diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 6 | ||||
-rw-r--r-- | security/device_cgroup.c | 46 | ||||
-rw-r--r-- | security/inode.c | 3 | ||||
-rw-r--r-- | security/security.c | 9 | ||||
-rw-r--r-- | security/selinux/hooks.c | 22 |
5 files changed, 30 insertions, 56 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index 399bfdb9e2da..3976613db829 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -279,10 +279,10 @@ static int get_file_caps(struct linux_binprm *bprm) | |||
279 | struct vfs_cap_data vcaps; | 279 | struct vfs_cap_data vcaps; |
280 | struct inode *inode; | 280 | struct inode *inode; |
281 | 281 | ||
282 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) { | 282 | bprm_clear_caps(bprm); |
283 | bprm_clear_caps(bprm); | 283 | |
284 | if (bprm->file->f_vfsmnt->mnt_flags & MNT_NOSUID) | ||
284 | return 0; | 285 | return 0; |
285 | } | ||
286 | 286 | ||
287 | dentry = dget(bprm->file->f_dentry); | 287 | dentry = dget(bprm->file->f_dentry); |
288 | inode = dentry->d_inode; | 288 | inode = dentry->d_inode; |
diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 46f23971f7e4..5ba78701adc3 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * dev_cgroup.c - device cgroup subsystem | 2 | * device_cgroup.c - device cgroup subsystem |
3 | * | 3 | * |
4 | * Copyright 2007 IBM Corp | 4 | * Copyright 2007 IBM Corp |
5 | */ | 5 | */ |
@@ -10,6 +10,7 @@ | |||
10 | #include <linux/list.h> | 10 | #include <linux/list.h> |
11 | #include <linux/uaccess.h> | 11 | #include <linux/uaccess.h> |
12 | #include <linux/seq_file.h> | 12 | #include <linux/seq_file.h> |
13 | #include <linux/rcupdate.h> | ||
13 | 14 | ||
14 | #define ACC_MKNOD 1 | 15 | #define ACC_MKNOD 1 |
15 | #define ACC_READ 2 | 16 | #define ACC_READ 2 |
@@ -22,18 +23,8 @@ | |||
22 | 23 | ||
23 | /* | 24 | /* |
24 | * whitelist locking rules: | 25 | * whitelist locking rules: |
25 | * cgroup_lock() cannot be taken under dev_cgroup->lock. | 26 | * hold cgroup_lock() for update/read. |
26 | * dev_cgroup->lock can be taken with or without cgroup_lock(). | 27 | * hold rcu_read_lock() for read. |
27 | * | ||
28 | * modifications always require cgroup_lock | ||
29 | * modifications to a list which is visible require the | ||
30 | * dev_cgroup->lock *and* cgroup_lock() | ||
31 | * walking the list requires dev_cgroup->lock or cgroup_lock(). | ||
32 | * | ||
33 | * reasoning: dev_whitelist_copy() needs to kmalloc, so needs | ||
34 | * a mutex, which the cgroup_lock() is. Since modifying | ||
35 | * a visible list requires both locks, either lock can be | ||
36 | * taken for walking the list. | ||
37 | */ | 28 | */ |
38 | 29 | ||
39 | struct dev_whitelist_item { | 30 | struct dev_whitelist_item { |
@@ -47,7 +38,6 @@ struct dev_whitelist_item { | |||
47 | struct dev_cgroup { | 38 | struct dev_cgroup { |
48 | struct cgroup_subsys_state css; | 39 | struct cgroup_subsys_state css; |
49 | struct list_head whitelist; | 40 | struct list_head whitelist; |
50 | spinlock_t lock; | ||
51 | }; | 41 | }; |
52 | 42 | ||
53 | static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s) | 43 | static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s) |
@@ -84,13 +74,9 @@ static int dev_whitelist_copy(struct list_head *dest, struct list_head *orig) | |||
84 | struct dev_whitelist_item *wh, *tmp, *new; | 74 | struct dev_whitelist_item *wh, *tmp, *new; |
85 | 75 | ||
86 | list_for_each_entry(wh, orig, list) { | 76 | list_for_each_entry(wh, orig, list) { |
87 | new = kmalloc(sizeof(*wh), GFP_KERNEL); | 77 | new = kmemdup(wh, sizeof(*wh), GFP_KERNEL); |
88 | if (!new) | 78 | if (!new) |
89 | goto free_and_exit; | 79 | goto free_and_exit; |
90 | new->major = wh->major; | ||
91 | new->minor = wh->minor; | ||
92 | new->type = wh->type; | ||
93 | new->access = wh->access; | ||
94 | list_add_tail(&new->list, dest); | 80 | list_add_tail(&new->list, dest); |
95 | } | 81 | } |
96 | 82 | ||
@@ -107,19 +93,16 @@ free_and_exit: | |||
107 | /* Stupid prototype - don't bother combining existing entries */ | 93 | /* Stupid prototype - don't bother combining existing entries */ |
108 | /* | 94 | /* |
109 | * called under cgroup_lock() | 95 | * called under cgroup_lock() |
110 | * since the list is visible to other tasks, we need the spinlock also | ||
111 | */ | 96 | */ |
112 | static int dev_whitelist_add(struct dev_cgroup *dev_cgroup, | 97 | static int dev_whitelist_add(struct dev_cgroup *dev_cgroup, |
113 | struct dev_whitelist_item *wh) | 98 | struct dev_whitelist_item *wh) |
114 | { | 99 | { |
115 | struct dev_whitelist_item *whcopy, *walk; | 100 | struct dev_whitelist_item *whcopy, *walk; |
116 | 101 | ||
117 | whcopy = kmalloc(sizeof(*whcopy), GFP_KERNEL); | 102 | whcopy = kmemdup(wh, sizeof(*wh), GFP_KERNEL); |
118 | if (!whcopy) | 103 | if (!whcopy) |
119 | return -ENOMEM; | 104 | return -ENOMEM; |
120 | 105 | ||
121 | memcpy(whcopy, wh, sizeof(*whcopy)); | ||
122 | spin_lock(&dev_cgroup->lock); | ||
123 | list_for_each_entry(walk, &dev_cgroup->whitelist, list) { | 106 | list_for_each_entry(walk, &dev_cgroup->whitelist, list) { |
124 | if (walk->type != wh->type) | 107 | if (walk->type != wh->type) |
125 | continue; | 108 | continue; |
@@ -135,7 +118,6 @@ static int dev_whitelist_add(struct dev_cgroup *dev_cgroup, | |||
135 | 118 | ||
136 | if (whcopy != NULL) | 119 | if (whcopy != NULL) |
137 | list_add_tail_rcu(&whcopy->list, &dev_cgroup->whitelist); | 120 | list_add_tail_rcu(&whcopy->list, &dev_cgroup->whitelist); |
138 | spin_unlock(&dev_cgroup->lock); | ||
139 | return 0; | 121 | return 0; |
140 | } | 122 | } |
141 | 123 | ||
@@ -149,14 +131,12 @@ static void whitelist_item_free(struct rcu_head *rcu) | |||
149 | 131 | ||
150 | /* | 132 | /* |
151 | * called under cgroup_lock() | 133 | * called under cgroup_lock() |
152 | * since the list is visible to other tasks, we need the spinlock also | ||
153 | */ | 134 | */ |
154 | static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup, | 135 | static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup, |
155 | struct dev_whitelist_item *wh) | 136 | struct dev_whitelist_item *wh) |
156 | { | 137 | { |
157 | struct dev_whitelist_item *walk, *tmp; | 138 | struct dev_whitelist_item *walk, *tmp; |
158 | 139 | ||
159 | spin_lock(&dev_cgroup->lock); | ||
160 | list_for_each_entry_safe(walk, tmp, &dev_cgroup->whitelist, list) { | 140 | list_for_each_entry_safe(walk, tmp, &dev_cgroup->whitelist, list) { |
161 | if (walk->type == DEV_ALL) | 141 | if (walk->type == DEV_ALL) |
162 | goto remove; | 142 | goto remove; |
@@ -174,7 +154,6 @@ remove: | |||
174 | call_rcu(&walk->rcu, whitelist_item_free); | 154 | call_rcu(&walk->rcu, whitelist_item_free); |
175 | } | 155 | } |
176 | } | 156 | } |
177 | spin_unlock(&dev_cgroup->lock); | ||
178 | } | 157 | } |
179 | 158 | ||
180 | /* | 159 | /* |
@@ -214,7 +193,6 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup_subsys *ss, | |||
214 | } | 193 | } |
215 | } | 194 | } |
216 | 195 | ||
217 | spin_lock_init(&dev_cgroup->lock); | ||
218 | return &dev_cgroup->css; | 196 | return &dev_cgroup->css; |
219 | } | 197 | } |
220 | 198 | ||
@@ -330,15 +308,11 @@ static int parent_has_perm(struct dev_cgroup *childcg, | |||
330 | { | 308 | { |
331 | struct cgroup *pcg = childcg->css.cgroup->parent; | 309 | struct cgroup *pcg = childcg->css.cgroup->parent; |
332 | struct dev_cgroup *parent; | 310 | struct dev_cgroup *parent; |
333 | int ret; | ||
334 | 311 | ||
335 | if (!pcg) | 312 | if (!pcg) |
336 | return 1; | 313 | return 1; |
337 | parent = cgroup_to_devcgroup(pcg); | 314 | parent = cgroup_to_devcgroup(pcg); |
338 | spin_lock(&parent->lock); | 315 | return may_access_whitelist(parent, wh); |
339 | ret = may_access_whitelist(parent, wh); | ||
340 | spin_unlock(&parent->lock); | ||
341 | return ret; | ||
342 | } | 316 | } |
343 | 317 | ||
344 | /* | 318 | /* |
@@ -357,17 +331,14 @@ static int parent_has_perm(struct dev_cgroup *childcg, | |||
357 | static int devcgroup_update_access(struct dev_cgroup *devcgroup, | 331 | static int devcgroup_update_access(struct dev_cgroup *devcgroup, |
358 | int filetype, const char *buffer) | 332 | int filetype, const char *buffer) |
359 | { | 333 | { |
360 | struct dev_cgroup *cur_devcgroup; | ||
361 | const char *b; | 334 | const char *b; |
362 | char *endp; | 335 | char *endp; |
363 | int retval = 0, count; | 336 | int count; |
364 | struct dev_whitelist_item wh; | 337 | struct dev_whitelist_item wh; |
365 | 338 | ||
366 | if (!capable(CAP_SYS_ADMIN)) | 339 | if (!capable(CAP_SYS_ADMIN)) |
367 | return -EPERM; | 340 | return -EPERM; |
368 | 341 | ||
369 | cur_devcgroup = task_devcgroup(current); | ||
370 | |||
371 | memset(&wh, 0, sizeof(wh)); | 342 | memset(&wh, 0, sizeof(wh)); |
372 | b = buffer; | 343 | b = buffer; |
373 | 344 | ||
@@ -437,7 +408,6 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, | |||
437 | } | 408 | } |
438 | 409 | ||
439 | handle: | 410 | handle: |
440 | retval = 0; | ||
441 | switch (filetype) { | 411 | switch (filetype) { |
442 | case DEVCG_ALLOW: | 412 | case DEVCG_ALLOW: |
443 | if (!parent_has_perm(devcgroup, &wh)) | 413 | if (!parent_has_perm(devcgroup, &wh)) |
diff --git a/security/inode.c b/security/inode.c index ca4958ebad8d..efea5a605466 100644 --- a/security/inode.c +++ b/security/inode.c | |||
@@ -20,8 +20,7 @@ | |||
20 | #include <linux/init.h> | 20 | #include <linux/init.h> |
21 | #include <linux/namei.h> | 21 | #include <linux/namei.h> |
22 | #include <linux/security.h> | 22 | #include <linux/security.h> |
23 | 23 | #include <linux/magic.h> | |
24 | #define SECURITYFS_MAGIC 0x73636673 | ||
25 | 24 | ||
26 | static struct vfsmount *mount; | 25 | static struct vfsmount *mount; |
27 | static int mount_count; | 26 | static int mount_count; |
diff --git a/security/security.c b/security/security.c index 255b08559b2b..c0acfa7177e5 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -198,14 +198,23 @@ int security_settime(struct timespec *ts, struct timezone *tz) | |||
198 | 198 | ||
199 | int security_vm_enough_memory(long pages) | 199 | int security_vm_enough_memory(long pages) |
200 | { | 200 | { |
201 | WARN_ON(current->mm == NULL); | ||
201 | return security_ops->vm_enough_memory(current->mm, pages); | 202 | return security_ops->vm_enough_memory(current->mm, pages); |
202 | } | 203 | } |
203 | 204 | ||
204 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) | 205 | int security_vm_enough_memory_mm(struct mm_struct *mm, long pages) |
205 | { | 206 | { |
207 | WARN_ON(mm == NULL); | ||
206 | return security_ops->vm_enough_memory(mm, pages); | 208 | return security_ops->vm_enough_memory(mm, pages); |
207 | } | 209 | } |
208 | 210 | ||
211 | int security_vm_enough_memory_kern(long pages) | ||
212 | { | ||
213 | /* If current->mm is a kernel thread then we will pass NULL, | ||
214 | for this specific case that is fine */ | ||
215 | return security_ops->vm_enough_memory(current->mm, pages); | ||
216 | } | ||
217 | |||
209 | int security_bprm_alloc(struct linux_binprm *bprm) | 218 | int security_bprm_alloc(struct linux_binprm *bprm) |
210 | { | 219 | { |
211 | return security_ops->bprm_alloc_security(bprm); | 220 | return security_ops->bprm_alloc_security(bprm); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5f21a514f581..f71de5a64d0c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -75,6 +75,7 @@ | |||
75 | #include <linux/string.h> | 75 | #include <linux/string.h> |
76 | #include <linux/selinux.h> | 76 | #include <linux/selinux.h> |
77 | #include <linux/mutex.h> | 77 | #include <linux/mutex.h> |
78 | #include <linux/posix-timers.h> | ||
78 | 79 | ||
79 | #include "avc.h" | 80 | #include "avc.h" |
80 | #include "objsec.h" | 81 | #include "objsec.h" |
@@ -325,7 +326,7 @@ enum { | |||
325 | Opt_rootcontext = 4, | 326 | Opt_rootcontext = 4, |
326 | }; | 327 | }; |
327 | 328 | ||
328 | static match_table_t tokens = { | 329 | static const match_table_t tokens = { |
329 | {Opt_context, CONTEXT_STR "%s"}, | 330 | {Opt_context, CONTEXT_STR "%s"}, |
330 | {Opt_fscontext, FSCONTEXT_STR "%s"}, | 331 | {Opt_fscontext, FSCONTEXT_STR "%s"}, |
331 | {Opt_defcontext, DEFCONTEXT_STR "%s"}, | 332 | {Opt_defcontext, DEFCONTEXT_STR "%s"}, |
@@ -2123,26 +2124,27 @@ static inline void flush_unauthorized_files(struct files_struct *files) | |||
2123 | long j = -1; | 2124 | long j = -1; |
2124 | int drop_tty = 0; | 2125 | int drop_tty = 0; |
2125 | 2126 | ||
2126 | mutex_lock(&tty_mutex); | ||
2127 | tty = get_current_tty(); | 2127 | tty = get_current_tty(); |
2128 | if (tty) { | 2128 | if (tty) { |
2129 | file_list_lock(); | 2129 | file_list_lock(); |
2130 | file = list_entry(tty->tty_files.next, typeof(*file), f_u.fu_list); | 2130 | if (!list_empty(&tty->tty_files)) { |
2131 | if (file) { | 2131 | struct inode *inode; |
2132 | |||
2132 | /* Revalidate access to controlling tty. | 2133 | /* Revalidate access to controlling tty. |
2133 | Use inode_has_perm on the tty inode directly rather | 2134 | Use inode_has_perm on the tty inode directly rather |
2134 | than using file_has_perm, as this particular open | 2135 | than using file_has_perm, as this particular open |
2135 | file may belong to another process and we are only | 2136 | file may belong to another process and we are only |
2136 | interested in the inode-based check here. */ | 2137 | interested in the inode-based check here. */ |
2137 | struct inode *inode = file->f_path.dentry->d_inode; | 2138 | file = list_first_entry(&tty->tty_files, struct file, f_u.fu_list); |
2139 | inode = file->f_path.dentry->d_inode; | ||
2138 | if (inode_has_perm(current, inode, | 2140 | if (inode_has_perm(current, inode, |
2139 | FILE__READ | FILE__WRITE, NULL)) { | 2141 | FILE__READ | FILE__WRITE, NULL)) { |
2140 | drop_tty = 1; | 2142 | drop_tty = 1; |
2141 | } | 2143 | } |
2142 | } | 2144 | } |
2143 | file_list_unlock(); | 2145 | file_list_unlock(); |
2146 | tty_kref_put(tty); | ||
2144 | } | 2147 | } |
2145 | mutex_unlock(&tty_mutex); | ||
2146 | /* Reset controlling tty. */ | 2148 | /* Reset controlling tty. */ |
2147 | if (drop_tty) | 2149 | if (drop_tty) |
2148 | no_tty(); | 2150 | no_tty(); |
@@ -2326,13 +2328,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm) | |||
2326 | initrlim = init_task.signal->rlim+i; | 2328 | initrlim = init_task.signal->rlim+i; |
2327 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); | 2329 | rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); |
2328 | } | 2330 | } |
2329 | if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) { | 2331 | update_rlimit_cpu(rlim->rlim_cur); |
2330 | /* | ||
2331 | * This will cause RLIMIT_CPU calculations | ||
2332 | * to be refigured. | ||
2333 | */ | ||
2334 | current->it_prof_expires = jiffies_to_cputime(1); | ||
2335 | } | ||
2336 | } | 2332 | } |
2337 | 2333 | ||
2338 | /* Wake up the parent if it is waiting so that it can | 2334 | /* Wake up the parent if it is waiting so that it can |