diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 20 | ||||
| -rw-r--r-- | security/selinux/include/objsec.h | 5 |
2 files changed, 22 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3219560f9fae..4b34847208cc 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -233,6 +233,14 @@ static int inode_alloc_security(struct inode *inode) | |||
| 233 | return 0; | 233 | return 0; |
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | static void inode_free_rcu(struct rcu_head *head) | ||
| 237 | { | ||
| 238 | struct inode_security_struct *isec; | ||
| 239 | |||
| 240 | isec = container_of(head, struct inode_security_struct, rcu); | ||
| 241 | kmem_cache_free(sel_inode_cache, isec); | ||
| 242 | } | ||
| 243 | |||
| 236 | static void inode_free_security(struct inode *inode) | 244 | static void inode_free_security(struct inode *inode) |
| 237 | { | 245 | { |
| 238 | struct inode_security_struct *isec = inode->i_security; | 246 | struct inode_security_struct *isec = inode->i_security; |
| @@ -243,8 +251,16 @@ static void inode_free_security(struct inode *inode) | |||
| 243 | list_del_init(&isec->list); | 251 | list_del_init(&isec->list); |
| 244 | spin_unlock(&sbsec->isec_lock); | 252 | spin_unlock(&sbsec->isec_lock); |
| 245 | 253 | ||
| 246 | inode->i_security = NULL; | 254 | /* |
| 247 | kmem_cache_free(sel_inode_cache, isec); | 255 | * The inode may still be referenced in a path walk and |
| 256 | * a call to selinux_inode_permission() can be made | ||
| 257 | * after inode_free_security() is called. Ideally, the VFS | ||
| 258 | * wouldn't do this, but fixing that is a much harder | ||
| 259 | * job. For now, simply free the i_security via RCU, and | ||
| 260 | * leave the current inode->i_security pointer intact. | ||
| 261 | * The inode will be freed after the RCU grace period too. | ||
| 262 | */ | ||
| 263 | call_rcu(&isec->rcu, inode_free_rcu); | ||
| 248 | } | 264 | } |
| 249 | 265 | ||
| 250 | static int file_alloc_security(struct file *file) | 266 | static int file_alloc_security(struct file *file) |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index b1dfe1049450..078e553f52f2 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
| @@ -38,7 +38,10 @@ struct task_security_struct { | |||
| 38 | 38 | ||
| 39 | struct inode_security_struct { | 39 | struct inode_security_struct { |
| 40 | struct inode *inode; /* back pointer to inode object */ | 40 | struct inode *inode; /* back pointer to inode object */ |
| 41 | struct list_head list; /* list of inode_security_struct */ | 41 | union { |
| 42 | struct list_head list; /* list of inode_security_struct */ | ||
| 43 | struct rcu_head rcu; /* for freeing the inode_security_struct */ | ||
| 44 | }; | ||
| 42 | u32 task_sid; /* SID of creating task */ | 45 | u32 task_sid; /* SID of creating task */ |
| 43 | u32 sid; /* SID of this object */ | 46 | u32 sid; /* SID of this object */ |
| 44 | u16 sclass; /* security class of this object */ | 47 | u16 sclass; /* security class of this object */ |