Patch to swapon/swapoff

• Previous message: Chris Wright: "Re: OpenWall SECURE_FIFO as a LSM"
• Next in thread: Greg KH: "Re: Patch to swapon/swapoff"
• Reply: Greg KH: "Re: Patch to swapon/swapoff"
• Reply: Wayne Salamon: "Re: Patch to swapon/swapoff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We would like to change the dentry parameter to the swapon/swapoff hooks 
to be a swap_info_struct.  This still provides the dentry but also 
provides other goodies like the vfsmnt structure.  In order to pass a 
valid swap_info_struct to the swapoff hook I had to move the hook to 
later on in the code.  Does anyone have any objections/suggestions?

I've attached the patch.

-- 
Lachlan McIlroy


diff -Nur --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet lsm/include/linux/security.h swap/include/linux/security.h
--- lsm/include/linux/security.h	Thu Nov 15 16:16:48 2001
+++ swap/include/linux/security.h	Thu Nov 15 16:38:41 2001
@@ -1287,13 +1287,13 @@
  *	system calls.
  * @swapon:
  *	Check permission before enabling swapping to the file or block device
- *	identified by @dentry.
- *	@dentry contains the dentry structure for the swap file or device.
+ *	identified by @swap.
+ *	@swap contains the swap_info_struct structure for the swap file and device.
  *	Return 0 if permission is granted.
  * @swapoff:
  *	Check permission before disabling swapping to the file or block device
- *	identified by @dentry.
- *	@dentry contains the dentry structure for the swap file or device.
+ *	identified by @swap.
+ *	@swap contains the swap_info_struct structure for the swap file and device.
  *	Return 0 if permission is granted.
  * @nfsservctl:
  *	Check permission before having the kernel NFS daemon perform command
@@ -1406,8 +1406,8 @@
 	int (*capable) (struct task_struct *tsk, int cap);
 	int (*sys_security) (unsigned int id, unsigned call,
 			     unsigned long *args);
-	int (*swapon) (struct dentry *dentry);
-	int (*swapoff) (struct dentry *dentry);
+	int (*swapon) (struct swap_info_struct *swap);
+	int (*swapoff) (struct swap_info_struct *swap);
 	int (*nfsservctl) (int cmd, struct nfsctl_arg *arg);
 	int (*quotactl) (int cmds, int type, int id, struct super_block *sb);
 	int (*quota_on) (struct file *f);
diff -Nur --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet lsm/mm/swapfile.c swap/mm/swapfile.c
--- lsm/mm/swapfile.c	Thu Nov 15 16:16:48 2001
+++ swap/mm/swapfile.c	Thu Nov 15 16:35:18 2001
@@ -723,10 +723,6 @@
 	if (err)
 		goto out;
 
-	err = security_ops->swapoff(nd.dentry);
-	if (err)
-		 goto out_dput;
-
 	lock_kernel();
 	prev = -1;
 	swap_list_lock();
@@ -738,6 +734,13 @@
 		}
 		prev = type;
 	}
+
+	err = security_ops->swapoff(p);
+	if (err) {
+		swap_list_unlock();
+		goto out_dput;
+	}
+
 	err = -EINVAL;
 	if (type < 0) {
 		swap_list_unlock();
@@ -917,7 +920,7 @@
 	p->swap_vfsmnt = nd.mnt;
 	swap_inode = nd.dentry->d_inode;
 
-	error = security_ops->swapon(nd.dentry);
+	error = security_ops->swapon(p);
 	if (error)
 		 goto bad_swap_2;
 
diff -Nur --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet lsm/security/capability.c swap/security/capability.c
--- lsm/security/capability.c	Thu Nov 15 16:16:58 2001
+++ swap/security/capability.c	Thu Nov 15 16:23:10 2001
@@ -61,12 +61,12 @@
 	return -ENOSYS;
 }
 
-static int cap_swapon (struct dentry *dentry)
+static int cap_swapon (struct swap_info_struct *swap)
 {
 	return 0;
 }
 
-static int cap_swapoff (struct dentry *dentry)
+static int cap_swapoff (struct swap_info_struct *swap)
 {
 	return 0;
 }
diff -Nur --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet lsm/security/dte/dte.c swap/security/dte/dte.c
--- lsm/security/dte/dte.c	Thu Nov 15 16:16:58 2001
+++ swap/security/dte/dte.c	Thu Nov 15 16:28:57 2001
@@ -101,12 +101,12 @@
 	return -EPERM;
 }
 
-static int dte_swapon (struct dentry *dentry)
+static int dte_swapon (struct swap_info_struct *swap)
 {
 	return 0;
 }
 
-static int dte_swapoff (struct dentry *dentry)
+static int dte_swapoff (struct swap_info_struct *swap)
 {
 	return 0;
 }
diff -Nur --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet lsm/security/dummy.c swap/security/dummy.c
--- lsm/security/dummy.c	Thu Nov 15 16:16:58 2001
+++ swap/security/dummy.c	Thu Nov 15 16:23:29 2001
@@ -97,12 +97,12 @@
 	return -ENOSYS;
 }
 
-static int dummy_swapon (struct dentry *dentry)
+static int dummy_swapon (struct swap_info_struct *swap)
 {
 	return 0;
 }
 
-static int dummy_swapoff (struct dentry *dentry)
+static int dummy_swapoff (struct swap_info_struct *swap)
 {
 	return 0;
 }
diff -Nur --exclude=SCCS --exclude=BitKeeper --exclude=ChangeSet lsm/security/nproc.c swap/security/nproc.c
--- lsm/security/nproc.c	Thu Nov 15 16:16:58 2001
+++ swap/security/nproc.c	Thu Nov 15 16:25:15 2001
@@ -109,12 +109,12 @@
         return -ENOSYS;
 }
 
-static int nproc_swapon (struct dentry *dentry)
+static int nproc_swapon (struct swap_info_struct *swap)
 {
         return 0;
 }
 
-static int nproc_swapoff (struct dentry *dentry)
+static int nproc_swapoff (struct swap_info_struct *swap)
 {
         return 0;
 }



_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Greg KH: "Re: Patch to swapon/swapoff"
• Previous message: Chris Wright: "Re: OpenWall SECURE_FIFO as a LSM"
• Next in thread: Greg KH: "Re: Patch to swapon/swapoff"
• Reply: Greg KH: "Re: Patch to swapon/swapoff"
• Reply: Wayne Salamon: "Re: Patch to swapon/swapoff"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Nov 14 2001 - 21:54:43 PST