 1305 | struct audit_context *context = current->audit_context; |
| 1306 | const char *suffix = security_inode_xattr_getsuffix(); | ||
| 1307 | char *ctx = NULL; | 1307 | char *ctx = NULL; |
| 1308 | int len = 0; | 1308 | int len = 0; |
| 1309 | 1309 | ||
| 1310 | if (!security_inode_xattr_getsuffix()) | 1310 | if (!suffix) |
| 1311 | return; | 1311 | goto ret; |
| 1312 | 1312 | ||
| 1313 | len = security_inode_getsecurity(inode, (char *)security_inode_xattr_getsuffix(), NULL, 0, 0); | 1313 | len = security_inode_getsecurity(inode, suffix, NULL, 0, 0); |
| 1314 | if (len == -EOPNOTSUPP) | ||
| 1315 | goto ret; | ||
| 1314 | if (len < 0) | 1316 | if (len < 0) |
| 1315 | goto error_path; | 1317 | goto error_path; |
| 1316 | 1318 | ||
| @@ -1318,18 +1320,19 @@ void audit_inode_context(int idx, const struct inode *inode) | |||
| 1318 | if (!ctx) | 1320 | if (!ctx) |
| 1319 | goto error_path; | 1321 | goto error_path; |
| 1320 | 1322 | ||
| 1321 | len = security_inode_getsecurity(inode, (char *)security_inode_xattr_getsuffix(), ctx, len, 0); | 1323 | len = security_inode_getsecurity(inode, suffix, ctx, len, 0); |
| 1322 | if (len < 0) | 1324 | if (len < 0) |
| 1323 | goto error_path; | 1325 | goto error_path; |
| 1324 | 1326 | ||
| 1325 | kfree(context->names[idx].ctx); | 1327 | kfree(context->names[idx].ctx); |
| 1326 | context->names[idx].ctx = ctx; | 1328 | context->names[idx].ctx = ctx; |
| 1327 | return; | 1329 | goto ret; |
| 1328 | 1330 | ||
| 1329 | error_path: | 1331 | error_path: |
| 1330 | if (ctx) | 1332 | if (ctx) |
| 1331 | kfree(ctx); | 1333 | kfree(ctx); |
| 1332 | audit_panic("error in audit_inode_context"); | 1334 | audit_panic("error in audit_inode_context"); |
| 1335 | ret: | ||
| 1333 | return; | 1336 | return; |
| 1334 | } | 1337 | } |
| 1335 | 1338 | ||
diff --git a/security/dummy.c b/security/dummy.c index 6febe7d39fa0..0a553d39729f 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
| @@ -378,7 +378,7 @@ static int dummy_inode_removexattr (struct dentry *dentry, char *name) | |||
| 378 | return 0; | 378 | return 0; |
| 379 | } | 379 | } |
| 380 | 380 | ||
| 381 | static int dummy_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 381 | static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
| 382 | { | 382 | { |
| 383 | return -EOPNOTSUPP; | 383 | return -EOPNOTSUPP; |
| 384 | } | 384 | } |
| @@ -393,6 +393,11 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu | |||
| 393 | return 0; | 393 | return 0; |
| 394 | } | 394 | } |
| 395 | 395 | ||
| 396 | static const char *dummy_inode_xattr_getsuffix(void) | ||
| 397 | { | ||
| 398 | return NULL; | ||
| 399 | } | ||
| 400 | |||
| 396 | static int dummy_file_permission (struct file *file, int mask) | 401 | static int dummy_file_permission (struct file *file, int mask) |
| 397 | { | 402 | { |
| 398 | return 0; | 403 | return 0; |
| @@ -930,6 +935,7 @@ void security_fixup_ops (struct security_operations *ops) | |||
| 930 | set_to_dummy_if_null(ops, inode_getxattr); | 935 | set_to_dummy_if_null(ops, inode_getxattr); |
| 931 | set_to_dummy_if_null(ops, inode_listxattr); | 936 | set_to_dummy_if_null(ops, inode_listxattr); |
| 932 | set_to_dummy_if_null(ops, inode_removexattr); | 937 | set_to_dummy_if_null(ops, inode_removexattr); |
| 938 | set_to_dummy_if_null(ops, inode_xattr_getsuffix); | ||
| 933 | set_to_dummy_if_null(ops, inode_getsecurity); | 939 | set_to_dummy_if_null(ops, inode_getsecurity); |
| 934 | set_to_dummy_if_null(ops, inode_setsecurity); | 940 | set_to_dummy_if_null(ops, inode_setsecurity); |
| 935 | set_to_dummy_if_null(ops, inode_listsecurity); | 941 | set_to_dummy_if_null(ops, inode_listsecurity); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9c08a19cc81b..81b726b1a419 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2247,7 +2247,7 @@ static const char *selinux_inode_xattr_getsuffix(void) | |||
| 2247 | * | 2247 | * |
| 2248 | * Permission check is handled by selinux_inode_getxattr hook. | 2248 | * Permission check is handled by selinux_inode_getxattr hook. |
| 2249 | */ | 2249 | */ |
| 2250 | static int selinux_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) | 2250 | static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
| 2251 | { | 2251 | { |
| 2252 | struct inode_security_struct *isec = inode->i_security; | 2252 | struct inode_security_struct *isec = inode->i_security; |
| 2253 | 2253 | ||