lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20150513143952.79a3b57e@canb.auug.org.au>
Date:	Wed, 13 May 2015 14:39:52 +1000
From:	Stephen Rothwell <sfr@...b.auug.org.au>
To:	James Morris <jmorris@...ei.org>, Al Viro <viro@...IV.linux.org.uk>
Cc:	linux-next@...r.kernel.org, linux-kernel@...r.kernel.org,
	NeilBrown <neilb@...e.de>,
	Casey Schaufler <casey@...aufler-ca.com>
Subject: linux-next: manual merge of the security tree with the vfs tree

Hi James,

Today's linux-next merge of the security tree got a conflict in
include/linux/security.h and security/security.c between commits
37882db0546c ("SECURITY: remove nameidata arg from inode_follow_link")
and bda0be7ad994 ("security: make inode_follow_link RCU-walk aware")
from the vfs tree and commits 3c4ed7bdf599 ("LSM: Split security.h")
and 346033a28fb1 ("LSM: Remove a comment from security.h") from the
security tree.

I fixed it up (see below, plus I added the following merge fix patch)
and can carry the fix as necessary (no action is required).

From: Stephen Rothwell <sfr@...b.auug.org.au>
Date: Wed, 13 May 2015 14:29:17 +1000
Subject: [PATCH] LSM: merge fix for follow_link API changes

Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
---
 include/linux/lsm_hooks.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index f014f2596e22..9429f054c323 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -315,7 +315,8 @@
  * @inode_follow_link:
  *	Check permission to follow a symbolic link when looking up a pathname.
  *	@dentry contains the dentry structure for the link.
- *	@nd contains the nameidata structure for the parent directory.
+ *	@inode contains the inode, which itself is not stable in RCU-walk
+ *	@rcu indicates whether we are in RCU-walk mode.
  *	Return 0 if permission is granted.
  * @inode_permission:
  *	Check permission before accessing an inode.  This hook is called by the
@@ -1397,7 +1398,8 @@ union security_list_options {
 				struct inode *new_dir,
 				struct dentry *new_dentry);
 	int (*inode_readlink)(struct dentry *dentry);
-	int (*inode_follow_link)(struct dentry *dentry, struct nameidata *nd);
+	int (*inode_follow_link)(struct dentry *dentry, struct inode *inode,
+				 bool rcu);
 	int (*inode_permission)(struct inode *inode, int mask);
 	int (*inode_setattr)(struct dentry *dentry, struct iattr *attr);
 	int (*inode_getattr)(const struct path *path);
-- 
2.1.4

-- 
Cheers,
Stephen Rothwell                    sfr@...b.auug.org.au

diff --cc security/security.c
index 04c8feca081a,bd4c5f6a5b78..000000000000
--- a/security/security.c
+++ b/security/security.c
@@@ -578,15 -586,14 +586,15 @@@ int security_inode_readlink(struct dent
  {
  	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
  		return 0;
- 	return security_ops->inode_readlink(dentry);
+ 	return call_int_hook(inode_readlink, 0, dentry);
  }
  
 -int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd)
 +int security_inode_follow_link(struct dentry *dentry, struct inode *inode,
 +			       bool rcu)
  {
 -	if (unlikely(IS_PRIVATE(d_backing_inode(dentry))))
 +	if (unlikely(IS_PRIVATE(inode)))
  		return 0;
- 	return security_ops->inode_follow_link(dentry, inode, rcu);
 -	return call_int_hook(inode_follow_link, 0, dentry, nd);
++	return call_int_hook(inode_follow_link, 0, dentry, inode, rcu);
  }
  
  int security_inode_permission(struct inode *inode, int mask)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ