| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231215221636.105680-36-casey@schaufler-ca.com>
Date: Fri, 15 Dec 2023 14:16:29 -0800
From: Casey Schaufler <casey@...aufler-ca.com>
To: casey@...aufler-ca.com,
paul@...l-moore.com,
linux-security-module@...r.kernel.org
Cc: jmorris@...ei.org,
serge@...lyn.com,
keescook@...omium.org,
john.johansen@...onical.com,
penguin-kernel@...ove.sakura.ne.jp,
stephen.smalley.work@...il.com,
linux-kernel@...r.kernel.org,
mic@...ikod.net
Subject: [PATCH v39 35/42] LSM: allocate mnt_opts blobs instead of module specific data
Replace allocations of LSM specific mount data with the
shared mnt_opts blob.
Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
---
include/linux/lsm_hooks.h | 1 +
security/security.c | 12 ++++++++++++
security/selinux/hooks.c | 10 +++++++---
security/smack/smack_lsm.c | 4 ++--
4 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 59085248809a..24a0f62ec2ac 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -156,5 +156,6 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
__aligned(sizeof(unsigned long))
extern int lsm_inode_alloc(struct inode *inode);
+extern void *lsm_mnt_opts_alloc(gfp_t priority);
#endif /* ! __LINUX_LSM_HOOKS_H */
diff --git a/security/security.c b/security/security.c
index fd429f67d2da..7a9fbe706525 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1385,6 +1385,18 @@ void security_sb_free(struct super_block *sb)
sb->s_security = NULL;
}
+/**
+ * lsm_mnt_opts_alloc - allocate a mnt_opts blob
+ * @priority: memory allocation priority
+ *
+ * Returns a newly allocated mnt_opts blob or NULL if
+ * memory isn't available.
+ */
+void *lsm_mnt_opts_alloc(gfp_t priority)
+{
+ return kzalloc(blob_sizes.lbs_mnt_opts, priority);
+}
+
/**
* security_free_mnt_opts() - Free memory associated with mount options
* @mnt_opts: LSM processed mount options
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e0f6f2093708..3d046c9d0121 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2787,7 +2787,7 @@ static int selinux_fs_context_submount(struct fs_context *fc,
if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT)))
return 0;
- opts = kzalloc(sizeof(*opts), GFP_KERNEL);
+ opts = lsm_mnt_opts_alloc(GFP_KERNEL);
if (!opts)
return -ENOMEM;
@@ -2809,8 +2809,12 @@ static int selinux_fs_context_dup(struct fs_context *fc,
if (!src)
return 0;
- fc->security = kmemdup(src, sizeof(*src), GFP_KERNEL);
- return fc->security ? 0 : -ENOMEM;
+ fc->security = lsm_mnt_opts_alloc(GFP_KERNEL);
+ if (!fc->security)
+ return -ENOMEM;
+
+ memcpy(fc->security, src, sizeof(*src));
+ return 0;
}
static const struct fs_parameter_spec selinux_fs_parameters[] = {
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 573d5bffb9e1..97ffb07797e9 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -638,7 +638,7 @@ static int smack_fs_context_submount(struct fs_context *fc,
struct smack_mnt_opts *ctx;
struct inode_smack *isp;
- ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+ ctx = lsm_mnt_opts_alloc(GFP_KERNEL);
if (!ctx)
return -ENOMEM;
fc->security = ctx;
@@ -689,7 +689,7 @@ static int smack_fs_context_dup(struct fs_context *fc,
if (!src)
return 0;
- fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
+ fc->security = lsm_mnt_opts_alloc(GFP_KERNEL);
if (!fc->security)
return -ENOMEM;
--
2.41.0
Powered by blists - more mailing lists