diff options
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/audit.c | 12 | ||||
| -rw-r--r-- | kernel/audit_tree.c | 28 | ||||
| -rw-r--r-- | kernel/auditfilter.c | 15 | ||||
| -rw-r--r-- | kernel/auditsc.c | 28 | ||||
| -rw-r--r-- | kernel/exit.c | 12 | ||||
| -rw-r--r-- | kernel/fork.c | 18 | ||||
| -rw-r--r-- | kernel/kmod.c | 5 |
7 files changed, 53 insertions, 65 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index c8555b180213..2eeea9a14240 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -1312,26 +1312,26 @@ void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) | |||
| 1312 | 1312 | ||
| 1313 | /* This is a helper-function to print the escaped d_path */ | 1313 | /* This is a helper-function to print the escaped d_path */ |
| 1314 | void audit_log_d_path(struct audit_buffer *ab, const char *prefix, | 1314 | void audit_log_d_path(struct audit_buffer *ab, const char *prefix, |
| 1315 | struct dentry *dentry, struct vfsmount *vfsmnt) | 1315 | struct path *path) |
| 1316 | { | 1316 | { |
| 1317 | char *p, *path; | 1317 | char *p, *pathname; |
| 1318 | 1318 | ||
| 1319 | if (prefix) | 1319 | if (prefix) |
| 1320 | audit_log_format(ab, " %s", prefix); | 1320 | audit_log_format(ab, " %s", prefix); |
| 1321 | 1321 | ||
| 1322 | /* We will allow 11 spaces for ' (deleted)' to be appended */ | 1322 | /* We will allow 11 spaces for ' (deleted)' to be appended */ |
| 1323 | path = kmalloc(PATH_MAX+11, ab->gfp_mask); | 1323 | pathname = kmalloc(PATH_MAX+11, ab->gfp_mask); |
| 1324 | if (!path) { | 1324 | if (!pathname) { |
| 1325 | audit_log_format(ab, "<no memory>"); | 1325 | audit_log_format(ab, "<no memory>"); |
| 1326 | return; | 1326 | return; |
| 1327 | } | 1327 | } |
| 1328 | p = d_path(dentry, vfsmnt, path, PATH_MAX+11); | 1328 | p = d_path(path, pathname, PATH_MAX+11); |
| 1329 | if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */ | 1329 | if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */ |
| 1330 | /* FIXME: can we save some information here? */ | 1330 | /* FIXME: can we save some information here? */ |
| 1331 | audit_log_format(ab, "<too long>"); | 1331 | audit_log_format(ab, "<too long>"); |
| 1332 | } else | 1332 | } else |
| 1333 | audit_log_untrustedstring(ab, p); | 1333 | audit_log_untrustedstring(ab, p); |
| 1334 | kfree(path); | 1334 | kfree(pathname); |
| 1335 | } | 1335 | } |
| 1336 | 1336 | ||
| 1337 | /** | 1337 | /** |
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c index f4fcf58f20f8..9ef5e0aacc3c 100644 --- a/kernel/audit_tree.c +++ b/kernel/audit_tree.c | |||
| @@ -549,8 +549,8 @@ void audit_trim_trees(void) | |||
| 549 | if (err) | 549 | if (err) |
| 550 | goto skip_it; | 550 | goto skip_it; |
| 551 | 551 | ||
| 552 | root_mnt = collect_mounts(nd.mnt, nd.dentry); | 552 | root_mnt = collect_mounts(nd.path.mnt, nd.path.dentry); |
| 553 | path_release(&nd); | 553 | path_put(&nd.path); |
| 554 | if (!root_mnt) | 554 | if (!root_mnt) |
| 555 | goto skip_it; | 555 | goto skip_it; |
| 556 | 556 | ||
| @@ -583,17 +583,17 @@ skip_it: | |||
| 583 | static int is_under(struct vfsmount *mnt, struct dentry *dentry, | 583 | static int is_under(struct vfsmount *mnt, struct dentry *dentry, |
| 584 | struct nameidata *nd) | 584 | struct nameidata *nd) |
| 585 | { | 585 | { |
| 586 | if (mnt != nd->mnt) { | 586 | if (mnt != nd->path.mnt) { |
| 587 | for (;;) { | 587 | for (;;) { |
| 588 | if (mnt->mnt_parent == mnt) | 588 | if (mnt->mnt_parent == mnt) |
| 589 | return 0; | 589 | return 0; |
| 590 | if (mnt->mnt_parent == nd->mnt) | 590 | if (mnt->mnt_parent == nd->path.mnt) |
| 591 | break; | 591 | break; |
| 592 | mnt = mnt->mnt_parent; | 592 | mnt = mnt->mnt_parent; |
| 593 | } | 593 | } |
| 594 | dentry = mnt->mnt_mountpoint; | 594 | dentry = mnt->mnt_mountpoint; |
| 595 | } | 595 | } |
| 596 | return is_subdir(dentry, nd->dentry); | 596 | return is_subdir(dentry, nd->path.dentry); |
| 597 | } | 597 | } |
| 598 | 598 | ||
| 599 | int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op) | 599 | int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op) |
| @@ -641,8 +641,8 @@ int audit_add_tree_rule(struct audit_krule *rule) | |||
| 641 | err = path_lookup(tree->pathname, 0, &nd); | 641 | err = path_lookup(tree->pathname, 0, &nd); |
| 642 | if (err) | 642 | if (err) |
| 643 | goto Err; | 643 | goto Err; |
| 644 | mnt = collect_mounts(nd.mnt, nd.dentry); | 644 | mnt = collect_mounts(nd.path.mnt, nd.path.dentry); |
| 645 | path_release(&nd); | 645 | path_put(&nd.path); |
| 646 | if (!mnt) { | 646 | if (!mnt) { |
| 647 | err = -ENOMEM; | 647 | err = -ENOMEM; |
| 648 | goto Err; | 648 | goto Err; |
| @@ -701,8 +701,8 @@ int audit_tag_tree(char *old, char *new) | |||
| 701 | err = path_lookup(new, 0, &nd); | 701 | err = path_lookup(new, 0, &nd); |
| 702 | if (err) | 702 | if (err) |
| 703 | return err; | 703 | return err; |
| 704 | tagged = collect_mounts(nd.mnt, nd.dentry); | 704 | tagged = collect_mounts(nd.path.mnt, nd.path.dentry); |
| 705 | path_release(&nd); | 705 | path_put(&nd.path); |
| 706 | if (!tagged) | 706 | if (!tagged) |
| 707 | return -ENOMEM; | 707 | return -ENOMEM; |
| 708 | 708 | ||
| @@ -711,9 +711,9 @@ int audit_tag_tree(char *old, char *new) | |||
| 711 | drop_collected_mounts(tagged); | 711 | drop_collected_mounts(tagged); |
| 712 | return err; | 712 | return err; |
| 713 | } | 713 | } |
| 714 | mnt = mntget(nd.mnt); | 714 | mnt = mntget(nd.path.mnt); |
| 715 | dentry = dget(nd.dentry); | 715 | dentry = dget(nd.path.dentry); |
| 716 | path_release(&nd); | 716 | path_put(&nd.path); |
| 717 | 717 | ||
| 718 | if (dentry == tagged->mnt_root && dentry == mnt->mnt_root) | 718 | if (dentry == tagged->mnt_root && dentry == mnt->mnt_root) |
| 719 | follow_up(&mnt, &dentry); | 719 | follow_up(&mnt, &dentry); |
| @@ -744,13 +744,13 @@ int audit_tag_tree(char *old, char *new) | |||
| 744 | spin_lock(&vfsmount_lock); | 744 | spin_lock(&vfsmount_lock); |
| 745 | if (!is_under(mnt, dentry, &nd)) { | 745 | if (!is_under(mnt, dentry, &nd)) { |
| 746 | spin_unlock(&vfsmount_lock); | 746 | spin_unlock(&vfsmount_lock); |
| 747 | path_release(&nd); | 747 | path_put(&nd.path); |
| 748 | put_tree(tree); | 748 | put_tree(tree); |
| 749 | mutex_lock(&audit_filter_mutex); | 749 | mutex_lock(&audit_filter_mutex); |
| 750 | continue; | 750 | continue; |
| 751 | } | 751 | } |
| 752 | spin_unlock(&vfsmount_lock); | 752 | spin_unlock(&vfsmount_lock); |
| 753 | path_release(&nd); | 753 | path_put(&nd.path); |
| 754 | 754 | ||
| 755 | list_for_each_entry(p, &list, mnt_list) { | 755 | list_for_each_entry(p, &list, mnt_list) { |
| 756 | failed = tag_chunk(p->mnt_root->d_inode, tree); | 756 | failed = tag_chunk(p->mnt_root->d_inode, tree); |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 6f19fd477aac..2f2914b7cc30 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -169,8 +169,8 @@ static struct audit_parent *audit_init_parent(struct nameidata *ndp) | |||
| 169 | inotify_init_watch(&parent->wdata); | 169 | inotify_init_watch(&parent->wdata); |
| 170 | /* grab a ref so inotify watch hangs around until we take audit_filter_mutex */ | 170 | /* grab a ref so inotify watch hangs around until we take audit_filter_mutex */ |
| 171 | get_inotify_watch(&parent->wdata); | 171 | get_inotify_watch(&parent->wdata); |
| 172 | wd = inotify_add_watch(audit_ih, &parent->wdata, ndp->dentry->d_inode, | 172 | wd = inotify_add_watch(audit_ih, &parent->wdata, |
| 173 | AUDIT_IN_WATCH); | 173 | ndp->path.dentry->d_inode, AUDIT_IN_WATCH); |
| 174 | if (wd < 0) { | 174 | if (wd < 0) { |
| 175 | audit_free_parent(&parent->wdata); | 175 | audit_free_parent(&parent->wdata); |
| 176 | return ERR_PTR(wd); | 176 | return ERR_PTR(wd); |
| @@ -1161,11 +1161,11 @@ static int audit_get_nd(char *path, struct nameidata **ndp, | |||
| 1161 | static void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw) | 1161 | static void audit_put_nd(struct nameidata *ndp, struct nameidata *ndw) |
| 1162 | { | 1162 | { |
| 1163 | if (ndp) { | 1163 | if (ndp) { |
| 1164 | path_release(ndp); | 1164 | path_put(&ndp->path); |
| 1165 | kfree(ndp); | 1165 | kfree(ndp); |
| 1166 | } | 1166 | } |
| 1167 | if (ndw) { | 1167 | if (ndw) { |
| 1168 | path_release(ndw); | 1168 | path_put(&ndw->path); |
| 1169 | kfree(ndw); | 1169 | kfree(ndw); |
| 1170 | } | 1170 | } |
| 1171 | } | 1171 | } |
| @@ -1214,8 +1214,8 @@ static int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp, | |||
| 1214 | 1214 | ||
| 1215 | /* update watch filter fields */ | 1215 | /* update watch filter fields */ |
| 1216 | if (ndw) { | 1216 | if (ndw) { |
| 1217 | watch->dev = ndw->dentry->d_inode->i_sb->s_dev; | 1217 | watch->dev = ndw->path.dentry->d_inode->i_sb->s_dev; |
| 1218 | watch->ino = ndw->dentry->d_inode->i_ino; | 1218 | watch->ino = ndw->path.dentry->d_inode->i_ino; |
| 1219 | } | 1219 | } |
| 1220 | 1220 | ||
| 1221 | /* The audit_filter_mutex must not be held during inotify calls because | 1221 | /* The audit_filter_mutex must not be held during inotify calls because |
| @@ -1225,7 +1225,8 @@ static int audit_add_watch(struct audit_krule *krule, struct nameidata *ndp, | |||
| 1225 | */ | 1225 | */ |
| 1226 | mutex_unlock(&audit_filter_mutex); | 1226 | mutex_unlock(&audit_filter_mutex); |
| 1227 | 1227 | ||
| 1228 | if (inotify_find_watch(audit_ih, ndp->dentry->d_inode, &i_watch) < 0) { | 1228 | if (inotify_find_watch(audit_ih, ndp->path.dentry->d_inode, |
| 1229 | &i_watch) < 0) { | ||
| 1229 | parent = audit_init_parent(ndp); | 1230 | parent = audit_init_parent(ndp); |
| 1230 | if (IS_ERR(parent)) { | 1231 | if (IS_ERR(parent)) { |
| 1231 | /* caller expects mutex locked */ | 1232 | /* caller expects mutex locked */ |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1c06ecf38d7b..ac6d9b23b018 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -208,8 +208,7 @@ struct audit_context { | |||
| 208 | int name_count; | 208 | int name_count; |
| 209 | struct audit_names names[AUDIT_NAMES]; | 209 | struct audit_names names[AUDIT_NAMES]; |
| 210 | char * filterkey; /* key for rule that triggered record */ | 210 | char * filterkey; /* key for rule that triggered record */ |
| 211 | struct dentry * pwd; | 211 | struct path pwd; |
| 212 | struct vfsmount * pwdmnt; | ||
| 213 | struct audit_context *previous; /* For nested syscalls */ | 212 | struct audit_context *previous; /* For nested syscalls */ |
| 214 | struct audit_aux_data *aux; | 213 | struct audit_aux_data *aux; |
| 215 | struct audit_aux_data *aux_pids; | 214 | struct audit_aux_data *aux_pids; |
| @@ -786,12 +785,9 @@ static inline void audit_free_names(struct audit_context *context) | |||
| 786 | __putname(context->names[i].name); | 785 | __putname(context->names[i].name); |
| 787 | } | 786 | } |
| 788 | context->name_count = 0; | 787 | context->name_count = 0; |
| 789 | if (context->pwd) | 788 | path_put(&context->pwd); |
| 790 | dput(context->pwd); | 789 | context->pwd.dentry = NULL; |
| 791 | if (context->pwdmnt) | 790 | context->pwd.mnt = NULL; |
| 792 | mntput(context->pwdmnt); | ||
| 793 | context->pwd = NULL; | ||
| 794 | context->pwdmnt = NULL; | ||
| 795 | } | 791 | } |
| 796 | 792 | ||
| 797 | static inline void audit_free_aux(struct audit_context *context) | 793 | static inline void audit_free_aux(struct audit_context *context) |
| @@ -930,8 +926,7 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk | |||
| 930 | if ((vma->vm_flags & VM_EXECUTABLE) && | 926 | if ((vma->vm_flags & VM_EXECUTABLE) && |
| 931 | vma->vm_file) { | 927 | vma->vm_file) { |
| 932 | audit_log_d_path(ab, "exe=", | 928 | audit_log_d_path(ab, "exe=", |
| 933 | vma->vm_file->f_path.dentry, | 929 | &vma->vm_file->f_path); |
| 934 | vma->vm_file->f_path.mnt); | ||
| 935 | break; | 930 | break; |
| 936 | } | 931 | } |
| 937 | vma = vma->vm_next; | 932 | vma = vma->vm_next; |
| @@ -1341,10 +1336,10 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1341 | context->target_sid, context->target_comm)) | 1336 | context->target_sid, context->target_comm)) |
| 1342 | call_panic = 1; | 1337 | call_panic = 1; |
| 1343 | 1338 | ||
| 1344 | if (context->pwd && context->pwdmnt) { | 1339 | if (context->pwd.dentry && context->pwd.mnt) { |
| 1345 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); | 1340 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); |
| 1346 | if (ab) { | 1341 | if (ab) { |
| 1347 | audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); | 1342 | audit_log_d_path(ab, "cwd=", &context->pwd); |
| 1348 | audit_log_end(ab); | 1343 | audit_log_end(ab); |
| 1349 | } | 1344 | } |
| 1350 | } | 1345 | } |
| @@ -1367,8 +1362,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1367 | case 0: | 1362 | case 0: |
| 1368 | /* name was specified as a relative path and the | 1363 | /* name was specified as a relative path and the |
| 1369 | * directory component is the cwd */ | 1364 | * directory component is the cwd */ |
| 1370 | audit_log_d_path(ab, " name=", context->pwd, | 1365 | audit_log_d_path(ab, " name=", &context->pwd); |
| 1371 | context->pwdmnt); | ||
| 1372 | break; | 1366 | break; |
| 1373 | default: | 1367 | default: |
| 1374 | /* log the name's directory component */ | 1368 | /* log the name's directory component */ |
| @@ -1695,10 +1689,10 @@ void __audit_getname(const char *name) | |||
| 1695 | context->names[context->name_count].ino = (unsigned long)-1; | 1689 | context->names[context->name_count].ino = (unsigned long)-1; |
| 1696 | context->names[context->name_count].osid = 0; | 1690 | context->names[context->name_count].osid = 0; |
| 1697 | ++context->name_count; | 1691 | ++context->name_count; |
| 1698 | if (!context->pwd) { | 1692 | if (!context->pwd.dentry) { |
| 1699 | read_lock(¤t->fs->lock); | 1693 | read_lock(¤t->fs->lock); |
| 1700 | context->pwd = dget(current->fs->pwd); | 1694 | context->pwd = current->fs->pwd; |
| 1701 | context->pwdmnt = mntget(current->fs->pwdmnt); | 1695 | path_get(¤t->fs->pwd); |
| 1702 | read_unlock(¤t->fs->lock); | 1696 | read_unlock(¤t->fs->lock); |
| 1703 | } | 1697 | } |
| 1704 | 1698 | ||
diff --git a/kernel/exit.c b/kernel/exit.c index 3b893e78ce61..506a957b665a 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
| @@ -512,14 +512,10 @@ static void __put_fs_struct(struct fs_struct *fs) | |||
| 512 | { | 512 | { |
| 513 | /* No need to hold fs->lock if we are killing it */ | 513 | /* No need to hold fs->lock if we are killing it */ |
| 514 | if (atomic_dec_and_test(&fs->count)) { | 514 | if (atomic_dec_and_test(&fs->count)) { |
| 515 | dput(fs->root); | 515 | path_put(&fs->root); |
| 516 | mntput(fs->rootmnt); | 516 | path_put(&fs->pwd); |
| 517 | dput(fs->pwd); | 517 | if (fs->altroot.dentry) |
| 518 | mntput(fs->pwdmnt); | 518 | path_put(&fs->altroot); |
| 519 | if (fs->altroot) { | ||
| 520 | dput(fs->altroot); | ||
| 521 | mntput(fs->altrootmnt); | ||
| 522 | } | ||
| 523 | kmem_cache_free(fs_cachep, fs); | 519 | kmem_cache_free(fs_cachep, fs); |
| 524 | } | 520 | } |
| 525 | } | 521 | } |
diff --git a/kernel/fork.c b/kernel/fork.c index 4363a4eb84e3..dd249c37b3a3 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
| @@ -600,16 +600,16 @@ static struct fs_struct *__copy_fs_struct(struct fs_struct *old) | |||
| 600 | rwlock_init(&fs->lock); | 600 | rwlock_init(&fs->lock); |
| 601 | fs->umask = old->umask; | 601 | fs->umask = old->umask; |
| 602 | read_lock(&old->lock); | 602 | read_lock(&old->lock); |
| 603 | fs->rootmnt = mntget(old->rootmnt); | 603 | fs->root = old->root; |
| 604 | fs->root = dget(old->root); | 604 | path_get(&old->root); |
| 605 | fs->pwdmnt = mntget(old->pwdmnt); | 605 | fs->pwd = old->pwd; |
| 606 | fs->pwd = dget(old->pwd); | 606 | path_get(&old->pwd); |
| 607 | if (old->altroot) { | 607 | if (old->altroot.dentry) { |
| 608 | fs->altrootmnt = mntget(old->altrootmnt); | 608 | fs->altroot = old->altroot; |
| 609 | fs->altroot = dget(old->altroot); | 609 | path_get(&old->altroot); |
| 610 | } else { | 610 | } else { |
| 611 | fs->altrootmnt = NULL; | 611 | fs->altroot.mnt = NULL; |
| 612 | fs->altroot = NULL; | 612 | fs->altroot.dentry = NULL; |
| 613 | } | 613 | } |
| 614 | read_unlock(&old->lock); | 614 | read_unlock(&old->lock); |
| 615 | } | 615 | } |
diff --git a/kernel/kmod.c b/kernel/kmod.c index bb7df2a28bd7..22be3ff3f363 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c | |||
| @@ -173,10 +173,7 @@ static int ____call_usermodehelper(void *data) | |||
| 173 | */ | 173 | */ |
| 174 | set_user_nice(current, 0); | 174 | set_user_nice(current, 0); |
| 175 | 175 | ||
| 176 | retval = -EPERM; | 176 | retval = kernel_execve(sub_info->path, sub_info->argv, sub_info->envp); |
| 177 | if (current->fs->root) | ||
| 178 | retval = kernel_execve(sub_info->path, | ||
| 179 | sub_info->argv, sub_info->envp); | ||
| 180 | 177 | ||
| 181 | /* Exec failed? */ | 178 | /* Exec failed? */ |
| 182 | sub_info->retval = retval; | 179 | sub_info->retval = retval; |