diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-06-01 13:34:35 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-06-01 13:34:35 -0400 |
| commit | 1193755ac6328ad240ba987e6ec41d5e8baf0680 (patch) | |
| tree | 40bf847d7e3ebaa57b107151d14e6cd1d280cc6d /security | |
| parent | 4edebed86690eb8db9af3ab85baf4a34e73266cc (diff) | |
| parent | 0ef97dcfce4179a2eba046b855ee2f91d6f1b414 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs changes from Al Viro.
"A lot of misc stuff. The obvious groups:
* Miklos' atomic_open series; kills the damn abuse of
->d_revalidate() by NFS, which was the major stumbling block for
all work in that area.
* ripping security_file_mmap() and dealing with deadlocks in the
area; sanitizing the neighborhood of vm_mmap()/vm_munmap() in
general.
* ->encode_fh() switched to saner API; insane fake dentry in
mm/cleancache.c gone.
* assorted annotations in fs (endianness, __user)
* parts of Artem's ->s_dirty work (jff2 and reiserfs parts)
* ->update_time() work from Josef.
* other bits and pieces all over the place.
Normally it would've been in two or three pull requests, but
signal.git stuff had eaten a lot of time during this cycle ;-/"
Fix up trivial conflicts in Documentation/filesystems/vfs.txt (the
'truncate_range' inode method was removed by the VM changes, the VFS
update adds an 'update_time()' method), and in fs/btrfs/ulist.[ch] (due
to sparse fix added twice, with other changes nearby).
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (95 commits)
nfs: don't open in ->d_revalidate
vfs: retry last component if opening stale dentry
vfs: nameidata_to_filp(): don't throw away file on error
vfs: nameidata_to_filp(): inline __dentry_open()
vfs: do_dentry_open(): don't put filp
vfs: split __dentry_open()
vfs: do_last() common post lookup
vfs: do_last(): add audit_inode before open
vfs: do_last(): only return EISDIR for O_CREAT
vfs: do_last(): check LOOKUP_DIRECTORY
vfs: do_last(): make ENOENT exit RCU safe
vfs: make follow_link check RCU safe
vfs: do_last(): use inode variable
vfs: do_last(): inline walk_component()
vfs: do_last(): make exit RCU safe
vfs: split do_lookup()
Btrfs: move over to use ->update_time
fs: introduce inode operation ->update_time
reiserfs: get rid of resierfs_sync_super
reiserfs: mark the superblock as dirty a bit later
...
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/lsm.c | 15 | ||||
| -rw-r--r-- | security/capability.c | 3 | ||||
| -rw-r--r-- | security/commoncap.c | 17 | ||||
| -rw-r--r-- | security/security.c | 51 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 15 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 36 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 15 |
7 files changed, 80 insertions, 72 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 032daab449b0..8ea39aabe948 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -490,17 +490,9 @@ static int common_mmap(int op, struct file *file, unsigned long prot, | |||
| 490 | return common_file_perm(op, file, mask); | 490 | return common_file_perm(op, file, mask); |
| 491 | } | 491 | } |
| 492 | 492 | ||
| 493 | static int apparmor_file_mmap(struct file *file, unsigned long reqprot, | 493 | static int apparmor_mmap_file(struct file *file, unsigned long reqprot, |
| 494 | unsigned long prot, unsigned long flags, | 494 | unsigned long prot, unsigned long flags) |
| 495 | unsigned long addr, unsigned long addr_only) | ||
| 496 | { | 495 | { |
| 497 | int rc = 0; | ||
| 498 | |||
| 499 | /* do DAC check */ | ||
| 500 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | ||
| 501 | if (rc || addr_only) | ||
| 502 | return rc; | ||
| 503 | |||
| 504 | return common_mmap(OP_FMMAP, file, prot, flags); | 496 | return common_mmap(OP_FMMAP, file, prot, flags); |
| 505 | } | 497 | } |
| 506 | 498 | ||
| @@ -646,7 +638,8 @@ static struct security_operations apparmor_ops = { | |||
| 646 | .file_permission = apparmor_file_permission, | 638 | .file_permission = apparmor_file_permission, |
| 647 | .file_alloc_security = apparmor_file_alloc_security, | 639 | .file_alloc_security = apparmor_file_alloc_security, |
| 648 | .file_free_security = apparmor_file_free_security, | 640 | .file_free_security = apparmor_file_free_security, |
| 649 | .file_mmap = apparmor_file_mmap, | 641 | .mmap_file = apparmor_mmap_file, |
| 642 | .mmap_addr = cap_mmap_addr, | ||
| 650 | .file_mprotect = apparmor_file_mprotect, | 643 | .file_mprotect = apparmor_file_mprotect, |
| 651 | .file_lock = apparmor_file_lock, | 644 | .file_lock = apparmor_file_lock, |
| 652 | 645 | ||
diff --git a/security/capability.c b/security/capability.c index fca889676c5e..61095df8b89a 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -949,7 +949,8 @@ void __init security_fixup_ops(struct security_operations *ops) | |||
| 949 | set_to_cap_if_null(ops, file_alloc_security); | 949 | set_to_cap_if_null(ops, file_alloc_security); |
| 950 | set_to_cap_if_null(ops, file_free_security); | 950 | set_to_cap_if_null(ops, file_free_security); |
| 951 | set_to_cap_if_null(ops, file_ioctl); | 951 | set_to_cap_if_null(ops, file_ioctl); |
| 952 | set_to_cap_if_null(ops, file_mmap); | 952 | set_to_cap_if_null(ops, mmap_addr); |
| 953 | set_to_cap_if_null(ops, mmap_file); | ||
| 953 | set_to_cap_if_null(ops, file_mprotect); | 954 | set_to_cap_if_null(ops, file_mprotect); |
| 954 | set_to_cap_if_null(ops, file_lock); | 955 | set_to_cap_if_null(ops, file_lock); |
| 955 | set_to_cap_if_null(ops, file_fcntl); | 956 | set_to_cap_if_null(ops, file_fcntl); |
diff --git a/security/commoncap.c b/security/commoncap.c index e771cb1b2d79..6dbae4650abe 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -958,22 +958,15 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
| 958 | } | 958 | } |
| 959 | 959 | ||
| 960 | /* | 960 | /* |
| 961 | * cap_file_mmap - check if able to map given addr | 961 | * cap_mmap_addr - check if able to map given addr |
| 962 | * @file: unused | ||
| 963 | * @reqprot: unused | ||
| 964 | * @prot: unused | ||
| 965 | * @flags: unused | ||
| 966 | * @addr: address attempting to be mapped | 962 | * @addr: address attempting to be mapped |
| 967 | * @addr_only: unused | ||
| 968 | * | 963 | * |
| 969 | * If the process is attempting to map memory below dac_mmap_min_addr they need | 964 | * If the process is attempting to map memory below dac_mmap_min_addr they need |
| 970 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the | 965 | * CAP_SYS_RAWIO. The other parameters to this function are unused by the |
| 971 | * capability security module. Returns 0 if this mapping should be allowed | 966 | * capability security module. Returns 0 if this mapping should be allowed |
| 972 | * -EPERM if not. | 967 | * -EPERM if not. |
| 973 | */ | 968 | */ |
| 974 | int cap_file_mmap(struct file *file, unsigned long reqprot, | 969 | int cap_mmap_addr(unsigned long addr) |
| 975 | unsigned long prot, unsigned long flags, | ||
| 976 | unsigned long addr, unsigned long addr_only) | ||
| 977 | { | 970 | { |
| 978 | int ret = 0; | 971 | int ret = 0; |
| 979 | 972 | ||
| @@ -986,3 +979,9 @@ int cap_file_mmap(struct file *file, unsigned long reqprot, | |||
| 986 | } | 979 | } |
| 987 | return ret; | 980 | return ret; |
| 988 | } | 981 | } |
| 982 | |||
| 983 | int cap_mmap_file(struct file *file, unsigned long reqprot, | ||
| 984 | unsigned long prot, unsigned long flags) | ||
| 985 | { | ||
| 986 | return 0; | ||
| 987 | } | ||
diff --git a/security/security.c b/security/security.c index 5497a57fba01..3efc9b12aef4 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -20,6 +20,9 @@ | |||
| 20 | #include <linux/ima.h> | 20 | #include <linux/ima.h> |
| 21 | #include <linux/evm.h> | 21 | #include <linux/evm.h> |
| 22 | #include <linux/fsnotify.h> | 22 | #include <linux/fsnotify.h> |
| 23 | #include <linux/mman.h> | ||
| 24 | #include <linux/mount.h> | ||
| 25 | #include <linux/personality.h> | ||
| 23 | #include <net/flow.h> | 26 | #include <net/flow.h> |
| 24 | 27 | ||
| 25 | #define MAX_LSM_EVM_XATTR 2 | 28 | #define MAX_LSM_EVM_XATTR 2 |
| @@ -657,18 +660,56 @@ int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) | |||
| 657 | return security_ops->file_ioctl(file, cmd, arg); | 660 | return security_ops->file_ioctl(file, cmd, arg); |
| 658 | } | 661 | } |
| 659 | 662 | ||
| 660 | int security_file_mmap(struct file *file, unsigned long reqprot, | 663 | static inline unsigned long mmap_prot(struct file *file, unsigned long prot) |
| 661 | unsigned long prot, unsigned long flags, | ||
| 662 | unsigned long addr, unsigned long addr_only) | ||
| 663 | { | 664 | { |
| 664 | int ret; | 665 | /* |
| 666 | * Does we have PROT_READ and does the application expect | ||
| 667 | * it to imply PROT_EXEC? If not, nothing to talk about... | ||
| 668 | */ | ||
| 669 | if ((prot & (PROT_READ | PROT_EXEC)) != PROT_READ) | ||
| 670 | return prot; | ||
| 671 | if (!(current->personality & READ_IMPLIES_EXEC)) | ||
| 672 | return prot; | ||
| 673 | /* | ||
| 674 | * if that's an anonymous mapping, let it. | ||
| 675 | */ | ||
| 676 | if (!file) | ||
| 677 | return prot | PROT_EXEC; | ||
| 678 | /* | ||
| 679 | * ditto if it's not on noexec mount, except that on !MMU we need | ||
| 680 | * BDI_CAP_EXEC_MMAP (== VM_MAYEXEC) in this case | ||
| 681 | */ | ||
| 682 | if (!(file->f_path.mnt->mnt_flags & MNT_NOEXEC)) { | ||
| 683 | #ifndef CONFIG_MMU | ||
| 684 | unsigned long caps = 0; | ||
| 685 | struct address_space *mapping = file->f_mapping; | ||
| 686 | if (mapping && mapping->backing_dev_info) | ||
| 687 | caps = mapping->backing_dev_info->capabilities; | ||
| 688 | if (!(caps & BDI_CAP_EXEC_MAP)) | ||
| 689 | return prot; | ||
| 690 | #endif | ||
| 691 | return prot | PROT_EXEC; | ||
| 692 | } | ||
| 693 | /* anything on noexec mount won't get PROT_EXEC */ | ||
| 694 | return prot; | ||
| 695 | } | ||
| 665 | 696 | ||
| 666 | ret = security_ops->file_mmap(file, reqprot, prot, flags, addr, addr_only); | 697 | int security_mmap_file(struct file *file, unsigned long prot, |
| 698 | unsigned long flags) | ||
| 699 | { | ||
| 700 | int ret; | ||
| 701 | ret = security_ops->mmap_file(file, prot, | ||
| 702 | mmap_prot(file, prot), flags); | ||
| 667 | if (ret) | 703 | if (ret) |
| 668 | return ret; | 704 | return ret; |
| 669 | return ima_file_mmap(file, prot); | 705 | return ima_file_mmap(file, prot); |
| 670 | } | 706 | } |
| 671 | 707 | ||
| 708 | int security_mmap_addr(unsigned long addr) | ||
| 709 | { | ||
| 710 | return security_ops->mmap_addr(addr); | ||
| 711 | } | ||
| 712 | |||
| 672 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, | 713 | int security_file_mprotect(struct vm_area_struct *vma, unsigned long reqprot, |
| 673 | unsigned long prot) | 714 | unsigned long prot) |
| 674 | { | 715 | { |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fa2341b68331..372ec6502aa8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3083,9 +3083,7 @@ error: | |||
| 3083 | return rc; | 3083 | return rc; |
| 3084 | } | 3084 | } |
| 3085 | 3085 | ||
| 3086 | static int selinux_file_mmap(struct file *file, unsigned long reqprot, | 3086 | static int selinux_mmap_addr(unsigned long addr) |
| 3087 | unsigned long prot, unsigned long flags, | ||
| 3088 | unsigned long addr, unsigned long addr_only) | ||
| 3089 | { | 3087 | { |
| 3090 | int rc = 0; | 3088 | int rc = 0; |
| 3091 | u32 sid = current_sid(); | 3089 | u32 sid = current_sid(); |
| @@ -3104,10 +3102,12 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot, | |||
| 3104 | } | 3102 | } |
| 3105 | 3103 | ||
| 3106 | /* do DAC check on address space usage */ | 3104 | /* do DAC check on address space usage */ |
| 3107 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | 3105 | return cap_mmap_addr(addr); |
| 3108 | if (rc || addr_only) | 3106 | } |
| 3109 | return rc; | ||
| 3110 | 3107 | ||
| 3108 | static int selinux_mmap_file(struct file *file, unsigned long reqprot, | ||
| 3109 | unsigned long prot, unsigned long flags) | ||
| 3110 | { | ||
| 3111 | if (selinux_checkreqprot) | 3111 | if (selinux_checkreqprot) |
| 3112 | prot = reqprot; | 3112 | prot = reqprot; |
| 3113 | 3113 | ||
| @@ -5570,7 +5570,8 @@ static struct security_operations selinux_ops = { | |||
| 5570 | .file_alloc_security = selinux_file_alloc_security, | 5570 | .file_alloc_security = selinux_file_alloc_security, |
| 5571 | .file_free_security = selinux_file_free_security, | 5571 | .file_free_security = selinux_file_free_security, |
| 5572 | .file_ioctl = selinux_file_ioctl, | 5572 | .file_ioctl = selinux_file_ioctl, |
| 5573 | .file_mmap = selinux_file_mmap, | 5573 | .mmap_file = selinux_mmap_file, |
| 5574 | .mmap_addr = selinux_mmap_addr, | ||
| 5574 | .file_mprotect = selinux_file_mprotect, | 5575 | .file_mprotect = selinux_file_mprotect, |
| 5575 | .file_lock = selinux_file_lock, | 5576 | .file_lock = selinux_file_lock, |
| 5576 | .file_fcntl = selinux_file_fcntl, | 5577 | .file_fcntl = selinux_file_fcntl, |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4e93f9ef970b..3ad290251288 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -1259,12 +1259,8 @@ static int sel_make_bools(void) | |||
| 1259 | if (!inode) | 1259 | if (!inode) |
| 1260 | goto out; | 1260 | goto out; |
| 1261 | 1261 | ||
| 1262 | ret = -EINVAL; | ||
| 1263 | len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); | ||
| 1264 | if (len < 0) | ||
| 1265 | goto out; | ||
| 1266 | |||
| 1267 | ret = -ENAMETOOLONG; | 1262 | ret = -ENAMETOOLONG; |
| 1263 | len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); | ||
| 1268 | if (len >= PAGE_SIZE) | 1264 | if (len >= PAGE_SIZE) |
| 1269 | goto out; | 1265 | goto out; |
| 1270 | 1266 | ||
| @@ -1557,19 +1553,10 @@ static inline u32 sel_ino_to_perm(unsigned long ino) | |||
| 1557 | static ssize_t sel_read_class(struct file *file, char __user *buf, | 1553 | static ssize_t sel_read_class(struct file *file, char __user *buf, |
| 1558 | size_t count, loff_t *ppos) | 1554 | size_t count, loff_t *ppos) |
| 1559 | { | 1555 | { |
| 1560 | ssize_t rc, len; | ||
| 1561 | char *page; | ||
| 1562 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1556 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; |
| 1563 | 1557 | char res[TMPBUFLEN]; | |
| 1564 | page = (char *)__get_free_page(GFP_KERNEL); | 1558 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); |
| 1565 | if (!page) | 1559 | return simple_read_from_buffer(buf, count, ppos, res, len); |
| 1566 | return -ENOMEM; | ||
| 1567 | |||
| 1568 | len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino)); | ||
| 1569 | rc = simple_read_from_buffer(buf, count, ppos, page, len); | ||
| 1570 | free_page((unsigned long)page); | ||
| 1571 | |||
| 1572 | return rc; | ||
| 1573 | } | 1560 | } |
| 1574 | 1561 | ||
| 1575 | static const struct file_operations sel_class_ops = { | 1562 | static const struct file_operations sel_class_ops = { |
| @@ -1580,19 +1567,10 @@ static const struct file_operations sel_class_ops = { | |||
| 1580 | static ssize_t sel_read_perm(struct file *file, char __user *buf, | 1567 | static ssize_t sel_read_perm(struct file *file, char __user *buf, |
| 1581 | size_t count, loff_t *ppos) | 1568 | size_t count, loff_t *ppos) |
| 1582 | { | 1569 | { |
| 1583 | ssize_t rc, len; | ||
| 1584 | char *page; | ||
| 1585 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1570 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; |
| 1586 | 1571 | char res[TMPBUFLEN]; | |
| 1587 | page = (char *)__get_free_page(GFP_KERNEL); | 1572 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); |
| 1588 | if (!page) | 1573 | return simple_read_from_buffer(buf, count, ppos, res, len); |
| 1589 | return -ENOMEM; | ||
| 1590 | |||
| 1591 | len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino)); | ||
| 1592 | rc = simple_read_from_buffer(buf, count, ppos, page, len); | ||
| 1593 | free_page((unsigned long)page); | ||
| 1594 | |||
| 1595 | return rc; | ||
| 1596 | } | 1574 | } |
| 1597 | 1575 | ||
| 1598 | static const struct file_operations sel_perm_ops = { | 1576 | static const struct file_operations sel_perm_ops = { |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index d583c0545808..ee0bb5735f35 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1171,7 +1171,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1171 | } | 1171 | } |
| 1172 | 1172 | ||
| 1173 | /** | 1173 | /** |
| 1174 | * smack_file_mmap : | 1174 | * smack_mmap_file : |
| 1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. | 1175 | * Check permissions for a mmap operation. The @file may be NULL, e.g. |
| 1176 | * if mapping anonymous memory. | 1176 | * if mapping anonymous memory. |
| 1177 | * @file contains the file structure for file to map (may be NULL). | 1177 | * @file contains the file structure for file to map (may be NULL). |
| @@ -1180,10 +1180,9 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, | |||
| 1180 | * @flags contains the operational flags. | 1180 | * @flags contains the operational flags. |
| 1181 | * Return 0 if permission is granted. | 1181 | * Return 0 if permission is granted. |
| 1182 | */ | 1182 | */ |
| 1183 | static int smack_file_mmap(struct file *file, | 1183 | static int smack_mmap_file(struct file *file, |
| 1184 | unsigned long reqprot, unsigned long prot, | 1184 | unsigned long reqprot, unsigned long prot, |
| 1185 | unsigned long flags, unsigned long addr, | 1185 | unsigned long flags) |
| 1186 | unsigned long addr_only) | ||
| 1187 | { | 1186 | { |
| 1188 | struct smack_known *skp; | 1187 | struct smack_known *skp; |
| 1189 | struct smack_rule *srp; | 1188 | struct smack_rule *srp; |
| @@ -1198,11 +1197,6 @@ static int smack_file_mmap(struct file *file, | |||
| 1198 | int tmay; | 1197 | int tmay; |
| 1199 | int rc; | 1198 | int rc; |
| 1200 | 1199 | ||
| 1201 | /* do DAC check on address space usage */ | ||
| 1202 | rc = cap_file_mmap(file, reqprot, prot, flags, addr, addr_only); | ||
| 1203 | if (rc || addr_only) | ||
| 1204 | return rc; | ||
| 1205 | |||
| 1206 | if (file == NULL || file->f_dentry == NULL) | 1200 | if (file == NULL || file->f_dentry == NULL) |
| 1207 | return 0; | 1201 | return 0; |
| 1208 | 1202 | ||
| @@ -3482,7 +3476,8 @@ struct security_operations smack_ops = { | |||
| 3482 | .file_ioctl = smack_file_ioctl, | 3476 | .file_ioctl = smack_file_ioctl, |
| 3483 | .file_lock = smack_file_lock, | 3477 | .file_lock = smack_file_lock, |
| 3484 | .file_fcntl = smack_file_fcntl, | 3478 | .file_fcntl = smack_file_fcntl, |
| 3485 | .file_mmap = smack_file_mmap, | 3479 | .mmap_file = smack_mmap_file, |
| 3480 | .mmap_addr = cap_mmap_addr, | ||
| 3486 | .file_set_fowner = smack_file_set_fowner, | 3481 | .file_set_fowner = smack_file_set_fowner, |
| 3487 | .file_send_sigiotask = smack_file_send_sigiotask, | 3482 | .file_send_sigiotask = smack_file_send_sigiotask, |
| 3488 | .file_receive = smack_file_receive, | 3483 | .file_receive = smack_file_receive, |