Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (57 commits) binfmt_elf: fix PT_INTERP bss handling TPM: Fixup boot probe timeout for tpm_tis driver sysfs: Add labeling support for sysfs LSM/SELinux: inode_{get,set,notify}secctx hooks to access LSM security context information. VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx. KEYS: Add missing linux/tracehook.h #inclusions KEYS: Fix default security_session_to_parent() Security/SELinux: includecheck fix kernel/sysctl.c KEYS: security_cred_alloc_blank() should return int under all circumstances IMA: open new file for read KEYS: Add a keyctl to install a process's session keyring on its parent [try #6] KEYS: Extend TIF_NOTIFY_RESUME to (almost) all architectures [try #6] KEYS: Do some whitespace cleanups [try #6] KEYS: Make /proc/keys use keyid not numread as file position [try #6] KEYS: Add garbage collection for dead, revoked and expired keys. [try #6] KEYS: Flag dead keys to induce EKEYREVOKED [try #6] KEYS: Allow keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6] KEYS: Deal with dead-type keys appropriately [try #6] CRED: Add some configurable debugging [try #6] selinux: Support for the new TUN LSM hooks ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-11 11:55:49 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2009-09-11 11:55:49 -0400
commit: f6f79190866d5b2d06a2114d673f91f54e7c7ce4 (patch)
tree: 025bc2ff00351c71a719cb5bc2aa3f59133400f6 /fs
parent: 0d03d59d9b31cd1e33b7e46a80b6fef66244b1f2 (diff)
parent: a3c8b97396ef42edfb845788ba6f53b2a93ce980 (diff)
11 files changed, 176 insertions, 57 deletions
diff --git a/fs/locks.c b/fs/locks.c
index b6440f52178f..52366e877d76 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1591,7 +1591,7 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd)
        if (can_sleep)
                lock->fl_flags |= FL_SLEEP;
-        error = security_file_lock(filp, cmd);
+        error = security_file_lock(filp, lock->fl_type);
        if (error)
                goto out_free;
diff --git a/fs/namei.c b/fs/namei.c
index ed27bb205b7e..d11f404667e9 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag)
        if (error)
                return error;
-        error = ima_path_check(path,
+        error = ima_path_check(path, acc_mode ?
-                               acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
+                               acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
+                               ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
                               IMA_COUNT_UPDATE);
        if (error)
                return error;
        /*
diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c
index 5573508f707f..36fcabbf5186 100644
--- a/fs/nfsd/auth.c
+++ b/fs/nfsd/auth.c
@@ -34,6 +34,8 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
        int flags = nfsexp_flags(rqstp, exp);
        int ret;
+        validate_process_creds();
        /* discard any old override before preparing the new set */
        revert_creds(get_cred(current->real_cred));
        new = prepare_creds();
@@ -86,8 +88,10 @@ int nfsd_setuser(struct svc_rqst *rqstp, struct svc_export *exp)
        else
                new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
                                                        new->cap_permitted);
+        validate_process_creds();
        put_cred(override_creds(new));
        put_cred(new);
+        validate_process_creds();
        return 0;
 oom:
diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c
index 492c79b7800b..24d58adfe5fd 100644
--- a/fs/nfsd/nfssvc.c
+++ b/fs/nfsd/nfssvc.c
@@ -496,7 +496,9 @@ nfsd(void *vrqstp)
                /* Lock the export hash tables for reading. */
                exp_readlock();
+                validate_process_creds();
                svc_process(rqstp);
+                validate_process_creds();
                /* Unlock export hash tables */
                exp_readunlock();
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 23341c1063bc..8fa09bfbcba7 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -684,6 +684,8 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
        __be32          err;
        int             host_err;
+        validate_process_creds();
        /*
         * If we get here, then the client has already done an "open",
         * and (hopefully) checked permission - so allow OWNER_OVERRIDE
@@ -740,6 +742,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
 out_nfserr:
        err = nfserrno(host_err);
 out:
+        validate_process_creds();
        return err;
 }
diff --git a/fs/open.c b/fs/open.c
index dd98e8076024..31191bf513e4 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -199,7 +199,7 @@ out:
 int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
        struct file *filp)
 {
-        int err;
+        int ret;
        struct iattr newattrs;
        /* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
@@ -214,12 +214,14 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
        }
        /* Remove suid/sgid on truncate too */
-        newattrs.ia_valid |= should_remove_suid(dentry);
+        ret = should_remove_suid(dentry);
+        if (ret)
+                newattrs.ia_valid |= ret | ATTR_FORCE;
        mutex_lock(&dentry->d_inode->i_mutex);
-        err = notify_change(dentry, &newattrs);
+        ret = notify_change(dentry, &newattrs);
        mutex_unlock(&dentry->d_inode->i_mutex);
-        return err;
+        return ret;
 }
 static long do_sys_truncate(const char __user *pathname, loff_t length)
@@ -957,6 +959,8 @@ struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
        int error;
        struct file *f;
+        validate_creds(cred);
        /*
         * We must always pass in a valid mount pointer.   Historically
         * callers got away with not passing it, but we must enforce this at
diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index 14f2d71ea3ce..0050fc40e8c9 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -760,6 +760,7 @@ static struct dentry * sysfs_lookup(struct inode *dir, struct dentry *dentry,
 const struct inode_operations sysfs_dir_inode_operations = {
        .lookup         = sysfs_lookup,
        .setattr        = sysfs_setattr,
+        .setxattr       = sysfs_setxattr,
 };
 static void remove_dir(struct sysfs_dirent *sd)
diff --git a/fs/sysfs/inode.c b/fs/sysfs/inode.c
index 555f0ff988df..2b6a8d9de73d 100644
--- a/fs/sysfs/inode.c
+++ b/fs/sysfs/inode.c
@@ -18,6 +18,8 @@
 #include <linux/capability.h>
 #include <linux/errno.h>
 #include <linux/sched.h>
+#include <linux/xattr.h>
+#include <linux/security.h>
 #include "sysfs.h"
 extern struct super_block * sysfs_sb;
@@ -35,6 +37,7 @@ static struct backing_dev_info sysfs_backing_dev_info = {
 static const struct inode_operations sysfs_inode_operations ={
        .setattr        = sysfs_setattr,
+        .setxattr       = sysfs_setxattr,
 };
 int __init sysfs_inode_init(void)
@@ -42,18 +45,37 @@ int __init sysfs_inode_init(void)
        return bdi_init(&sysfs_backing_dev_info);
 }
+struct sysfs_inode_attrs *sysfs_init_inode_attrs(struct sysfs_dirent *sd)
+{
+        struct sysfs_inode_attrs *attrs;
+        struct iattr *iattrs;
+        attrs = kzalloc(sizeof(struct sysfs_inode_attrs), GFP_KERNEL);
+        if (!attrs)
+                return NULL;
+        iattrs = &attrs->ia_iattr;
+        /* assign default attributes */
+        iattrs->ia_mode = sd->s_mode;
+        iattrs->ia_uid = 0;
+        iattrs->ia_gid = 0;
+        iattrs->ia_atime = iattrs->ia_mtime = iattrs->ia_ctime = CURRENT_TIME;
+        return attrs;
+}
 int sysfs_setattr(struct dentry * dentry, struct iattr * iattr)
 {
        struct inode * inode = dentry->d_inode;
        struct sysfs_dirent * sd = dentry->d_fsdata;
-        struct iattr * sd_iattr;
+        struct sysfs_inode_attrs *sd_attrs;
+        struct iattr *iattrs;
        unsigned int ia_valid = iattr->ia_valid;
        int error;
        if (!sd)
                return -EINVAL;
-        sd_iattr = sd->s_iattr;
+        sd_attrs = sd->s_iattr;
        error = inode_change_ok(inode, iattr);
        if (error)
@@ -65,42 +87,77 @@ int sysfs_setattr(struct dentry * dentry, struct iattr * iattr)
        if (error)
                return error;
-        if (!sd_iattr) {
+        if (!sd_attrs) {
                /* setting attributes for the first time, allocate now */
-                sd_iattr = kzalloc(sizeof(struct iattr), GFP_KERNEL);
+                sd_attrs = sysfs_init_inode_attrs(sd);
-                if (!sd_iattr)
+                if (!sd_attrs)
                        return -ENOMEM;
-                /* assign default attributes */
+                sd->s_iattr = sd_attrs;
-                sd_iattr->ia_mode = sd->s_mode;
+        } else {
-                sd_iattr->ia_uid = 0;
+                /* attributes were changed at least once in past */
-                sd_iattr->ia_gid = 0;
+                iattrs = &sd_attrs->ia_iattr;
-                sd_iattr->ia_atime = sd_iattr->ia_mtime = sd_iattr->ia_ctime = CURRENT_TIME;
-                sd->s_iattr = sd_iattr;
+                if (ia_valid & ATTR_UID)
+                        iattrs->ia_uid = iattr->ia_uid;
+                if (ia_valid & ATTR_GID)
+                        iattrs->ia_gid = iattr->ia_gid;
+                if (ia_valid & ATTR_ATIME)
+                        iattrs->ia_atime = timespec_trunc(iattr->ia_atime,
+                                        inode->i_sb->s_time_gran);
+                if (ia_valid & ATTR_MTIME)
+                        iattrs->ia_mtime = timespec_trunc(iattr->ia_mtime,
+                                        inode->i_sb->s_time_gran);
+                if (ia_valid & ATTR_CTIME)
+                        iattrs->ia_ctime = timespec_trunc(iattr->ia_ctime,
+                                        inode->i_sb->s_time_gran);
+                if (ia_valid & ATTR_MODE) {
+                        umode_t mode = iattr->ia_mode;
+                        if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
+                                mode &= ~S_ISGID;
+                        iattrs->ia_mode = sd->s_mode = mode;
+                }
        }
+        return error;
+}
-        /* attributes were changed atleast once in past */
+int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+                size_t size, int flags)
-        if (ia_valid & ATTR_UID)
+{
-                sd_iattr->ia_uid = iattr->ia_uid;
+        struct sysfs_dirent *sd = dentry->d_fsdata;
-        if (ia_valid & ATTR_GID)
+        struct sysfs_inode_attrs *iattrs;
-                sd_iattr->ia_gid = iattr->ia_gid;
+        void *secdata;
-        if (ia_valid & ATTR_ATIME)
+        int error;
-                sd_iattr->ia_atime = timespec_trunc(iattr->ia_atime,
+        u32 secdata_len = 0;
-                                                inode->i_sb->s_time_gran);
-        if (ia_valid & ATTR_MTIME)
+        if (!sd)
-                sd_iattr->ia_mtime = timespec_trunc(iattr->ia_mtime,
+                return -EINVAL;
-                                                inode->i_sb->s_time_gran);
+        if (!sd->s_iattr)
-        if (ia_valid & ATTR_CTIME)
+                sd->s_iattr = sysfs_init_inode_attrs(sd);
-                sd_iattr->ia_ctime = timespec_trunc(iattr->ia_ctime,
+        if (!sd->s_iattr)
-                                                inode->i_sb->s_time_gran);
+                return -ENOMEM;
-        if (ia_valid & ATTR_MODE) {
-                umode_t mode = iattr->ia_mode;
+        iattrs = sd->s_iattr;
-                if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
+        if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) {
-                        mode &= ~S_ISGID;
+                const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
-                sd_iattr->ia_mode = sd->s_mode = mode;
+                error = security_inode_setsecurity(dentry->d_inode, suffix,
-        }
+                                                value, size, flags);
+                if (error)
+                        goto out;
+                error = security_inode_getsecctx(dentry->d_inode,
+                                                &secdata, &secdata_len);
+                if (error)
+                        goto out;
+                if (iattrs->ia_secdata)
+                        security_release_secctx(iattrs->ia_secdata,
+                                                iattrs->ia_secdata_len);
+                iattrs->ia_secdata = secdata;
+                iattrs->ia_secdata_len = secdata_len;
+        } else
+                return -EINVAL;
+out:
        return error;
 }
@@ -146,6 +203,7 @@ static int sysfs_count_nlink(struct sysfs_dirent *sd)
 static void sysfs_init_inode(struct sysfs_dirent *sd, struct inode *inode)
 {
        struct bin_attribute *bin_attr;
+        struct sysfs_inode_attrs *iattrs;
        inode->i_private = sysfs_get(sd);
        inode->i_mapping->a_ops = &sysfs_aops;
@@ -154,16 +212,20 @@ static void sysfs_init_inode(struct sysfs_dirent *sd, struct inode *inode)
        inode->i_ino = sd->s_ino;
        lockdep_set_class(&inode->i_mutex, &sysfs_inode_imutex_key);
-        if (sd->s_iattr) {
+        iattrs = sd->s_iattr;
+        if (iattrs) {
                /* sysfs_dirent has non-default attributes
                 * get them for the new inode from persistent copy
                 * in sysfs_dirent
                 */
-                set_inode_attr(inode, sd->s_iattr);
+                set_inode_attr(inode, &iattrs->ia_iattr);
+                if (iattrs->ia_secdata)
+                        security_inode_notifysecctx(inode,
+                                                iattrs->ia_secdata,
+                                                iattrs->ia_secdata_len);
        } else
                set_default_inode_attr(inode, sd->s_mode);
        /* initialize inode according to type */
        switch (sysfs_type(sd)) {
        case SYSFS_DIR:
diff --git a/fs/sysfs/symlink.c b/fs/sysfs/symlink.c
index 1d897ad808e0..c5081ad77026 100644
--- a/fs/sysfs/symlink.c
+++ b/fs/sysfs/symlink.c
@@ -16,6 +16,7 @@
 #include <linux/kobject.h>
 #include <linux/namei.h>
 #include <linux/mutex.h>
+#include <linux/security.h>
 #include "sysfs.h"
@@ -209,6 +210,7 @@ static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *co
 }
 const struct inode_operations sysfs_symlink_inode_operations = {
+        .setxattr = sysfs_setxattr,
        .readlink = generic_readlink,
        .follow_link = sysfs_follow_link,
        .put_link = sysfs_put_link,
diff --git a/fs/sysfs/sysfs.h b/fs/sysfs/sysfs.h
index 3fa0d98481e2..af4c4e7482ac 100644
--- a/fs/sysfs/sysfs.h
+++ b/fs/sysfs/sysfs.h
@@ -8,6 +8,8 @@
 * This file is released under the GPLv2.
 */
+#include <linux/fs.h>
 struct sysfs_open_dirent;
 /* type-specific structures for sysfs_dirent->s_* union members */
@@ -31,6 +33,12 @@ struct sysfs_elem_bin_attr {
        struct hlist_head       buffers;
 };
+struct sysfs_inode_attrs {
+        struct iattr    ia_iattr;
+        void            *ia_secdata;
+        u32             ia_secdata_len;
+};
 /*
 * sysfs_dirent - the building block of sysfs hierarchy.  Each and
 * every sysfs node is represented by single sysfs_dirent.
@@ -56,7 +64,7 @@ struct sysfs_dirent {
        unsigned int            s_flags;
        ino_t                   s_ino;
        umode_t                 s_mode;
-        struct iattr            *s_iattr;
+        struct sysfs_inode_attrs *s_iattr;
 };
 #define SD_DEACTIVATED_BIAS             INT_MIN
@@ -148,6 +156,8 @@ static inline void __sysfs_put(struct sysfs_dirent *sd)
 struct inode *sysfs_get_inode(struct sysfs_dirent *sd);
 void sysfs_delete_inode(struct inode *inode);
 int sysfs_setattr(struct dentry *dentry, struct iattr *iattr);
+int sysfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+                size_t size, int flags);
 int sysfs_hash_and_remove(struct sysfs_dirent *dir_sd, const char *name);
 int sysfs_inode_init(void);
diff --git a/fs/xattr.c b/fs/xattr.c
index 1c3d0af59ddf..6d4f6d3449fb 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -66,22 +66,28 @@ xattr_permission(struct inode *inode, const char *name, int mask)
        return inode_permission(inode, mask);
 }
-int
+/**
-vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+ *  __vfs_setxattr_noperm - perform setxattr operation without performing
-                size_t size, int flags)
+ *  permission checks.
+ *
+ *  @dentry - object to perform setxattr on
+ *  @name - xattr name to set
+ *  @value - value to set @name to
+ *  @size - size of @value
+ *  @flags - flags to pass into filesystem operations
+ *
+ *  returns the result of the internal setxattr or setsecurity operations.
+ *
+ *  This function requires the caller to lock the inode's i_mutex before it
+ *  is executed. It also assumes that the caller will make the appropriate
+ *  permission checks.
+ */
+int __vfs_setxattr_noperm(struct dentry *dentry, const char *name,
+                const void *value, size_t size, int flags)
 {
        struct inode *inode = dentry->d_inode;
-        int error;
+        int error = -EOPNOTSUPP;
-        error = xattr_permission(inode, name, MAY_WRITE);
-        if (error)
-                return error;
-        mutex_lock(&inode->i_mutex);
-        error = security_inode_setxattr(dentry, name, value, size, flags);
-        if (error)
-                goto out;
-        error = -EOPNOTSUPP;
        if (inode->i_op->setxattr) {
                error = inode->i_op->setxattr(dentry, name, value, size, flags);
                if (!error) {
@@ -97,6 +103,29 @@ vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
                if (!error)
                        fsnotify_xattr(dentry);
        }
+        return error;
+}
+int
+vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
+                size_t size, int flags)
+{
+        struct inode *inode = dentry->d_inode;
+        int error;
+        error = xattr_permission(inode, name, MAY_WRITE);
+        if (error)
+                return error;
+        mutex_lock(&inode->i_mutex);
+        error = security_inode_setxattr(dentry, name, value, size, flags);
+        if (error)
+                goto out;
+        error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
 out:
        mutex_unlock(&inode->i_mutex);
        return error;
author	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-11 11:55:49 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2009-09-11 11:55:49 -0400
commit	f6f79190866d5b2d06a2114d673f91f54e7c7ce4 (patch)
tree	025bc2ff00351c71a719cb5bc2aa3f59133400f6 /fs
parent	0d03d59d9b31cd1e33b7e46a80b6fef66244b1f2 (diff)
parent	a3c8b97396ef42edfb845788ba6f53b2a93ce980 (diff)

diff --git a/fs/locks.c b/fs/locks.c index b6440f52178f..52366e877d76 100644 --- a/fs/locks.c +++ b/fs/locks.c
@@ -1591,7 +1591,7 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd)
1591	if (can_sleep)	1591	if (can_sleep)
1592	lock->fl_flags \|= FL_SLEEP;	1592	lock->fl_flags \|= FL_SLEEP;
1593		1593
1594	error = security_file_lock(filp, cmd);	1594	error = security_file_lock(filp, lock->fl_type);
1595	if (error)	1595	if (error)
1596	goto out_free;	1596	goto out_free;
1597		1597


diff --git a/fs/namei.c b/fs/namei.c index ed27bb205b7e..d11f404667e9 100644 --- a/fs/namei.c +++ b/fs/namei.c
@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag)
1533	if (error)	1533	if (error)
1534	return error;	1534	return error;
1535		1535
1536	error = ima_path_check(path,	1536	error = ima_path_check(path, acc_mode ?
1537	acc_mode & (MAY_READ \| MAY_WRITE \| MAY_EXEC),	1537	acc_mode & (MAY_READ \| MAY_WRITE \| MAY_EXEC) :
		1538	ACC_MODE(flag) & (MAY_READ \| MAY_WRITE),
1538	IMA_COUNT_UPDATE);	1539	IMA_COUNT_UPDATE);
		1540
1539	if (error)	1541	if (error)
1540	return error;	1542	return error;
1541	/*	1543	/*


diff --git a/fs/nfsd/auth.c b/fs/nfsd/auth.c index 5573508f707f..36fcabbf5186 100644 --- a/fs/nfsd/auth.c +++ b/fs/nfsd/auth.c
@@ -34,6 +34,8 @@ int nfsd_setuser(struct svc_rqst rqstp, struct svc_export exp)
34	int flags = nfsexp_flags(rqstp, exp);	34	int flags = nfsexp_flags(rqstp, exp);
35	int ret;	35	int ret;
36		36
		37	validate_process_creds();
		38
37	/* discard any old override before preparing the new set */	39	/* discard any old override before preparing the new set */
38	revert_creds(get_cred(current->real_cred));	40	revert_creds(get_cred(current->real_cred));
39	new = prepare_creds();	41	new = prepare_creds();
@@ -86,8 +88,10 @@ int nfsd_setuser(struct svc_rqst rqstp, struct svc_export exp)
86	else	88	else
87	new->cap_effective = cap_raise_nfsd_set(new->cap_effective,	89	new->cap_effective = cap_raise_nfsd_set(new->cap_effective,
88	new->cap_permitted);	90	new->cap_permitted);
		91	validate_process_creds();
89	put_cred(override_creds(new));	92	put_cred(override_creds(new));
90	put_cred(new);	93	put_cred(new);
		94	validate_process_creds();
91	return 0;	95	return 0;
92		96
93	oom:	97	oom:


diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c index 492c79b7800b..24d58adfe5fd 100644 --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c
@@ -496,7 +496,9 @@ nfsd(void *vrqstp)
496	/* Lock the export hash tables for reading. */	496	/* Lock the export hash tables for reading. */
497	exp_readlock();	497	exp_readlock();
498		498
		499	validate_process_creds();
499	svc_process(rqstp);	500	svc_process(rqstp);
		501	validate_process_creds();
500		502
501	/* Unlock export hash tables */	503	/* Unlock export hash tables */
502	exp_readunlock();	504	exp_readunlock();


diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 23341c1063bc..8fa09bfbcba7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c
@@ -684,6 +684,8 @@ nfsd_open(struct svc_rqst rqstp, struct svc_fh fhp, int type,
684	__be32 err;	684	__be32 err;
685	int host_err;	685	int host_err;
686		686
		687	validate_process_creds();
		688
687	/*	689	/*
688	* If we get here, then the client has already done an "open",	690	* If we get here, then the client has already done an "open",
689	* and (hopefully) checked permission - so allow OWNER_OVERRIDE	691	* and (hopefully) checked permission - so allow OWNER_OVERRIDE
@@ -740,6 +742,7 @@ nfsd_open(struct svc_rqst rqstp, struct svc_fh fhp, int type,
740	out_nfserr:	742	out_nfserr:
741	err = nfserrno(host_err);	743	err = nfserrno(host_err);
742	out:	744	out:
		745	validate_process_creds();
743	return err;	746	return err;
744	}	747	}
745		748


diff --git a/fs/open.c b/fs/open.c index dd98e8076024..31191bf513e4 100644 --- a/fs/open.c +++ b/fs/open.c
@@ -199,7 +199,7 @@ out:
199	int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,	199	int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
200	struct file *filp)	200	struct file *filp)
201	{	201	{
202	int err;	202	int ret;
203	struct iattr newattrs;	203	struct iattr newattrs;
204		204
205	/* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */	205	/* Not pretty: "inode->i_size" shouldn't really be signed. But it is. */
@@ -214,12 +214,14 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
214	}	214	}
215		215
216	/* Remove suid/sgid on truncate too */	216	/* Remove suid/sgid on truncate too */
217	newattrs.ia_valid \|= should_remove_suid(dentry);	217	ret = should_remove_suid(dentry);
		218	if (ret)
		219	newattrs.ia_valid \|= ret \| ATTR_FORCE;
218		220
219	mutex_lock(&dentry->d_inode->i_mutex);	221	mutex_lock(&dentry->d_inode->i_mutex);
220	err = notify_change(dentry, &newattrs);	222	ret = notify_change(dentry, &newattrs);
221	mutex_unlock(&dentry->d_inode->i_mutex);	223	mutex_unlock(&dentry->d_inode->i_mutex);
222	return err;	224	return ret;
223	}	225	}
224		226
225	static long do_sys_truncate(const char __user *pathname, loff_t length)	227	static long do_sys_truncate(const char __user *pathname, loff_t length)
@@ -957,6 +959,8 @@ struct file dentry_open(struct dentry dentry, struct vfsmount *mnt, int flags,
957	int error;	959	int error;
958	struct file *f;	960	struct file *f;
959		961
		962	validate_creds(cred);
		963
960	/*	964	/*
961	* We must always pass in a valid mount pointer. Historically	965	* We must always pass in a valid mount pointer. Historically
962	* callers got away with not passing it, but we must enforce this at	966	* callers got away with not passing it, but we must enforce this at


diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index 14f2d71ea3ce..0050fc40e8c9 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c
@@ -760,6 +760,7 @@ static struct dentry * sysfs_lookup(struct inode dir, struct dentry dentry,
760	const struct inode_operations sysfs_dir_inode_operations = {	760	const struct inode_operations sysfs_dir_inode_operations = {
761	.lookup = sysfs_lookup,	761	.lookup = sysfs_lookup,
762	.setattr = sysfs_setattr,	762	.setattr = sysfs_setattr,
		763	.setxattr = sysfs_setxattr,
763	};	764	};
764		765
765	static void remove_dir(struct sysfs_dirent *sd)	766	static void remove_dir(struct sysfs_dirent *sd)


diff --git a/fs/sysfs/inode.c b/fs/sysfs/inode.c index 555f0ff988df..2b6a8d9de73d 100644 --- a/fs/sysfs/inode.c +++ b/fs/sysfs/inode.c
@@ -18,6 +18,8 @@
18	#include <linux/capability.h>	18	#include <linux/capability.h>
19	#include <linux/errno.h>	19	#include <linux/errno.h>
20	#include <linux/sched.h>	20	#include <linux/sched.h>
		21	#include <linux/xattr.h>
		22	#include <linux/security.h>
21	#include "sysfs.h"	23	#include "sysfs.h"
22		24
23	extern struct super_block * sysfs_sb;	25	extern struct super_block * sysfs_sb;
@@ -35,6 +37,7 @@ static struct backing_dev_info sysfs_backing_dev_info = {
35		37
36	static const struct inode_operations sysfs_inode_operations ={	38	static const struct inode_operations sysfs_inode_operations ={
37	.setattr = sysfs_setattr,	39	.setattr = sysfs_setattr,
		40	.setxattr = sysfs_setxattr,
38	};	41	};
39		42
40	int __init sysfs_inode_init(void)	43	int __init sysfs_inode_init(void)
@@ -42,18 +45,37 @@ int __init sysfs_inode_init(void)
42	return bdi_init(&sysfs_backing_dev_info);	45	return bdi_init(&sysfs_backing_dev_info);
43	}	46	}
44		47
		48	struct sysfs_inode_attrs sysfs_init_inode_attrs(struct sysfs_dirent sd)
		49	{
		50	struct sysfs_inode_attrs *attrs;
		51	struct iattr *iattrs;
		52
		53	attrs = kzalloc(sizeof(struct sysfs_inode_attrs), GFP_KERNEL);
		54	if (!attrs)
		55	return NULL;
		56	iattrs = &attrs->ia_iattr;
		57
		58	/* assign default attributes */
		59	iattrs->ia_mode = sd->s_mode;
		60	iattrs->ia_uid = 0;
		61	iattrs->ia_gid = 0;
		62	iattrs->ia_atime = iattrs->ia_mtime = iattrs->ia_ctime = CURRENT_TIME;
		63
		64	return attrs;
		65	}
45	int sysfs_setattr(struct dentry * dentry, struct iattr * iattr)	66	int sysfs_setattr(struct dentry * dentry, struct iattr * iattr)
46	{	67	{
47	struct inode * inode = dentry->d_inode;	68	struct inode * inode = dentry->d_inode;
48	struct sysfs_dirent * sd = dentry->d_fsdata;	69	struct sysfs_dirent * sd = dentry->d_fsdata;
49	struct iattr * sd_iattr;	70	struct sysfs_inode_attrs *sd_attrs;
		71	struct iattr *iattrs;
50	unsigned int ia_valid = iattr->ia_valid;	72	unsigned int ia_valid = iattr->ia_valid;
51	int error;	73	int error;
52		74
53	if (!sd)	75	if (!sd)
54	return -EINVAL;	76	return -EINVAL;
55		77
56	sd_iattr = sd->s_iattr;	78	sd_attrs = sd->s_iattr;
57		79
58	error = inode_change_ok(inode, iattr);	80	error = inode_change_ok(inode, iattr);
59	if (error)	81	if (error)
@@ -65,42 +87,77 @@ int sysfs_setattr(struct dentry * dentry, struct iattr * iattr)
65	if (error)	87	if (error)
66	return error;	88	return error;
67		89
68	if (!sd_iattr) {	90	if (!sd_attrs) {
69	/* setting attributes for the first time, allocate now */	91	/* setting attributes for the first time, allocate now */
70	sd_iattr = kzalloc(sizeof(struct iattr), GFP_KERNEL);	92	sd_attrs = sysfs_init_inode_attrs(sd);
71	if (!sd_iattr)	93	if (!sd_attrs)
72	return -ENOMEM;	94	return -ENOMEM;
73	/* assign default attributes */	95	sd->s_iattr = sd_attrs;
74	sd_iattr->ia_mode = sd->s_mode;	96	} else {
75	sd_iattr->ia_uid = 0;	97	/* attributes were changed at least once in past */
76	sd_iattr->ia_gid = 0;	98	iattrs = &sd_attrs->ia_iattr;
77	sd_iattr->ia_atime = sd_iattr->ia_mtime = sd_iattr->ia_ctime = CURRENT_TIME;	99
78	sd->s_iattr = sd_iattr;	100	if (ia_valid & ATTR_UID)
		101	iattrs->ia_uid = iattr->ia_uid;
		102	if (ia_valid & ATTR_GID)
		103	iattrs->ia_gid = iattr->ia_gid;
		104	if (ia_valid & ATTR_ATIME)
		105	iattrs->ia_atime = timespec_trunc(iattr->ia_atime,
		106	inode->i_sb->s_time_gran);
		107	if (ia_valid & ATTR_MTIME)
		108	iattrs->ia_mtime = timespec_trunc(iattr->ia_mtime,
		109	inode->i_sb->s_time_gran);
		110	if (ia_valid & ATTR_CTIME)
		111	iattrs->ia_ctime = timespec_trunc(iattr->ia_ctime,
		112	inode->i_sb->s_time_gran);
		113	if (ia_valid & ATTR_MODE) {
		114	umode_t mode = iattr->ia_mode;
		115
		116	if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))
		117	mode &= ~S_ISGID;
		118	iattrs->ia_mode = sd->s_mode = mode;
		119	}
79	}	120	}
		121	return error;
		122	}
80		123
81	/* attributes were changed atleast once in past */	124	int sysfs_setxattr(struct dentry dentry, const char name, const void *value,
82		125	size_t size, int flags)
83	if (ia_valid & ATTR_UID)	126	{
84	sd_iattr->ia_uid = iattr->ia_uid;	127	struct sysfs_dirent *sd = dentry->d_fsdata;
85	if (ia_valid & ATTR_GID)	128	struct sysfs_inode_attrs *iattrs;
86	sd_iattr->ia_gid = iattr->ia_gid;	129	void *secdata;
87	if (ia_valid & ATTR_ATIME)	130	int error;
88	sd_iattr->ia_atime = timespec_trunc(iattr->ia_atime,	131	u32 secdata_len = 0;
89	inode->i_sb->s_time_gran);	132
90	if (ia_valid & ATTR_MTIME)	133	if (!sd)
91	sd_iattr->ia_mtime = timespec_trunc(iattr->ia_mtime,	134	return -EINVAL;
92	inode->i_sb->s_time_gran);	135	if (!sd->s_iattr)
93	if (ia_valid & ATTR_CTIME)	136	sd->s_iattr = sysfs_init_inode_attrs(sd);
94	sd_iattr->ia_ctime = timespec_trunc(iattr->ia_ctime,	137	if (!sd->s_iattr)
95	inode->i_sb->s_time_gran);	138	return -ENOMEM;
96	if (ia_valid & ATTR_MODE) {	139
97	umode_t mode = iattr->ia_mode;	140	iattrs = sd->s_iattr;
98		141
99	if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID))	142	if (!strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN)) {
100	mode &= ~S_ISGID;	143	const char *suffix = name + XATTR_SECURITY_PREFIX_LEN;
101	sd_iattr->ia_mode = sd->s_mode = mode;	144	error = security_inode_setsecurity(dentry->d_inode, suffix,
102	}	145	value, size, flags);
		146	if (error)
		147	goto out;
		148	error = security_inode_getsecctx(dentry->d_inode,
		149	&secdata, &secdata_len);
		150	if (error)
		151	goto out;
		152	if (iattrs->ia_secdata)
		153	security_release_secctx(iattrs->ia_secdata,
		154	iattrs->ia_secdata_len);
		155	iattrs->ia_secdata = secdata;
		156	iattrs->ia_secdata_len = secdata_len;
103		157
		158	} else
		159	return -EINVAL;
		160	out:
104	return error;	161	return error;
105	}	162	}
106		163
@@ -146,6 +203,7 @@ static int sysfs_count_nlink(struct sysfs_dirent *sd)
146	static void sysfs_init_inode(struct sysfs_dirent sd, struct inode inode)	203	static void sysfs_init_inode(struct sysfs_dirent sd, struct inode inode)
147	{	204	{
148	struct bin_attribute *bin_attr;	205	struct bin_attribute *bin_attr;
		206	struct sysfs_inode_attrs *iattrs;
149		207
150	inode->i_private = sysfs_get(sd);	208	inode->i_private = sysfs_get(sd);
151	inode->i_mapping->a_ops = &sysfs_aops;	209	inode->i_mapping->a_ops = &sysfs_aops;
@@ -154,16 +212,20 @@ static void sysfs_init_inode(struct sysfs_dirent sd, struct inode inode)
154	inode->i_ino = sd->s_ino;	212	inode->i_ino = sd->s_ino;
155	lockdep_set_class(&inode->i_mutex, &sysfs_inode_imutex_key);	213	lockdep_set_class(&inode->i_mutex, &sysfs_inode_imutex_key);
156		214
157	if (sd->s_iattr) {	215	iattrs = sd->s_iattr;
		216	if (iattrs) {
158	/* sysfs_dirent has non-default attributes	217	/* sysfs_dirent has non-default attributes
159	* get them for the new inode from persistent copy	218	* get them for the new inode from persistent copy
160	* in sysfs_dirent	219	* in sysfs_dirent
161	*/	220	*/
162	set_inode_attr(inode, sd->s_iattr);	221	set_inode_attr(inode, &iattrs->ia_iattr);
		222	if (iattrs->ia_secdata)
		223	security_inode_notifysecctx(inode,
		224	iattrs->ia_secdata,
		225	iattrs->ia_secdata_len);
163	} else	226	} else
164	set_default_inode_attr(inode, sd->s_mode);	227	set_default_inode_attr(inode, sd->s_mode);
165		228
166
167	/* initialize inode according to type */	229	/* initialize inode according to type */
168	switch (sysfs_type(sd)) {	230	switch (sysfs_type(sd)) {
169	case SYSFS_DIR:	231	case SYSFS_DIR:


diff --git a/fs/sysfs/symlink.c b/fs/sysfs/symlink.c index 1d897ad808e0..c5081ad77026 100644 --- a/fs/sysfs/symlink.c +++ b/fs/sysfs/symlink.c
@@ -16,6 +16,7 @@
16	#include <linux/kobject.h>	16	#include <linux/kobject.h>
17	#include <linux/namei.h>	17	#include <linux/namei.h>
18	#include <linux/mutex.h>	18	#include <linux/mutex.h>
		19	#include <linux/security.h>
19		20
20	#include "sysfs.h"	21	#include "sysfs.h"
21		22
@@ -209,6 +210,7 @@ static void sysfs_put_link(struct dentry dentry, struct nameidata nd, void *co
209	}	210	}
210		211
211	const struct inode_operations sysfs_symlink_inode_operations = {	212	const struct inode_operations sysfs_symlink_inode_operations = {
		213	.setxattr = sysfs_setxattr,
212	.readlink = generic_readlink,	214	.readlink = generic_readlink,
213	.follow_link = sysfs_follow_link,	215	.follow_link = sysfs_follow_link,
214	.put_link = sysfs_put_link,	216	.put_link = sysfs_put_link,


diff --git a/fs/sysfs/sysfs.h b/fs/sysfs/sysfs.h index 3fa0d98481e2..af4c4e7482ac 100644 --- a/fs/sysfs/sysfs.h +++ b/fs/sysfs/sysfs.h
@@ -8,6 +8,8 @@
8	* This file is released under the GPLv2.	8	* This file is released under the GPLv2.
9	*/	9	*/
10		10
		11	#include <linux/fs.h>
		12
11	struct sysfs_open_dirent;	13	struct sysfs_open_dirent;
12		14
13	/* type-specific structures for sysfs_dirent->s_* union members */	15	/* type-specific structures for sysfs_dirent->s_* union members */
@@ -31,6 +33,12 @@ struct sysfs_elem_bin_attr {
31	struct hlist_head buffers;	33	struct hlist_head buffers;
32	};	34	};
33		35
		36	struct sysfs_inode_attrs {
		37	struct iattr ia_iattr;
		38	void *ia_secdata;
		39	u32 ia_secdata_len;
		40	};
		41
34	/*	42	/*
35	* sysfs_dirent - the building block of sysfs hierarchy. Each and	43	* sysfs_dirent - the building block of sysfs hierarchy. Each and
36	* every sysfs node is represented by single sysfs_dirent.	44	* every sysfs node is represented by single sysfs_dirent.
@@ -56,7 +64,7 @@ struct sysfs_dirent {
56	unsigned int s_flags;	64	unsigned int s_flags;
57	ino_t s_ino;	65	ino_t s_ino;
58	umode_t s_mode;	66	umode_t s_mode;
59	struct iattr *s_iattr;	67	struct sysfs_inode_attrs *s_iattr;
60	};	68	};
61		69
62	#define SD_DEACTIVATED_BIAS INT_MIN	70	#define SD_DEACTIVATED_BIAS INT_MIN
@@ -148,6 +156,8 @@ static inline void __sysfs_put(struct sysfs_dirent *sd)
148	struct inode sysfs_get_inode(struct sysfs_dirent sd);	156	struct inode sysfs_get_inode(struct sysfs_dirent sd);
149	void sysfs_delete_inode(struct inode *inode);	157	void sysfs_delete_inode(struct inode *inode);
150	int sysfs_setattr(struct dentry dentry, struct iattr iattr);	158	int sysfs_setattr(struct dentry dentry, struct iattr iattr);
		159	int sysfs_setxattr(struct dentry dentry, const char name, const void *value,
		160	size_t size, int flags);
151	int sysfs_hash_and_remove(struct sysfs_dirent dir_sd, const char name);	161	int sysfs_hash_and_remove(struct sysfs_dirent dir_sd, const char name);
152	int sysfs_inode_init(void);	162	int sysfs_inode_init(void);
153		163


diff --git a/fs/xattr.c b/fs/xattr.c index 1c3d0af59ddf..6d4f6d3449fb 100644 --- a/fs/xattr.c +++ b/fs/xattr.c
@@ -66,22 +66,28 @@ xattr_permission(struct inode inode, const char name, int mask)
66	return inode_permission(inode, mask);	66	return inode_permission(inode, mask);
67	}	67	}
68		68
69	int	69	/**
70	vfs_setxattr(struct dentry dentry, const char name, const void *value,	70	* __vfs_setxattr_noperm - perform setxattr operation without performing
71	size_t size, int flags)	71	* permission checks.
		72	*
		73	* @dentry - object to perform setxattr on
		74	* @name - xattr name to set
		75	* @value - value to set @name to
		76	* @size - size of @value
		77	* @flags - flags to pass into filesystem operations
		78	*
		79	* returns the result of the internal setxattr or setsecurity operations.
		80	*
		81	* This function requires the caller to lock the inode's i_mutex before it
		82	* is executed. It also assumes that the caller will make the appropriate
		83	* permission checks.
		84	*/
		85	int __vfs_setxattr_noperm(struct dentry dentry, const char name,
		86	const void *value, size_t size, int flags)
72	{	87	{
73	struct inode *inode = dentry->d_inode;	88	struct inode *inode = dentry->d_inode;
74	int error;	89	int error = -EOPNOTSUPP;
75
76	error = xattr_permission(inode, name, MAY_WRITE);
77	if (error)
78	return error;
79		90
80	mutex_lock(&inode->i_mutex);
81	error = security_inode_setxattr(dentry, name, value, size, flags);
82	if (error)
83	goto out;
84	error = -EOPNOTSUPP;
85	if (inode->i_op->setxattr) {	91	if (inode->i_op->setxattr) {
86	error = inode->i_op->setxattr(dentry, name, value, size, flags);	92	error = inode->i_op->setxattr(dentry, name, value, size, flags);
87	if (!error) {	93	if (!error) {
@@ -97,6 +103,29 @@ vfs_setxattr(struct dentry dentry, const char name, const void *value,
97	if (!error)	103	if (!error)
98	fsnotify_xattr(dentry);	104	fsnotify_xattr(dentry);
99	}	105	}
		106
		107	return error;
		108	}
		109
		110
		111	int
		112	vfs_setxattr(struct dentry dentry, const char name, const void *value,
		113	size_t size, int flags)
		114	{
		115	struct inode *inode = dentry->d_inode;
		116	int error;
		117
		118	error = xattr_permission(inode, name, MAY_WRITE);
		119	if (error)
		120	return error;
		121
		122	mutex_lock(&inode->i_mutex);
		123	error = security_inode_setxattr(dentry, name, value, size, flags);
		124	if (error)
		125	goto out;
		126
		127	error = __vfs_setxattr_noperm(dentry, name, value, size, flags);
		128
100	out:	129	out:
101	mutex_unlock(&inode->i_mutex);	130	mutex_unlock(&inode->i_mutex);
102	return error;	131	return error;