diff options
author | Catherine Zhang <cxzhang@watson.ibm.com> | 2006-08-02 17:12:06 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-08-02 17:12:06 -0400 |
commit | dc49c1f94e3469d94b952e8f5160dd4ccd791d79 (patch) | |
tree | e47b1974c262a03dbabf0a148325d9089817e78e /include | |
parent | 2b7e24b66d31d677d76b49918e711eb360c978b6 (diff) |
[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch
From: Catherine Zhang <cxzhang@watson.ibm.com>
This patch implements a cleaner fix for the memory leak problem of the
original unix datagram getpeersec patch. Instead of creating a
security context each time a unix datagram is sent, we only create the
security context when the receiver requests it.
This new design requires modification of the current
unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely,
secid_to_secctx and release_secctx. The former retrieves the security
context and the latter releases it. A hook is required for releasing
the security context because it is up to the security module to decide
how that's done. In the case of Selinux, it's a simple kfree
operation.
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/security.h | 41 | ||||
-rw-r--r-- | include/net/af_unix.h | 6 | ||||
-rw-r--r-- | include/net/scm.h | 29 |
3 files changed, 62 insertions, 14 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index f75303831d09..aa5b8043dc38 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1109,6 +1109,16 @@ struct swap_info_struct; | |||
1109 | * @name contains the name of the security module being unstacked. | 1109 | * @name contains the name of the security module being unstacked. |
1110 | * @ops contains a pointer to the struct security_operations of the module to unstack. | 1110 | * @ops contains a pointer to the struct security_operations of the module to unstack. |
1111 | * | 1111 | * |
1112 | * @secid_to_secctx: | ||
1113 | * Convert secid to security context. | ||
1114 | * @secid contains the security ID. | ||
1115 | * @secdata contains the pointer that stores the converted security context. | ||
1116 | * | ||
1117 | * @release_secctx: | ||
1118 | * Release the security context. | ||
1119 | * @secdata contains the security context. | ||
1120 | * @seclen contains the length of the security context. | ||
1121 | * | ||
1112 | * This is the main security structure. | 1122 | * This is the main security structure. |
1113 | */ | 1123 | */ |
1114 | struct security_operations { | 1124 | struct security_operations { |
@@ -1289,6 +1299,8 @@ struct security_operations { | |||
1289 | 1299 | ||
1290 | int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); | 1300 | int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); |
1291 | int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); | 1301 | int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); |
1302 | int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); | ||
1303 | void (*release_secctx)(char *secdata, u32 seclen); | ||
1292 | 1304 | ||
1293 | #ifdef CONFIG_SECURITY_NETWORK | 1305 | #ifdef CONFIG_SECURITY_NETWORK |
1294 | int (*unix_stream_connect) (struct socket * sock, | 1306 | int (*unix_stream_connect) (struct socket * sock, |
@@ -1317,7 +1329,7 @@ struct security_operations { | |||
1317 | int (*socket_shutdown) (struct socket * sock, int how); | 1329 | int (*socket_shutdown) (struct socket * sock, int how); |
1318 | int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); | 1330 | int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb); |
1319 | int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); | 1331 | int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len); |
1320 | int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen); | 1332 | int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid); |
1321 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); | 1333 | int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority); |
1322 | void (*sk_free_security) (struct sock *sk); | 1334 | void (*sk_free_security) (struct sock *sk); |
1323 | unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); | 1335 | unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir); |
@@ -2059,6 +2071,16 @@ static inline int security_netlink_recv(struct sk_buff * skb, int cap) | |||
2059 | return security_ops->netlink_recv(skb, cap); | 2071 | return security_ops->netlink_recv(skb, cap); |
2060 | } | 2072 | } |
2061 | 2073 | ||
2074 | static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | ||
2075 | { | ||
2076 | return security_ops->secid_to_secctx(secid, secdata, seclen); | ||
2077 | } | ||
2078 | |||
2079 | static inline void security_release_secctx(char *secdata, u32 seclen) | ||
2080 | { | ||
2081 | return security_ops->release_secctx(secdata, seclen); | ||
2082 | } | ||
2083 | |||
2062 | /* prototypes */ | 2084 | /* prototypes */ |
2063 | extern int security_init (void); | 2085 | extern int security_init (void); |
2064 | extern int register_security (struct security_operations *ops); | 2086 | extern int register_security (struct security_operations *ops); |
@@ -2725,6 +2747,15 @@ static inline void securityfs_remove(struct dentry *dentry) | |||
2725 | { | 2747 | { |
2726 | } | 2748 | } |
2727 | 2749 | ||
2750 | static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) | ||
2751 | { | ||
2752 | return -EOPNOTSUPP; | ||
2753 | } | ||
2754 | |||
2755 | static inline void security_release_secctx(char *secdata, u32 seclen) | ||
2756 | { | ||
2757 | return -EOPNOTSUPP; | ||
2758 | } | ||
2728 | #endif /* CONFIG_SECURITY */ | 2759 | #endif /* CONFIG_SECURITY */ |
2729 | 2760 | ||
2730 | #ifdef CONFIG_SECURITY_NETWORK | 2761 | #ifdef CONFIG_SECURITY_NETWORK |
@@ -2840,10 +2871,9 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __ | |||
2840 | return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); | 2871 | return security_ops->socket_getpeersec_stream(sock, optval, optlen, len); |
2841 | } | 2872 | } |
2842 | 2873 | ||
2843 | static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, | 2874 | static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) |
2844 | u32 *seclen) | ||
2845 | { | 2875 | { |
2846 | return security_ops->socket_getpeersec_dgram(skb, secdata, seclen); | 2876 | return security_ops->socket_getpeersec_dgram(sock, skb, secid); |
2847 | } | 2877 | } |
2848 | 2878 | ||
2849 | static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) | 2879 | static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority) |
@@ -2968,8 +2998,7 @@ static inline int security_socket_getpeersec_stream(struct socket *sock, char __ | |||
2968 | return -ENOPROTOOPT; | 2998 | return -ENOPROTOOPT; |
2969 | } | 2999 | } |
2970 | 3000 | ||
2971 | static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, | 3001 | static inline int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid) |
2972 | u32 *seclen) | ||
2973 | { | 3002 | { |
2974 | return -ENOPROTOOPT; | 3003 | return -ENOPROTOOPT; |
2975 | } | 3004 | } |
diff --git a/include/net/af_unix.h b/include/net/af_unix.h index 2fec827c8801..c0398f5a8cb9 100644 --- a/include/net/af_unix.h +++ b/include/net/af_unix.h | |||
@@ -54,15 +54,13 @@ struct unix_skb_parms { | |||
54 | struct ucred creds; /* Skb credentials */ | 54 | struct ucred creds; /* Skb credentials */ |
55 | struct scm_fp_list *fp; /* Passed files */ | 55 | struct scm_fp_list *fp; /* Passed files */ |
56 | #ifdef CONFIG_SECURITY_NETWORK | 56 | #ifdef CONFIG_SECURITY_NETWORK |
57 | char *secdata; /* Security context */ | 57 | u32 secid; /* Security ID */ |
58 | u32 seclen; /* Security length */ | ||
59 | #endif | 58 | #endif |
60 | }; | 59 | }; |
61 | 60 | ||
62 | #define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) | 61 | #define UNIXCB(skb) (*(struct unix_skb_parms*)&((skb)->cb)) |
63 | #define UNIXCREDS(skb) (&UNIXCB((skb)).creds) | 62 | #define UNIXCREDS(skb) (&UNIXCB((skb)).creds) |
64 | #define UNIXSECDATA(skb) (&UNIXCB((skb)).secdata) | 63 | #define UNIXSID(skb) (&UNIXCB((skb)).secid) |
65 | #define UNIXSECLEN(skb) (&UNIXCB((skb)).seclen) | ||
66 | 64 | ||
67 | #define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) | 65 | #define unix_state_rlock(s) spin_lock(&unix_sk(s)->lock) |
68 | #define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) | 66 | #define unix_state_runlock(s) spin_unlock(&unix_sk(s)->lock) |
diff --git a/include/net/scm.h b/include/net/scm.h index 02daa097cdcd..5637d5e22d5f 100644 --- a/include/net/scm.h +++ b/include/net/scm.h | |||
@@ -3,6 +3,7 @@ | |||
3 | 3 | ||
4 | #include <linux/limits.h> | 4 | #include <linux/limits.h> |
5 | #include <linux/net.h> | 5 | #include <linux/net.h> |
6 | #include <linux/security.h> | ||
6 | 7 | ||
7 | /* Well, we should have at least one descriptor open | 8 | /* Well, we should have at least one descriptor open |
8 | * to accept passed FDs 8) | 9 | * to accept passed FDs 8) |
@@ -20,8 +21,7 @@ struct scm_cookie | |||
20 | struct ucred creds; /* Skb credentials */ | 21 | struct ucred creds; /* Skb credentials */ |
21 | struct scm_fp_list *fp; /* Passed files */ | 22 | struct scm_fp_list *fp; /* Passed files */ |
22 | #ifdef CONFIG_SECURITY_NETWORK | 23 | #ifdef CONFIG_SECURITY_NETWORK |
23 | char *secdata; /* Security context */ | 24 | u32 secid; /* Passed security ID */ |
24 | u32 seclen; /* Security length */ | ||
25 | #endif | 25 | #endif |
26 | unsigned long seq; /* Connection seqno */ | 26 | unsigned long seq; /* Connection seqno */ |
27 | }; | 27 | }; |
@@ -32,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie | |||
32 | extern void __scm_destroy(struct scm_cookie *scm); | 32 | extern void __scm_destroy(struct scm_cookie *scm); |
33 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); | 33 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); |
34 | 34 | ||
35 | #ifdef CONFIG_SECURITY_NETWORK | ||
36 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | ||
37 | { | ||
38 | security_socket_getpeersec_dgram(sock, NULL, &scm->secid); | ||
39 | } | ||
40 | #else | ||
41 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | ||
42 | { } | ||
43 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
44 | |||
35 | static __inline__ void scm_destroy(struct scm_cookie *scm) | 45 | static __inline__ void scm_destroy(struct scm_cookie *scm) |
36 | { | 46 | { |
37 | if (scm && scm->fp) | 47 | if (scm && scm->fp) |
@@ -47,6 +57,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
47 | scm->creds.pid = p->tgid; | 57 | scm->creds.pid = p->tgid; |
48 | scm->fp = NULL; | 58 | scm->fp = NULL; |
49 | scm->seq = 0; | 59 | scm->seq = 0; |
60 | unix_get_peersec_dgram(sock, scm); | ||
50 | if (msg->msg_controllen <= 0) | 61 | if (msg->msg_controllen <= 0) |
51 | return 0; | 62 | return 0; |
52 | return __scm_send(sock, msg, scm); | 63 | return __scm_send(sock, msg, scm); |
@@ -55,8 +66,18 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
55 | #ifdef CONFIG_SECURITY_NETWORK | 66 | #ifdef CONFIG_SECURITY_NETWORK |
56 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | 67 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) |
57 | { | 68 | { |
58 | if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) | 69 | char *secdata; |
59 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); | 70 | u32 seclen; |
71 | int err; | ||
72 | |||
73 | if (test_bit(SOCK_PASSSEC, &sock->flags)) { | ||
74 | err = security_secid_to_secctx(scm->secid, &secdata, &seclen); | ||
75 | |||
76 | if (!err) { | ||
77 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); | ||
78 | security_release_secctx(secdata, seclen); | ||
79 | } | ||
80 | } | ||
60 | } | 81 | } |
61 | #else | 82 | #else |
62 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | 83 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) |