[PATCH 10/76] security: Use inode_sb() helper instead of inode->i_sb
From: Mark Fasheh
Date: Tue May 08 2018 - 14:39:05 EST
Signed-off-by: Mark Fasheh <mfasheh@xxxxxxx>
---
security/apparmor/apparmorfs.c | 4 ++--
security/commoncap.c | 8 ++++----
security/inode.c | 2 +-
security/integrity/evm/evm_crypto.c | 4 ++--
security/integrity/ima/ima_policy.c | 4 ++--
security/integrity/integrity_audit.c | 2 +-
security/lsm_audit.c | 10 +++++-----
security/selinux/hooks.c | 23 ++++++++++++-----------
security/smack/smack_lsm.c | 26 +++++++++++++-------------
security/tomoyo/condition.c | 2 +-
10 files changed, 43 insertions(+), 42 deletions(-)
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index a9428daa69f3..862a4bd89597 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -181,7 +181,7 @@ static int __aafs_setup_d_inode(struct inode *dir, struct dentry *dentry,
const struct file_operations *fops,
const struct inode_operations *iops)
{
- struct inode *inode = new_inode(dir->i_sb);
+ struct inode *inode = new_inode(inode_sb(dir));
AA_BUG(!dir);
AA_BUG(!dentry);
@@ -2349,7 +2349,7 @@ static int aa_mk_null_file(struct dentry *parent)
error = PTR_ERR(dentry);
goto out;
}
- inode = new_inode(parent->d_inode->i_sb);
+ inode = new_inode(inode_sb(parent->d_inode));
if (!inode) {
error = -ENOMEM;
goto out1;
diff --git a/security/commoncap.c b/security/commoncap.c
index 48620c93d697..f85a10da2ba2 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -400,7 +400,7 @@ int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
if (ret < 0)
return ret;
- fs_ns = inode->i_sb->s_user_ns;
+ fs_ns = inode_sb(inode)->s_user_ns;
cap = (struct vfs_cap_data *) tmpbuf;
if (is_v2header((size_t) ret, cap)) {
/* If this is sizeof(vfs_cap_data) then we're ok with the
@@ -486,7 +486,7 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
__u32 magic, nsmagic;
struct inode *inode = d_backing_inode(dentry);
struct user_namespace *task_ns = current_user_ns(),
- *fs_ns = inode->i_sb->s_user_ns;
+ *fs_ns = inode_sb(inode)->s_user_ns;
kuid_t rootid;
size_t newsize;
@@ -497,7 +497,7 @@ int cap_convert_nscap(struct dentry *dentry, void **ivalue, size_t size)
if (!capable_wrt_inode_uidgid(inode, CAP_SETFCAP))
return -EPERM;
if (size == XATTR_CAPS_SZ_2)
- if (ns_capable(inode->i_sb->s_user_ns, CAP_SETFCAP))
+ if (ns_capable(inode_sb(inode)->s_user_ns, CAP_SETFCAP))
/* user is privileged, just write the v2 */
return size;
@@ -589,7 +589,7 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
if (!inode)
return -ENODATA;
- fs_ns = inode->i_sb->s_user_ns;
+ fs_ns = inode_sb(inode)->s_user_ns;
size = __vfs_getxattr((struct dentry *)dentry, inode,
XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ);
if (size == -ENODATA || size == -EOPNOTSUPP)
diff --git a/security/inode.c b/security/inode.c
index 8dd9ca8848e4..6a3d08901054 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -131,7 +131,7 @@ static struct dentry *securityfs_create_dentry(const char *name, umode_t mode,
goto out1;
}
- inode = new_inode(dir->i_sb);
+ inode = new_inode(inode_sb(dir));
if (!inode) {
error = -ENOMEM;
goto out1;
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 691f3e09154c..979bf5068d46 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -170,8 +170,8 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
type != EVM_XATTR_PORTABLE_DIGSIG)
- crypto_shash_update(desc, &inode->i_sb->s_uuid.b[0],
- sizeof(inode->i_sb->s_uuid));
+ crypto_shash_update(desc, &inode_sb(inode)->s_uuid.b[0],
+ sizeof(inode_sb(inode)->s_uuid));
crypto_shash_final(desc, digest);
}
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 915f5572c6ff..61ded57e0427 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -265,10 +265,10 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode,
(!(rule->mask & mask) && func != POST_SETATTR))
return false;
if ((rule->flags & IMA_FSMAGIC)
- && rule->fsmagic != inode->i_sb->s_magic)
+ && rule->fsmagic != inode_sb(inode)->s_magic)
return false;
if ((rule->flags & IMA_FSUUID) &&
- !uuid_equal(&rule->fsuuid, &inode->i_sb->s_uuid))
+ !uuid_equal(&rule->fsuuid, &inode_sb(inode)->s_uuid))
return false;
if ((rule->flags & IMA_UID) && !rule->uid_op(cred->uid, rule->uid))
return false;
diff --git a/security/integrity/integrity_audit.c b/security/integrity/integrity_audit.c
index 90987d15b6fe..62e569589dc8 100644
--- a/security/integrity/integrity_audit.c
+++ b/security/integrity/integrity_audit.c
@@ -57,7 +57,7 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode,
}
if (inode) {
audit_log_format(ab, " dev=");
- audit_log_untrustedstring(ab, inode->i_sb->s_id);
+ audit_log_untrustedstring(ab, inode_sb(inode)->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
audit_log_format(ab, " res=%d", !result);
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 67703dbe29ea..90d557cf7819 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -240,7 +240,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
inode = d_backing_inode(a->u.path.dentry);
if (inode) {
audit_log_format(ab, " dev=");
- audit_log_untrustedstring(ab, inode->i_sb->s_id);
+ audit_log_untrustedstring(ab, inode_sb(inode)->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
break;
@@ -253,7 +253,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
inode = file_inode(a->u.file);
if (inode) {
audit_log_format(ab, " dev=");
- audit_log_untrustedstring(ab, inode->i_sb->s_id);
+ audit_log_untrustedstring(ab, inode_sb(inode)->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
break;
@@ -266,7 +266,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
inode = a->u.op->path.dentry->d_inode;
if (inode) {
audit_log_format(ab, " dev=");
- audit_log_untrustedstring(ab, inode->i_sb->s_id);
+ audit_log_untrustedstring(ab, inode_sb(inode)->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
@@ -282,7 +282,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
inode = d_backing_inode(a->u.dentry);
if (inode) {
audit_log_format(ab, " dev=");
- audit_log_untrustedstring(ab, inode->i_sb->s_id);
+ audit_log_untrustedstring(ab, inode_sb(inode)->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
break;
@@ -300,7 +300,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
dput(dentry);
}
audit_log_format(ab, " dev=");
- audit_log_untrustedstring(ab, inode->i_sb->s_id);
+ audit_log_untrustedstring(ab, inode_sb(inode)->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
break;
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8644d864e3c1..55bb29dd6726 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -331,7 +331,7 @@ static void inode_free_rcu(struct rcu_head *head)
static void inode_free_security(struct inode *inode)
{
struct inode_security_struct *isec = inode->i_security;
- struct superblock_security_struct *sbsec = inode->i_sb->s_security;
+ struct superblock_security_struct *sbsec = inode_sb(inode)->s_security;
/*
* As not all inode security structures are in a list, we check for
@@ -1500,7 +1500,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
if (isec->sclass == SECCLASS_FILE)
isec->sclass = inode_mode_to_security_class(inode->i_mode);
- sbsec = inode->i_sb->s_security;
+ sbsec = inode_sb(inode)->s_security;
if (!(sbsec->flags & SE_SBINITIALIZED)) {
/* Defer initialization until selinux_complete_init,
after the initial policy is loaded and the security
@@ -1581,7 +1581,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
if (rc != -ENODATA) {
printk(KERN_WARNING "SELinux: %s: getxattr returned "
"%d for dev=%s ino=%ld\n", __func__,
- -rc, inode->i_sb->s_id, inode->i_ino);
+ -rc, inode_sb(inode)->s_id,
+ inode->i_ino);
kfree(context);
goto out;
}
@@ -1593,7 +1594,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
sbsec->def_sid,
GFP_NOFS);
if (rc) {
- char *dev = inode->i_sb->s_id;
+ char *dev = inode_sb(inode)->s_id;
unsigned long ino = inode->i_ino;
if (rc == -EINVAL) {
@@ -1873,7 +1874,7 @@ selinux_determine_inode_label(const struct task_security_struct *tsec,
const struct qstr *name, u16 tclass,
u32 *_new_isid)
{
- const struct superblock_security_struct *sbsec = dir->i_sb->s_security;
+ const struct superblock_security_struct *sbsec = inode_sb(dir)->s_security;
if ((sbsec->flags & SE_SBINITIALIZED) &&
(sbsec->behavior == SECURITY_FS_USE_MNTPOINT)) {
@@ -1903,7 +1904,7 @@ static int may_create(struct inode *dir,
int rc;
dsec = inode_security(dir);
- sbsec = dir->i_sb->s_security;
+ sbsec = inode_sb(dir)->s_security;
sid = tsec->sid;
@@ -2106,7 +2107,7 @@ static inline u32 open_file_to_av(struct file *file)
u32 av = file_to_av(file);
struct inode *inode = file_inode(file);
- if (selinux_policycap_openperm && inode->i_sb->s_magic != SOCKFS_MAGIC)
+ if (selinux_policycap_openperm && inode_sb(inode)->s_magic != SOCKFS_MAGIC)
av |= FILE__OPEN;
return av;
@@ -2939,7 +2940,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
int rc;
char *context;
- sbsec = dir->i_sb->s_security;
+ sbsec = inode_sb(dir)->s_security;
newsid = tsec->create_sid;
@@ -3127,7 +3128,7 @@ static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)
return dentry_has_perm(cred, dentry, FILE__SETATTR);
if (selinux_policycap_openperm &&
- inode->i_sb->s_magic != SOCKFS_MAGIC &&
+ inode_sb(inode)->s_magic != SOCKFS_MAGIC &&
(ia_valid & ATTR_SIZE) &&
!(ia_valid & ATTR_FILE))
av |= FILE__OPEN;
@@ -3172,7 +3173,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
return dentry_has_perm(current_cred(), dentry, FILE__SETATTR);
}
- sbsec = inode->i_sb->s_security;
+ sbsec = inode_sb(inode)->s_security;
if (!(sbsec->flags & SBLABEL_MNT))
return -EOPNOTSUPP;
@@ -3253,7 +3254,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
if (rc) {
printk(KERN_ERR "SELinux: unable to map context to SID"
"for (%s, %lu), rc=%d\n",
- inode->i_sb->s_id, inode->i_ino, -rc);
+ inode_sb(inode)->s_id, inode->i_ino, -rc);
return;
}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 03fdecba93bb..cf1dacb55d48 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -170,7 +170,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc)
if (isp->smk_flags & SMK_INODE_IMPURE)
pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
- inode->i_sb->s_id, inode->i_ino, current->comm);
+ inode_sb(inode)->s_id, inode->i_ino, current->comm);
if (rc <= 0)
return rc;
@@ -184,7 +184,7 @@ static int smk_bu_inode(struct inode *inode, int mode, int rc)
pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
- inode->i_sb->s_id, inode->i_ino, current->comm);
+ inode_sb(inode)->s_id, inode->i_ino, current->comm);
return 0;
}
#else
@@ -202,7 +202,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
if (isp->smk_flags & SMK_INODE_IMPURE)
pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
- inode->i_sb->s_id, inode->i_ino, current->comm);
+ inode_sb(inode)->s_id, inode->i_ino, current->comm);
if (rc <= 0)
return rc;
@@ -212,7 +212,7 @@ static int smk_bu_file(struct file *file, int mode, int rc)
smk_bu_mode(mode, acc);
pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
- inode->i_sb->s_id, inode->i_ino, file,
+ inode_sb(inode)->s_id, inode->i_ino, file,
current->comm);
return 0;
}
@@ -232,7 +232,7 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file,
if (isp->smk_flags & SMK_INODE_IMPURE)
pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
- inode->i_sb->s_id, inode->i_ino, current->comm);
+ inode_sb(inode)->s_id, inode->i_ino, current->comm);
if (rc <= 0)
return rc;
@@ -242,7 +242,7 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file,
smk_bu_mode(mode, acc);
pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
- inode->i_sb->s_id, inode->i_ino, file,
+ inode_sb(inode)->s_id, inode->i_ino, file,
current->comm);
return 0;
}
@@ -924,7 +924,7 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm)
if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
return 0;
- sbsp = inode->i_sb->s_security;
+ sbsp = inode_sb(inode)->s_security;
if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
isp->smk_task != sbsp->smk_root)
return 0;
@@ -1213,7 +1213,7 @@ static int smack_inode_rename(struct inode *old_inode,
*/
static int smack_inode_permission(struct inode *inode, int mask)
{
- struct superblock_smack *sbsp = inode->i_sb->s_security;
+ struct superblock_smack *sbsp = inode_sb(inode)->s_security;
struct smk_audit_info ad;
int no_block = mask & MAY_NOT_BLOCK;
int rc;
@@ -1493,7 +1493,7 @@ static int smack_inode_getsecurity(struct inode *inode,
/*
* The rest of the Smack xattrs are only on sockets.
*/
- sbp = ip->i_sb;
+ sbp = inode_sb(ip);
if (sbp->s_magic != SOCKFS_MAGIC)
return -EOPNOTSUPP;
@@ -1737,7 +1737,7 @@ static int smack_mmap_file(struct file *file,
isp = file_inode(file)->i_security;
if (isp->smk_mmap == NULL)
return 0;
- sbsp = file_inode(file)->i_sb->s_security;
+ sbsp = inode_sb(file_inode(file))->s_security;
if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
isp->smk_mmap != sbsp->smk_root)
return -EACCES;
@@ -1884,7 +1884,7 @@ static int smack_file_receive(struct file *file)
smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
smk_ad_setfield_u_fs_path(&ad, file->f_path);
- if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
+ if (inode_sb(inode)->s_magic == SOCKFS_MAGIC) {
sock = SOCKET_I(inode);
ssp = sock->sk->sk_security;
tsp = current_security();
@@ -2759,7 +2759,7 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
/*
* The rest of the Smack xattrs are only on sockets.
*/
- if (inode->i_sb->s_magic != SOCKFS_MAGIC)
+ if (inode_sb(inode)->s_magic != SOCKFS_MAGIC)
return -EOPNOTSUPP;
sock = SOCKET_I(inode);
@@ -3414,7 +3414,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
if (isp->smk_flags & SMK_INODE_INSTANT)
goto unlockandout;
- sbp = inode->i_sb;
+ sbp = inode_sb(inode);
sbsp = sbp->s_security;
/*
* We're going to use the superblock default label
diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c
index 8d0e1b9c9c57..3422f5f57e43 100644
--- a/security/tomoyo/condition.c
+++ b/security/tomoyo/condition.c
@@ -722,7 +722,7 @@ void tomoyo_get_attributes(struct tomoyo_obj_info *obj)
stat->gid = inode->i_gid;
stat->ino = inode->i_ino;
stat->mode = inode->i_mode;
- stat->dev = inode->i_sb->s_dev;
+ stat->dev = inode_sb(inode)->s_dev;
stat->rdev = inode->i_rdev;
obj->stat_valid[i] = true;
}
--
2.15.1