tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UBUNTU: SAUCE: apparmor4.0.0 [35/90]: LSM stacking v39: LSM: allocate mnt_opts blobs instead of module specific data

Browse Source 
BugLink: http://bugs.launchpad.net/bugs/2028253

Replace allocations of LSM specific mount data with the
shared mnt_opts blob.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry picked from commit 82587147aafee1cd0d3ef871cb9bf842235c281d
https://git.launchpad.net/~apparmor-dev/ubuntu-kernel-next)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
This commit is contained in:
Casey Schaufler
2023-11-16 10:32:42 -08:00
committed by Paolo Pisati
parent 061453d0e6
commit 3fe38a9672
4 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/linux/lsm_hooks.h
+1
View File
@@ -156,5 +156,6 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[];
__aligned(sizeof(unsigned long))
extern int lsm_inode_alloc(struct inode *inode);
extern void *lsm_mnt_opts_alloc(gfp_t priority);
#endif /* ! __LINUX_LSM_HOOKS_H */
security/security.c
+12
View File
@@ -1390,6 +1390,18 @@ void security_sb_free(struct super_block *sb)
sb->s_security = NULL;
}
/**
* lsm_mnt_opts_alloc - allocate a mnt_opts blob
* @priority: memory allocation priority
*
* Returns a newly allocated mnt_opts blob or NULL if
* memory isn't available.
*/
void *lsm_mnt_opts_alloc(gfp_t priority)
{
return kzalloc(blob_sizes.lbs_mnt_opts, priority);
}
/**
* security_free_mnt_opts() - Free memory associated with mount options
* @mnt_opts: LSM processed mount options
security/selinux/hooks.c
+7 -3
View File
@@ -2799,7 +2799,7 @@ static int selinux_fs_context_submount(struct fs_context *fc,
if (!(sbsec->flags & (FSCONTEXT_MNT|CONTEXT_MNT|DEFCONTEXT_MNT)))
return 0;
opts = kzalloc(sizeof(*opts), GFP_KERNEL);
opts = lsm_mnt_opts_alloc(GFP_KERNEL);
if (!opts)
return -ENOMEM;
@@ -2821,8 +2821,12 @@ static int selinux_fs_context_dup(struct fs_context *fc,
if (!src)
return 0;
fc->security = kmemdup(src, sizeof(*src), GFP_KERNEL);
return fc->security ? 0 : -ENOMEM;
fc->security = lsm_mnt_opts_alloc(GFP_KERNEL);
if (!fc->security)
return -ENOMEM;
memcpy(fc->security, src, sizeof(*src));
return 0;
}
static const struct fs_parameter_spec selinux_fs_parameters[] = {
security/smack/smack_lsm.c
+2 -2
View File
@@ -639,7 +639,7 @@ static int smack_fs_context_submount(struct fs_context *fc,
struct smack_mnt_opts *ctx;
struct inode_smack *isp;
ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
ctx = lsm_mnt_opts_alloc(GFP_KERNEL);
if (!ctx)
return -ENOMEM;
fc->security = ctx;
@@ -690,7 +690,7 @@ static int smack_fs_context_dup(struct fs_context *fc,
if (!src)
return 0;
fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
fc->security = lsm_mnt_opts_alloc(GFP_KERNEL);
if (!fc->security)
return -ENOMEM;