[AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch

From: Catherine Zhang <cxzhang@watson.ibm.com> This patch implements a cleaner fix for the memory leak problem of the original unix datagram getpeersec patch. Instead of creating a security context each time a unix datagram is sent, we only create the security context when the receiver requests it. This new design requires modification of the current unix_getsecpeer_dgram LSM hook and addition of two new hooks, namely, secid_to_secctx and release_secctx. The former retrieves the security context and the latter releases it. A hook is required for releasing the security context because it is up to the security module to decide how that's done. In the case of Selinux, it's a simple kfree operation. Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Catherine Zhang <cxzhang@watson.ibm.com> 2006-08-02 17:12:06 -0400
committer: David S. Miller <davem@davemloft.net> 2006-08-02 17:12:06 -0400
commit: dc49c1f94e3469d94b952e8f5160dd4ccd791d79 (patch)
tree: e47b1974c262a03dbabf0a148325d9089817e78e /security
parent: 2b7e24b66d31d677d76b49918e711eb360c978b6 (diff)
2 files changed, 36 insertions, 16 deletions
diff --git a/security/dummy.c b/security/dummy.c
index bbbfda70e131..58c6d399c844 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -791,8 +791,7 @@ static int dummy_socket_getpeersec_stream(struct socket *sock, char __user *optv
        return -ENOPROTOOPT;
 }
-static int dummy_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata,
+static int dummy_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
-                                         u32 *seclen)
 {
        return -ENOPROTOOPT;
 }
@@ -876,6 +875,15 @@ static int dummy_setprocattr(struct task_struct *p, char *name, void *value, siz
        return -EINVAL;
 }
+static int dummy_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+{
+        return -EOPNOTSUPP;
+}
+static void dummy_release_secctx(char *secdata, u32 seclen)
+{
+}
 #ifdef CONFIG_KEYS
 static inline int dummy_key_alloc(struct key *key, struct task_struct *ctx,
                                  unsigned long flags)
@@ -1028,6 +1036,8 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, d_instantiate);
        set_to_dummy_if_null(ops, getprocattr);
        set_to_dummy_if_null(ops, setprocattr);
+        set_to_dummy_if_null(ops, secid_to_secctx);
+        set_to_dummy_if_null(ops, release_secctx);
 #ifdef CONFIG_SECURITY_NETWORK
        set_to_dummy_if_null(ops, unix_stream_connect);
        set_to_dummy_if_null(ops, unix_may_send);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a91c961ba38b..5d1b8c733199 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3524,25 +3524,21 @@ out:
        return err;
 }
-static int selinux_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata, u32 *seclen)
+static int selinux_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u32 *secid)
 {
+        u32 peer_secid = SECSID_NULL;
        int err = 0;
-        u32 peer_sid;
-        if (skb->sk->sk_family == PF_UNIX)
+        if (sock && (sock->sk->sk_family == PF_UNIX))
-                selinux_get_inode_sid(SOCK_INODE(skb->sk->sk_socket),
+                selinux_get_inode_sid(SOCK_INODE(sock), &peer_secid);
-                                      &peer_sid);
+        else if (skb)
-        else
+                peer_secid = selinux_socket_getpeer_dgram(skb);
-                peer_sid = selinux_socket_getpeer_dgram(skb);
-        if (peer_sid == SECSID_NULL)
-                return -EINVAL;
-        err = security_sid_to_context(peer_sid, secdata, seclen);
+        if (peer_secid == SECSID_NULL)
-        if (err)
+                err = -EINVAL;
-                return err;
+        *secid = peer_secid;
-        return 0;
+        return err;
 }
 static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority)
@@ -4407,6 +4403,17 @@ static int selinux_setprocattr(struct task_struct *p,
        return size;
 }
+static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
+{
+        return security_sid_to_context(secid, secdata, seclen);
+}
+static void selinux_release_secctx(char *secdata, u32 seclen)
+{
+        if (secdata)
+                kfree(secdata);
+}
 #ifdef CONFIG_KEYS
 static int selinux_key_alloc(struct key *k, struct task_struct *tsk,
@@ -4587,6 +4594,9 @@ static struct security_operations selinux_ops = {
        .getprocattr =                  selinux_getprocattr,
        .setprocattr =                  selinux_setprocattr,
+        .secid_to_secctx =              selinux_secid_to_secctx,
+        .release_secctx =               selinux_release_secctx,
        .unix_stream_connect =          selinux_socket_unix_stream_connect,
        .unix_may_send =                selinux_socket_unix_may_send,
author	Catherine Zhang <cxzhang@watson.ibm.com>	2006-08-02 17:12:06 -0400
committer	David S. Miller <davem@davemloft.net>	2006-08-02 17:12:06 -0400
commit	dc49c1f94e3469d94b952e8f5160dd4ccd791d79 (patch)
tree	e47b1974c262a03dbabf0a148325d9089817e78e /security
parent	2b7e24b66d31d677d76b49918e711eb360c978b6 (diff)