Re: [PATCH v39 20/42] LSM: Use lsmcontext in security_dentry_init_security

From: Xiubo Li
Date: Sun Dec 17 2023 - 21:51:55 EST

Next message: Ping-Ke Shih: "RE: [PATCH v3] wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices"
Previous message: Jason Wang: "Re: [PATCH v5 2/4] vduse: Temporarily disable control queue features"
Next in thread: Casey Schaufler: "Re: [PATCH v39 20/42] LSM: Use lsmcontext in security_dentry_init_security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/16/23 06:16, Casey Schaufler wrote:

Replace the (secctx,seclen) pointer pair with a single
lsmcontext pointer to allow return of the LSM identifier
along with the context and context length. This allows
security_release_secctx() to know how to release the
context. Callers have been modified to use or save the
returned data from the new structure.

Special care is taken in the NFS code, which uses the
same data structure for its own copied labels as it does
for the data which comes from security_dentry_init_security().
In the case of copied labels the data has to be freed, not
released.

Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Cc: ceph-devel@xxxxxxxxxxxxxxx
Cc: linux-nfs@xxxxxxxxxxxxxxx
---
fs/ceph/super.h | 3 +--
fs/ceph/xattr.c | 19 ++++++-------------
fs/fuse/dir.c | 35 ++++++++++++++++++-----------------
fs/nfs/dir.c | 2 +-
fs/nfs/inode.c | 17 ++++++++++-------
fs/nfs/internal.h | 8 +++++---
fs/nfs/nfs4proc.c | 22 +++++++++-------------
fs/nfs/nfs4xdr.c | 22 ++++++++++++----------
include/linux/lsm_hook_defs.h | 2 +-
include/linux/nfs4.h | 8 ++++----
include/linux/nfs_fs.h | 2 +-
include/linux/security.h | 7 +++----
security/security.c | 9 ++++-----
security/selinux/hooks.c | 9 +++++----
14 files changed, 80 insertions(+), 85 deletions(-)

diff --git a/fs/ceph/super.h b/fs/ceph/super.h
index fe0f64a0acb2..d503cc7478b7 100644
--- a/fs/ceph/super.h
+++ b/fs/ceph/super.h
@@ -1133,8 +1133,7 @@ struct ceph_acl_sec_ctx {
void *acl;
#endif
#ifdef CONFIG_CEPH_FS_SECURITY_LABEL
- void *sec_ctx;
- u32 sec_ctxlen;
+ struct lsmcontext lsmctx;
#endif
#ifdef CONFIG_FS_ENCRYPTION
struct ceph_fscrypt_auth *fscrypt_auth;
diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c
index 113956d386c0..4c767a20ac4c 100644
--- a/fs/ceph/xattr.c
+++ b/fs/ceph/xattr.c
@@ -1383,8 +1383,7 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode,
int err;
err = security_dentry_init_security(dentry, mode, &dentry->d_name,
- &name, &as_ctx->sec_ctx,
- &as_ctx->sec_ctxlen);
+ &name, &as_ctx->lsmctx);
if (err < 0) {
WARN_ON_ONCE(err != -EOPNOTSUPP);
err = 0; /* do nothing */
@@ -1409,7 +1408,7 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode,
*/
name_len = strlen(name);
err = ceph_pagelist_reserve(pagelist,
- 4 * 2 + name_len + as_ctx->sec_ctxlen);
+ 4 * 2 + name_len + as_ctx->lsmctx.len);
if (err)
goto out;
@@ -1429,11 +1428,9 @@ int ceph_security_init_secctx(struct dentry *dentry, umode_t mode,
as_ctx->pagelist = pagelist;
}
- ceph_pagelist_encode_32(pagelist, name_len);
- ceph_pagelist_append(pagelist, name, name_len);
-

Why remove these ?

- ceph_pagelist_encode_32(pagelist, as_ctx->sec_ctxlen);
- ceph_pagelist_append(pagelist, as_ctx->sec_ctx, as_ctx->sec_ctxlen);
+ ceph_pagelist_encode_32(pagelist, as_ctx->lsmctx.len);
+ ceph_pagelist_append(pagelist, as_ctx->lsmctx.context,
+ as_ctx->lsmctx.len);

[...]

Thanks,

- Xiubo

Next message: Ping-Ke Shih: "RE: [PATCH v3] wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices"
Previous message: Jason Wang: "Re: [PATCH v5 2/4] vduse: Temporarily disable control queue features"
Next in thread: Casey Schaufler: "Re: [PATCH v39 20/42] LSM: Use lsmcontext in security_dentry_init_security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]