[RFC][PATCH] Move security_d_instantiate hook calls in 2.5.68

• Previous message: Stephen C. Tweedie: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch moves the security_d_instantiate hook calls in d_instantiate
and d_splice_alias after the inode has been attached to the dentry. 
SELinux uses this hook to setup the inode's security structure when the
inode is first attached to a dentry.  This change is necessary so that
security modules can internally call the getxattr inode operation (which
takes a dentry parameter) from this hook to obtain the inode security
label.  Previously, when using the persistent label mapping, SELinux
only required an inode to fetch the security label, not a dentry, so the
hook was placed before the attach. Moving the hook calls should be safe,
as the dentry is not yet hashed, so the security module can still set up
the inode security structure before the dentry becomes accessible
through the dcache.  If anyone has any objections to this change, please
let me know.


 dcache.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

Index: linux-2.5/fs/dcache.c
===================================================================
RCS file: /home/pal/CVS/linux-2.5/fs/dcache.c,v
retrieving revision 1.5
diff -u -r1.5 dcache.c
--- linux-2.5/fs/dcache.c	21 Apr 2003 15:03:31 -0000	1.5
+++ linux-2.5/fs/dcache.c	28 Apr 2003 11:42:05 -0000
@@ -763,12 +763,12 @@
 void d_instantiate(struct dentry *entry, struct inode * inode)
 {
 	if (!list_empty(&entry->d_alias)) BUG();
-	security_d_instantiate(entry, inode);
 	spin_lock(&dcache_lock);
 	if (inode)
 		list_add(&entry->d_alias, &inode->i_dentry);
 	entry->d_inode = inode;
 	spin_unlock(&dcache_lock);
+	security_d_instantiate(entry, inode);
 }
 
 /**
@@ -896,12 +896,12 @@
 	struct dentry *new = NULL;
 
 	if (inode && S_ISDIR(inode->i_mode)) {
-		security_d_instantiate(dentry, inode);
 		spin_lock(&dcache_lock);
 		if (!list_empty(&inode->i_dentry)) {
 			new = list_entry(inode->i_dentry.next, struct dentry, d_alias);
 			__dget_locked(new);
 			spin_unlock(&dcache_lock);
+			security_d_instantiate(dentry, inode);
 			d_rehash(dentry);
 			d_move(new, dentry);
 			iput(inode);
@@ -910,6 +910,7 @@
 			list_add(&dentry->d_alias, &inode->i_dentry);
 			dentry->d_inode = inode;
 			spin_unlock(&dcache_lock);
+			security_d_instantiate(dentry, inode);
 			d_rehash(dentry);
 		}
 	} else


  
-- 
Stephen Smalley <sdsat_private>
National Security Agency

_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: Stephen Smalley: "[PATCH] Change LSM hooks in setxattr against 2.5.68"
• Previous message: Stephen C. Tweedie: "Re: [PATCH] Extended Attributes for Security Modules against 2.5.68"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 09:53:29 PDT