Re: [RFC][PATCH] super block [alloc|free]_security

• Previous message: Serge E. Hallyn: "Re: [RFC][PATCH] super block [alloc|free]_security"
• In reply to: Chris Wright: "[RFC][PATCH] super block [alloc|free]_security"
• Next in thread: Stephen Smalley: "Re: [RFC][PATCH] super block [alloc|free]_security"
• Reply: Stephen Smalley: "Re: [RFC][PATCH] super block [alloc|free]_security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

same patch for lsm-2.4.  currently lsm-2.4 appears to miss the mount cases for
get_sb_bdev() (normal block device) and get_sb_single() (single sb, like
/proc, devfs, etc), since they have moved to calling fs_type->read_super()
directly.

comments?

thanks,
-chris

===== super.c 1.41 vs edited =====
--- 1.41/fs/super.c	Mon Nov 26 19:45:36 2001
+++ edited/super.c	Tue Dec 18 21:18:22 2001
@@ -283,8 +283,10 @@
 static inline void __put_super(struct super_block *sb)
 {
 	spin_lock(&sb_lock);
-	if (!--sb->s_count)
+	if (!--sb->s_count) {
+		security_ops->sb_ops->free_security(sb);
 		kfree(sb);
+	}
 	spin_unlock(&sb_lock);
 }
 
@@ -425,6 +427,11 @@
 	struct super_block *s = kmalloc(sizeof(struct super_block),  GFP_USER);
 	if (s) {
 		memset(s, 0, sizeof(struct super_block));
+		if (security_ops->sb_ops->alloc_security(s)) {
+			kfree(s);
+			s = NULL;
+			goto out;
+		}
 		INIT_LIST_HEAD(&s->s_dirty);
 		INIT_LIST_HEAD(&s->s_locked_inodes);
 		INIT_LIST_HEAD(&s->s_files);
@@ -439,6 +446,7 @@
 		sema_init(&s->s_dquot.dqoff_sem, 1);
 		s->s_maxbytes = MAX_NON_LFS;
 	}
+out:
 	return s;
 }
 
@@ -454,7 +462,6 @@
 	s->s_bdev = bdev;
 	s->s_flags = flags;
 	s->s_type = type;
-	s->s_security = NULL;
 	spin_lock(&sb_lock);
 	list_add (&s->s_list, super_blocks.prev);
 	list_add (&s->s_instances, &type->fs_supers);
@@ -462,8 +469,6 @@
 	spin_unlock(&sb_lock);
 	down_write(&s->s_umount);
 	lock_super(s);
-	if (security_ops->sb_ops->alloc_security(s))
-		goto out_fail;
 	if (!type->read_super(s, data, flags & MS_VERBOSE ? 1 : 0))
 		goto out_fail;
 	s->s_flags |= MS_ACTIVE;
@@ -478,8 +483,6 @@
 	s->s_dev = 0;
 	s->s_bdev = 0;
 	s->s_type = NULL;
-	if (s->s_security)
-		security_ops->sb_ops->free_security(s);
 	unlock_super(s);
 	spin_lock(&sb_lock);
 	list_del(&s->s_list);
@@ -769,7 +772,6 @@
 	sb->s_bdev = NULL;
 	put_filesystem(fs);
 	sb->s_type = NULL;
-	security_ops->sb_ops->free_security(sb);
 	unlock_super(sb);
 	unlock_kernel();
 	if (bdev)
_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Chris Wright: "2.5 and mount MS_MOVE"
• Previous message: Serge E. Hallyn: "Re: [RFC][PATCH] super block [alloc|free]_security"
• In reply to: Chris Wright: "[RFC][PATCH] super block [alloc|free]_security"
• Next in thread: Stephen Smalley: "Re: [RFC][PATCH] super block [alloc|free]_security"
• Reply: Stephen Smalley: "Re: [RFC][PATCH] super block [alloc|free]_security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 18 2001 - 21:28:47 PST