aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCatherine Zhang <cxzhang@watson.ibm.com>2006-08-02 17:12:06 -0400
committerDavid S. Miller <davem@davemloft.net>2006-08-02 17:12:06 -0400
commitdc49c1f94e3469d94b952e8f5160dd4ccd791d79 (patch)
treee47b1974c262a03dbabf0a148325d9089817e78e
parent2b7e24b66d31d677d76b49918e711eb360c978b6 (diff)
[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch
From: Catherine Zhang <cxzhang@watson.ibm.com> This patch implements a cleaner fix for the memory leak problem of the original unix datagram getpeersec patch. Instead of creating a security context each time a unix datagram is sent, we only create the security context when the receiver requests it. This new design requires modification of the current unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely, secid_to_secctx and release_secctx. The former retrieves the security context and the latter releases it. A hook is required for releasing the security context because it is up to the security module to decide how that's done. In the case of Selinux, it's a simple kfree operation. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/security.h41
-rw-r--r--include/net/af_unix.h6
-rw-r--r--include/net/scm.h29
-rw-r--r--net/ipv4/ip_sockglue.c9
-rw-r--r--net/unix/af_unix.c17
-rw-r--r--security/dummy.c14
-rw-r--r--security/selinux/hooks.c38
7 files changed, 110 insertions, 44 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index f75303831d09..aa5b8043dc38 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1109,6 +1109,16 @@ struct swap_info_struct;
1109 * @name contains the name of the security module being unstacked. 1109 * @name contains the name of the security module being unstacked.
1110 * @ops contains a pointer to the struct security_operations of the module to unstack. 1110 * @ops contains a pointer to the struct security_operations of the module to unstack.
1111 * 1111 *
1112 * @secid_to_secctx:
1113 * Convert secid to security context.
1114 * @secid contains the security ID.
1115 * @secdata contains the pointer that stores the converted security context.
1116 *
1117 * @release_secctx:
1118 * Release the security context.
1119 * @secdata contains the security context.
1120 * @seclen contains the length of the security context.
1121 *
1112 * This is the main security structure. 1122 * This is the main security structure.
1113 */ 1123 */
1114struct security_operations { 1124struct security_operations {
@@ -1289,6 +1299,8 @@ struct security_operations {
1289 1299
1290 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1300 int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1291 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); 1301 int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
1302 int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
1303 void (*release_secctx)(char *secdata, u32 seclen);
1292 1304
1293#ifdef CONFIG_SECURITY_NETWORK 1305#ifdef CONFIG_SECURITY_NETWORK
1294 int (*unix_stream_connect) (struct socket * sock, 1306 int (*unix_stream_connect) (struct socket * sock,
@@ -1317,7 +1329,7 @@ struct security_operations {
1317 int (*socket_shutdown) (struct socket * sock, int how); 1329 int (*socket_shutdown) (struct socket * sock, int how);
1318 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); 1330 int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
1319 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); 1331 int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
1320 int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen); 1332 int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
1321 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); 1333 int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
1322 void (*sk_free_security) (struct sock *sk); 1334 void (*sk_free_security) (struct sock *sk);
1323 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); 1335 unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
@@ -2059,6 +2071,16 @@ static inline int security_netlink_recv(struct sk_buff * skb, int cap)
2059 return security_ops->netlink_recv(skb, cap); 2071 return security_ops->netlink_recv(skb, cap);
2060} 2072}
2061 2073
2074static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2075{
2076 return security_ops->secid_to_secctx(secid, secdata, seclen);
2077}
2078
2079static inline void security_release_secctx(char *secdata, u32 seclen)
2080{
2081 return security_ops->release_secctx(secdata, seclen);
2082}
2083
2062/* prototypes */ 2084/* prototypes */
2063extern int security_init (void); 2085extern int security_init (void);
2064extern int register_security (struct security_operations *ops); 2086extern int register_security (struct security_operations *ops);
@@ -2725,6 +2747,15 @@ static inline void securityfs_remove(struct dentry *dentry)
2725{ 2747{
2726} 2748}
2727 2749
2750static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2751{
2752 return -EOPNOTSUPP;
2753}
2754
2755static inline void security_release_secctx(char *secdata, u32 seclen)
2756{
2757 return -EOPNOTSUPP;
2758}
2728#endif /* CONFIG_SECURITY */ 2759#endif /* CONFIG_SECURITY */
2729 2760
2730#ifdef CONFIG_SECURITY_NETWORK 2761#ifdef CONFIG_SECURITY_NETWORK
@@ -2840,10 +2871,9 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
2840 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); 2871 return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
2841} 2872}
2842 2873
2843static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 2874static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2844 u32 *seclen)
2845{ 2875{
2846 return security_ops->socket_getpeersec_dgram(skb, secdata, seclen); 2876 return security_ops->socket_getpeersec_dgram(sock, skb, secid);
2847} 2877}
2848 2878
2849static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) 2879static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
@@ -2968,8 +2998,7 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __
2968 return -ENOPROTOOPT; 2998 return -ENOPROTOOPT;
2969} 2999}
2970 3000
2971static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 3001static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
2972 u32 *seclen)
2973{ 3002{
2974 return -ENOPROTOOPT; 3003 return -ENOPROTOOPT;
2975} 3004}
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 2fec827c8801..c0398f5a8cb9 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -54,15 +54,13 @@ struct unix_skb_parms {
54 struct ucred creds; /* Skb credentials */ 54 struct ucred creds; /* Skb credentials */
55 struct scm_fp_list *fp; /* Passed files */ 55 struct scm_fp_list *fp; /* Passed files */
56#ifdef CONFIG_SECURITY_NETWORK 56#ifdef CONFIG_SECURITY_NETWORK
57 char *secdata; /* Security context */ 57 u32 secid; /* Security ID */
58 u32 seclen; /* Security length */
59#endif 58#endif
60}; 59};
61 60
62#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) 61#define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb))
63#define UNIXCREDS(skb) (&UNIXCB((skb)).creds) 62#define UNIXCREDS(skb) (&UNIXCB((skb)).creds)
64#define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata) 63#define UNIXSID(skb) (&UNIXCB((skb)).secid)
65#define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen)
66 64
67#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) 65#define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock)
68#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) 66#define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock)
diff --git a/include/net/scm.h b/include/net/scm.h
index 02daa097cdcd..5637d5e22d5f 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -3,6 +3,7 @@
3 3
4#include <linux/limits.h> 4#include <linux/limits.h>
5#include <linux/net.h> 5#include <linux/net.h>
6#include <linux/security.h>
6 7
7/* Well, we should have at least one descriptor open 8/* Well, we should have at least one descriptor open
8 * to accept passed FDs 8) 9 * to accept passed FDs 8)
@@ -20,8 +21,7 @@ struct scm_cookie
20 struct ucred creds; /* Skb credentials */ 21 struct ucred creds; /* Skb credentials */
21 struct scm_fp_list *fp; /* Passed files */ 22 struct scm_fp_list *fp; /* Passed files */
22#ifdef CONFIG_SECURITY_NETWORK 23#ifdef CONFIG_SECURITY_NETWORK
23 char *secdata; /* Security context */ 24 u32 secid; /* Passed security ID */
24 u32 seclen; /* Security length */
25#endif 25#endif
26 unsigned long seq; /* Connection seqno */ 26 unsigned long seq; /* Connection seqno */
27}; 27};
@@ -32,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
32extern void __scm_destroy(struct scm_cookie *scm); 32extern void __scm_destroy(struct scm_cookie *scm);
33extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); 33extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
34 34
35#ifdef CONFIG_SECURITY_NETWORK
36static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
37{
38 security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
39}
40#else
41static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
42{ }
43#endif /* CONFIG_SECURITY_NETWORK */
44
35static __inline__ void scm_destroy(struct scm_cookie *scm) 45static __inline__ void scm_destroy(struct scm_cookie *scm)
36{ 46{
37 if (scm && scm->fp) 47 if (scm && scm->fp)
@@ -47,6 +57,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
47 scm->creds.pid = p->tgid; 57 scm->creds.pid = p->tgid;
48 scm->fp = NULL; 58 scm->fp = NULL;
49 scm->seq = 0; 59 scm->seq = 0;
60 unix_get_peersec_dgram(sock, scm);
50 if (msg->msg_controllen <= 0) 61 if (msg->msg_controllen <= 0)
51 return 0; 62 return 0;
52 return __scm_send(sock, msg, scm); 63 return __scm_send(sock, msg, scm);
@@ -55,8 +66,18 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
55#ifdef CONFIG_SECURITY_NETWORK 66#ifdef CONFIG_SECURITY_NETWORK
56static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 67static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
57{ 68{
58 if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) 69 char *secdata;
59 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); 70 u32 seclen;
71 int err;
72
73 if (test_bit(SOCK_PASSSEC, &sock->flags)) {
74 err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
75
76 if (!err) {
77 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
78 security_release_secctx(secdata, seclen);
79 }
80 }
60} 81}
61#else 82#else
62static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 83static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 84f43a3c9098..2d05c4133d3e 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -112,14 +112,19 @@ static void ip_cmsg_recv_retopts(struct msghdr *msg, struct sk_buff *skb)
112static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb) 112static void ip_cmsg_recv_security(struct msghdr *msg, struct sk_buff *skb)
113{ 113{
114 char *secdata; 114 char *secdata;
115 u32 seclen; 115 u32 seclen, secid;
116 int err; 116 int err;
117 117
118 err = security_socket_getpeersec_dgram(skb, &secdata, &seclen); 118 err = security_socket_getpeersec_dgram(NULL, skb, &secid);
119 if (err)
120 return;
121
122 err = security_secid_to_secctx(secid, &secdata, &seclen);
119 if (err) 123 if (err)
120 return; 124 return;
121 125
122 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata); 126 put_cmsg(msg, SOL_IP, SCM_SECURITY, seclen, secdata);
127 security_release_secctx(secdata, seclen);
123} 128}
124 129
125 130
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 6f2909279268..de6ec519272e 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -128,23 +128,17 @@ static atomic_t unix_nr_socks = ATOMIC_INIT(0);
128#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE) 128#define UNIX_ABSTRACT(sk) (unix_sk(sk)->addr->hash != UNIX_HASH_SIZE)
129 129
130#ifdef CONFIG_SECURITY_NETWORK 130#ifdef CONFIG_SECURITY_NETWORK
131static void unix_get_peersec_dgram(struct sk_buff *skb) 131static void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
132{ 132{
133 int err; 133 memcpy(UNIXSID(skb), &scm->secid, sizeof(u32));
134
135 err = security_socket_getpeersec_dgram(skb, UNIXSECDATA(skb),
136 UNIXSECLEN(skb));
137 if (err)
138 *(UNIXSECDATA(skb)) = NULL;
139} 134}
140 135
141static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) 136static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
142{ 137{
143 scm->secdata = *UNIXSECDATA(skb); 138 scm->secid = *UNIXSID(skb);
144 scm->seclen = *UNIXSECLEN(skb);
145} 139}
146#else 140#else
147static inline void unix_get_peersec_dgram(struct sk_buff *skb) 141static inline void unix_get_secdata(struct scm_cookie *scm, struct sk_buff *skb)
148{ } 142{ }
149 143
150static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb) 144static inline void unix_set_secdata(struct scm_cookie *scm, struct sk_buff *skb)
@@ -1322,8 +1316,7 @@ static int unix_dgram_sendmsg(struct kiocb *kiocb, struct socket *sock,
1322 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1316 memcpy(UNIXCREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1323 if (siocb->scm->fp) 1317 if (siocb->scm->fp)
1324 unix_attach_fds(siocb->scm, skb); 1318 unix_attach_fds(siocb->scm, skb);
1325 1319 unix_get_secdata(siocb->scm, skb);
1326 unix_get_peersec_dgram(skb);
1327 1320
1328 skb->h.raw = skb->data; 1321 skb->h.raw = skb->data;
1329 err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len); 1322 err = memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len);
diff --git a/security/dummy.c b/security/dummy.c
index bbbfda70e131..58c6d399c844 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -791,8 +791,7 @@ static int dummy_socket_getpeersec_stream(struct socket *sock, char __user *optv
791 return -ENOPROTOOPT; 791 return -ENOPROTOOPT;
792} 792}
793 793
794static int dummy_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, 794static int dummy_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
795 u32 *seclen)
796{ 795{
797 return -ENOPROTOOPT; 796 return -ENOPROTOOPT;
798} 797}
@@ -876,6 +875,15 @@ static int dummy_setprocattr(struct task_struct *p, char *name, void *value, siz
876 return -EINVAL; 875 return -EINVAL;
877} 876}
878 877
878static int dummy_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
879{
880 return -EOPNOTSUPP;
881}
882
883static void dummy_release_secctx(char *secdata, u32 seclen)
884{
885}
886
879#ifdef CONFIG_KEYS 887#ifdef CONFIG_KEYS
880static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx, 888static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx,
881 unsigned long flags) 889 unsigned long flags)
@@ -1028,6 +1036,8 @@ void security_fixup_ops (struct security_operations *ops)
1028 set_to_dummy_if_null(ops, d_instantiate); 1036 set_to_dummy_if_null(ops, d_instantiate);
1029 set_to_dummy_if_null(ops, getprocattr); 1037 set_to_dummy_if_null(ops, getprocattr);
1030 set_to_dummy_if_null(ops, setprocattr); 1038 set_to_dummy_if_null(ops, setprocattr);
1039 set_to_dummy_if_null(ops, secid_to_secctx);
1040 set_to_dummy_if_null(ops, release_secctx);
1031#ifdef CONFIG_SECURITY_NETWORK 1041#ifdef CONFIG_SECURITY_NETWORK
1032 set_to_dummy_if_null(ops, unix_stream_connect); 1042 set_to_dummy_if_null(ops, unix_stream_connect);
1033 set_to_dummy_if_null(ops, unix_may_send); 1043 set_to_dummy_if_null(ops, unix_may_send);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a91c961ba38b..5d1b8c733199 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3524,25 +3524,21 @@ out:
3524 return err; 3524 return err;
3525} 3525}
3526 3526
3527static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen) 3527static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
3528{ 3528{
3529 u32 peer_secid = SECSID_NULL;
3529 int err = 0; 3530 int err = 0;
3530 u32 peer_sid;
3531 3531
3532 if (skb->sk->sk_family == PF_UNIX) 3532 if (sock && (sock->sk->sk_family == PF_UNIX))
3533 selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket), 3533 selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
3534 &peer_sid); 3534 else if (skb)
3535 else 3535 peer_secid = selinux_socket_getpeer_dgram(skb);
3536 peer_sid = selinux_socket_getpeer_dgram(skb);
3537
3538 if (peer_sid == SECSID_NULL)
3539 return -EINVAL;
3540 3536
3541 err = security_sid_to_context(peer_sid, secdata, seclen); 3537 if (peer_secid == SECSID_NULL)
3542 if (err) 3538 err = -EINVAL;
3543 return err; 3539 *secid = peer_secid;
3544 3540
3545 return 0; 3541 return err;
3546} 3542}
3547 3543
3548static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority) 3544static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
@@ -4407,6 +4403,17 @@ static int selinux_setprocattr(struct task_struct *p,
4407 return size; 4403 return size;
4408} 4404}
4409 4405
4406static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4407{
4408 return security_sid_to_context(secid, secdata, seclen);
4409}
4410
4411static void selinux_release_secctx(char *secdata, u32 seclen)
4412{
4413 if (secdata)
4414 kfree(secdata);
4415}
4416
4410#ifdef CONFIG_KEYS 4417#ifdef CONFIG_KEYS
4411 4418
4412static int selinux_key_alloc(struct key *k, struct task_struct *tsk, 4419static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
@@ -4587,6 +4594,9 @@ static struct security_operations selinux_ops = {
4587 .getprocattr = selinux_getprocattr, 4594 .getprocattr = selinux_getprocattr,
4588 .setprocattr = selinux_setprocattr, 4595 .setprocattr = selinux_setprocattr,
4589 4596
4597 .secid_to_secctx = selinux_secid_to_secctx,
4598 .release_secctx = selinux_release_secctx,
4599
4590 .unix_stream_connect = selinux_socket_unix_stream_connect, 4600 .unix_stream_connect = selinux_socket_unix_stream_connect,
4591 .unix_may_send = selinux_socket_unix_may_send, 4601 .unix_may_send = selinux_socket_unix_may_send,
4592 4602