[RFC][PATCH] super block [alloc|free]_security

From: Chris Wright (chrisat_private)
Date: Mon Dec 17 2001 - 02:31:45 PST

  • Next message: Greg KH: "Re: [Linux-security-module-commit] lsm 2.5 tree change 1.2.1.19 1.2.1.20 1.2.1.21 1.2.1.22 1.2.1.23 1.2.1.24 1.2.1.25 1.2.1.26 1.2.1.27 1.2.1.28 1.2.1.29 1.2.1.30 1.294 1.295 1.296 1.297 1.298 1.299 1.300 1.2.1.31 1.301 1.302" 

    as i mentioned in the merge mail...here is the beginning of a patch to
move the super block [alloc|free]_security stuff around.  the patch is
against 2.5.1-lsm (which, btw, i'm running right now, and with the
signal patch reverted can even reboot cleanly ;-)

comments?

-chris

===== fs/super.c 1.43 vs edited =====
--- 1.43/fs/super.c	Sun Dec 16 22:08:55 2001
+++ edited/fs/super.c	Mon Dec 17 02:17:46 2001
@@ -269,6 +269,11 @@
 	struct super_block *s = kmalloc(sizeof(struct super_block),  GFP_USER);
 	if (s) {
 		memset(s, 0, sizeof(struct super_block));
+		if (security_ops->sb_ops->alloc_security(s)) {
+			kfree(s);
+			s = NULL;
+			goto out;
+		}
 		INIT_LIST_HEAD(&s->s_dirty);
 		INIT_LIST_HEAD(&s->s_locked_inodes);
 		INIT_LIST_HEAD(&s->s_files);
@@ -284,6 +289,7 @@
 		sema_init(&s->s_dquot.dqoff_sem, 1);
 		s->s_maxbytes = MAX_NON_LFS;
 	}
+out:
 	return s;
 }
 
@@ -295,6 +301,7 @@
  */
 static inline void destroy_super(struct super_block *s)
 {
+	security_ops->sb_ops->free_security(s);
 	kfree(s);
 }
 
@@ -637,13 +644,10 @@
 	s->s_dev = dev;
 	s->s_bdev = bdev;
 	s->s_flags = flags;
-	s->s_security = NULL;
 	insert_super(s, fs_type);
 
 	error = -EINVAL;
 	lock_super(s);
-	if (security_ops->sb_ops->alloc_security(s))
-		goto out_fail;
 	if (!fs_type->read_super(s, data, flags & MS_VERBOSE ? 1 : 0))
 		goto out_fail;
 	s->s_flags |= MS_ACTIVE;
@@ -652,8 +656,6 @@
 	return s;
 
 out_fail:
-	if (s->s_security)
-		security_ops->sb_ops->free_security(s);
 	unlock_super(s);
 	deactivate_super(s);
 	remove_super(s);
@@ -675,12 +677,9 @@
 		return ERR_PTR(-EMFILE);
 	}
 	s->s_flags = flags;
-	s->s_security = NULL;
 	spin_lock(&sb_lock);
 	insert_super(s, fs_type);
 	lock_super(s);
-	if (security_ops->sb_ops->alloc_security(s))
-		goto out_fail;
 	if (!fs_type->read_super(s, data, flags & MS_VERBOSE ? 1 : 0))
 		goto out_fail;
 	s->s_flags |= MS_ACTIVE;
@@ -688,8 +687,6 @@
 	return s;
 
 out_fail:
-	if (s->s_security)
-		security_ops->sb_ops->free_security(s);
 	unlock_super(s);
 	deactivate_super(s);
 	remove_super(s);
@@ -725,11 +722,8 @@
 			return ERR_PTR(-EMFILE);
 		}
 		s->s_flags = flags;
-		s->s_security = NULL;
 		insert_super(s, fs_type);
 		lock_super(s);
-		if (security_ops->sb_ops->alloc_security(s))
-			goto out_fail;
 		if (!fs_type->read_super(s, data, flags & MS_VERBOSE ? 1 : 0))
 			goto out_fail;
 		s->s_flags |= MS_ACTIVE;
@@ -737,8 +731,6 @@
 		return s;
 
 	out_fail:
-		if (s->s_security)
-			security_ops->sb_ops->free_security(s);
 		unlock_super(s);
 		deactivate_super(s);
 		remove_super(s);
@@ -780,7 +772,6 @@
 			"Self-destruct in 5 seconds.  Have a nice day...\n");
 	}
 
-	security_ops->sb_ops->free_security(sb);
 	unlock_kernel();
 	unlock_super(sb);
 	remove_super(sb);

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

    This archive was generated by hypermail 2b30 : Mon Dec 17 2001 - 02:33:33 PST