tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

shm/security: Pass kern_ipc_perm not shmid_kernel into the shm security hooks

All of the implementations of security hooks that take shmid_kernel only
access shm_perm the struct kern_ipc_perm member. This means the
dependencies of the shm security hooks can be simplified by passing
the kern_ipc_perm member of shmid_kernel..

Making this change will allow struct shmid_kernel to become private to ipc/shm.c.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

Eric W. Biederman 7191adff aefad959

+52 -56
+5 -5
include/linux/lsm_hooks.h
··· 1585 1585 struct task_struct *target, long type, 1586 1586 int mode); 1587 1587 1588 - int (*shm_alloc_security)(struct shmid_kernel *shp); 1589 - void (*shm_free_security)(struct shmid_kernel *shp); 1590 - int (*shm_associate)(struct shmid_kernel *shp, int shmflg); 1591 - int (*shm_shmctl)(struct shmid_kernel *shp, int cmd); 1592 - int (*shm_shmat)(struct shmid_kernel *shp, char __user *shmaddr, 1588 + int (*shm_alloc_security)(struct kern_ipc_perm *shp); 1589 + void (*shm_free_security)(struct kern_ipc_perm *shp); 1590 + int (*shm_associate)(struct kern_ipc_perm *shp, int shmflg); 1591 + int (*shm_shmctl)(struct kern_ipc_perm *shp, int cmd); 1592 + int (*shm_shmat)(struct kern_ipc_perm *shp, char __user *shmaddr, 1593 1593 int shmflg); 1594 1594 1595 1595 int (*sem_alloc_security)(struct kern_ipc_perm *sma);
+10 -11
include/linux/security.h
··· 49 49 struct iattr; 50 50 struct fown_struct; 51 51 struct file_operations; 52 - struct shmid_kernel; 53 52 struct msg_msg; 54 53 struct msg_queue; 55 54 struct xattr; ··· 361 362 struct msg_msg *msg, int msqflg); 362 363 int security_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, 363 364 struct task_struct *target, long type, int mode); 364 - int security_shm_alloc(struct shmid_kernel *shp); 365 - void security_shm_free(struct shmid_kernel *shp); 366 - int security_shm_associate(struct shmid_kernel *shp, int shmflg); 367 - int security_shm_shmctl(struct shmid_kernel *shp, int cmd); 368 - int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg); 365 + int security_shm_alloc(struct kern_ipc_perm *shp); 366 + void security_shm_free(struct kern_ipc_perm *shp); 367 + int security_shm_associate(struct kern_ipc_perm *shp, int shmflg); 368 + int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd); 369 + int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg); 369 370 int security_sem_alloc(struct kern_ipc_perm *sma); 370 371 void security_sem_free(struct kern_ipc_perm *sma); 371 372 int security_sem_associate(struct kern_ipc_perm *sma, int semflg); ··· 1076 1077 return 0; 1077 1078 } 1078 1079 1079 - static inline int security_shm_alloc(struct shmid_kernel *shp) 1080 + static inline int security_shm_alloc(struct kern_ipc_perm *shp) 1080 1081 { 1081 1082 return 0; 1082 1083 } 1083 1084 1084 - static inline void security_shm_free(struct shmid_kernel *shp) 1085 + static inline void security_shm_free(struct kern_ipc_perm *shp) 1085 1086 { } 1086 1087 1087 - static inline int security_shm_associate(struct shmid_kernel *shp, 1088 + static inline int security_shm_associate(struct kern_ipc_perm *shp, 1088 1089 int shmflg) 1089 1090 { 1090 1091 return 0; 1091 1092 } 1092 1093 1093 - static inline int security_shm_shmctl(struct shmid_kernel *shp, int cmd) 1094 + static inline int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 1094 1095 { 1095 1096 return 0; 1096 1097 } 1097 1098 1098 - static inline int security_shm_shmat(struct shmid_kernel *shp, 1099 + static inline int security_shm_shmat(struct kern_ipc_perm *shp, 1099 1100 char __user *shmaddr, int shmflg) 1100 1101 { 1101 1102 return 0;
+7 -10
ipc/shm.c
··· 181 181 rcu); 182 182 struct shmid_kernel *shp = container_of(ptr, struct shmid_kernel, 183 183 shm_perm); 184 - security_shm_free(shp); 184 + security_shm_free(&shp->shm_perm); 185 185 kvfree(shp); 186 186 } 187 187 ··· 554 554 shp->mlock_user = NULL; 555 555 556 556 shp->shm_perm.security = NULL; 557 - error = security_shm_alloc(shp); 557 + error = security_shm_alloc(&shp->shm_perm); 558 558 if (error) { 559 559 kvfree(shp); 560 560 return error; ··· 635 635 */ 636 636 static inline int shm_security(struct kern_ipc_perm *ipcp, int shmflg) 637 637 { 638 - struct shmid_kernel *shp; 639 - 640 - shp = container_of(ipcp, struct shmid_kernel, shm_perm); 641 - return security_shm_associate(shp, shmflg); 638 + return security_shm_associate(ipcp, shmflg); 642 639 } 643 640 644 641 /* ··· 832 835 833 836 shp = container_of(ipcp, struct shmid_kernel, shm_perm); 834 837 835 - err = security_shm_shmctl(shp, cmd); 838 + err = security_shm_shmctl(&shp->shm_perm, cmd); 836 839 if (err) 837 840 goto out_unlock1; 838 841 ··· 931 934 if (ipcperms(ns, &shp->shm_perm, S_IRUGO)) 932 935 goto out_unlock; 933 936 934 - err = security_shm_shmctl(shp, cmd); 937 + err = security_shm_shmctl(&shp->shm_perm, cmd); 935 938 if (err) 936 939 goto out_unlock; 937 940 ··· 975 978 } 976 979 977 980 audit_ipc_obj(&(shp->shm_perm)); 978 - err = security_shm_shmctl(shp, cmd); 981 + err = security_shm_shmctl(&shp->shm_perm, cmd); 979 982 if (err) 980 983 goto out_unlock1; 981 984 ··· 1345 1348 if (ipcperms(ns, &shp->shm_perm, acc_mode)) 1346 1349 goto out_unlock; 1347 1350 1348 - err = security_shm_shmat(shp, shmaddr, shmflg); 1351 + err = security_shm_shmat(&shp->shm_perm, shmaddr, shmflg); 1349 1352 if (err) 1350 1353 goto out_unlock; 1351 1354
+5 -5
security/security.c
··· 1195 1195 return call_int_hook(msg_queue_msgrcv, 0, msq, msg, target, type, mode); 1196 1196 } 1197 1197 1198 - int security_shm_alloc(struct shmid_kernel *shp) 1198 + int security_shm_alloc(struct kern_ipc_perm *shp) 1199 1199 { 1200 1200 return call_int_hook(shm_alloc_security, 0, shp); 1201 1201 } 1202 1202 1203 - void security_shm_free(struct shmid_kernel *shp) 1203 + void security_shm_free(struct kern_ipc_perm *shp) 1204 1204 { 1205 1205 call_void_hook(shm_free_security, shp); 1206 1206 } 1207 1207 1208 - int security_shm_associate(struct shmid_kernel *shp, int shmflg) 1208 + int security_shm_associate(struct kern_ipc_perm *shp, int shmflg) 1209 1209 { 1210 1210 return call_int_hook(shm_associate, 0, shp, shmflg); 1211 1211 } 1212 1212 1213 - int security_shm_shmctl(struct shmid_kernel *shp, int cmd) 1213 + int security_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 1214 1214 { 1215 1215 return call_int_hook(shm_shmctl, 0, shp, cmd); 1216 1216 } 1217 1217 1218 - int security_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, int shmflg) 1218 + int security_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, int shmflg) 1219 1219 { 1220 1220 return call_int_hook(shm_shmat, 0, shp, shmaddr, shmflg); 1221 1221 }
+14 -14
security/selinux/hooks.c
··· 5674 5674 } 5675 5675 5676 5676 /* Shared Memory security operations */ 5677 - static int selinux_shm_alloc_security(struct shmid_kernel *shp) 5677 + static int selinux_shm_alloc_security(struct kern_ipc_perm *shp) 5678 5678 { 5679 5679 struct ipc_security_struct *isec; 5680 5680 struct common_audit_data ad; 5681 5681 u32 sid = current_sid(); 5682 5682 int rc; 5683 5683 5684 - rc = ipc_alloc_security(&shp->shm_perm, SECCLASS_SHM); 5684 + rc = ipc_alloc_security(shp, SECCLASS_SHM); 5685 5685 if (rc) 5686 5686 return rc; 5687 5687 5688 - isec = shp->shm_perm.security; 5688 + isec = shp->security; 5689 5689 5690 5690 ad.type = LSM_AUDIT_DATA_IPC; 5691 - ad.u.ipc_id = shp->shm_perm.key; 5691 + ad.u.ipc_id = shp->key; 5692 5692 5693 5693 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5694 5694 SHM__CREATE, &ad); 5695 5695 if (rc) { 5696 - ipc_free_security(&shp->shm_perm); 5696 + ipc_free_security(shp); 5697 5697 return rc; 5698 5698 } 5699 5699 return 0; 5700 5700 } 5701 5701 5702 - static void selinux_shm_free_security(struct shmid_kernel *shp) 5702 + static void selinux_shm_free_security(struct kern_ipc_perm *shp) 5703 5703 { 5704 - ipc_free_security(&shp->shm_perm); 5704 + ipc_free_security(shp); 5705 5705 } 5706 5706 5707 - static int selinux_shm_associate(struct shmid_kernel *shp, int shmflg) 5707 + static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) 5708 5708 { 5709 5709 struct ipc_security_struct *isec; 5710 5710 struct common_audit_data ad; 5711 5711 u32 sid = current_sid(); 5712 5712 5713 - isec = shp->shm_perm.security; 5713 + isec = shp->security; 5714 5714 5715 5715 ad.type = LSM_AUDIT_DATA_IPC; 5716 - ad.u.ipc_id = shp->shm_perm.key; 5716 + ad.u.ipc_id = shp->key; 5717 5717 5718 5718 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, 5719 5719 SHM__ASSOCIATE, &ad); 5720 5720 } 5721 5721 5722 5722 /* Note, at this point, shp is locked down */ 5723 - static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd) 5723 + static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 5724 5724 { 5725 5725 int perms; 5726 5726 int err; ··· 5749 5749 return 0; 5750 5750 } 5751 5751 5752 - err = ipc_has_perm(&shp->shm_perm, perms); 5752 + err = ipc_has_perm(shp, perms); 5753 5753 return err; 5754 5754 } 5755 5755 5756 - static int selinux_shm_shmat(struct shmid_kernel *shp, 5756 + static int selinux_shm_shmat(struct kern_ipc_perm *shp, 5757 5757 char __user *shmaddr, int shmflg) 5758 5758 { 5759 5759 u32 perms; ··· 5763 5763 else 5764 5764 perms = SHM__READ | SHM__WRITE; 5765 5765 5766 - return ipc_has_perm(&shp->shm_perm, perms); 5766 + return ipc_has_perm(shp, perms); 5767 5767 } 5768 5768 5769 5769 /* Semaphore security operations */
+11 -11
security/smack/smack_lsm.c
··· 2950 2950 * 2951 2951 * Returns a pointer to the smack value 2952 2952 */ 2953 - static struct smack_known *smack_of_shm(struct shmid_kernel *shp) 2953 + static struct smack_known *smack_of_shm(struct kern_ipc_perm *shp) 2954 2954 { 2955 - return (struct smack_known *)shp->shm_perm.security; 2955 + return (struct smack_known *)shp->security; 2956 2956 } 2957 2957 2958 2958 /** ··· 2961 2961 * 2962 2962 * Returns 0 2963 2963 */ 2964 - static int smack_shm_alloc_security(struct shmid_kernel *shp) 2964 + static int smack_shm_alloc_security(struct kern_ipc_perm *shp) 2965 2965 { 2966 - struct kern_ipc_perm *isp = &shp->shm_perm; 2966 + struct kern_ipc_perm *isp = shp; 2967 2967 struct smack_known *skp = smk_of_current(); 2968 2968 2969 2969 isp->security = skp; ··· 2976 2976 * 2977 2977 * Clears the blob pointer 2978 2978 */ 2979 - static void smack_shm_free_security(struct shmid_kernel *shp) 2979 + static void smack_shm_free_security(struct kern_ipc_perm *shp) 2980 2980 { 2981 - struct kern_ipc_perm *isp = &shp->shm_perm; 2981 + struct kern_ipc_perm *isp = shp; 2982 2982 2983 2983 isp->security = NULL; 2984 2984 } ··· 2990 2990 * 2991 2991 * Returns 0 if current has the requested access, error code otherwise 2992 2992 */ 2993 - static int smk_curacc_shm(struct shmid_kernel *shp, int access) 2993 + static int smk_curacc_shm(struct kern_ipc_perm *shp, int access) 2994 2994 { 2995 2995 struct smack_known *ssp = smack_of_shm(shp); 2996 2996 struct smk_audit_info ad; ··· 2998 2998 2999 2999 #ifdef CONFIG_AUDIT 3000 3000 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); 3001 - ad.a.u.ipc_id = shp->shm_perm.id; 3001 + ad.a.u.ipc_id = shp->id; 3002 3002 #endif 3003 3003 rc = smk_curacc(ssp, access, &ad); 3004 3004 rc = smk_bu_current("shm", ssp, access, rc); ··· 3012 3012 * 3013 3013 * Returns 0 if current has the requested access, error code otherwise 3014 3014 */ 3015 - static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) 3015 + static int smack_shm_associate(struct kern_ipc_perm *shp, int shmflg) 3016 3016 { 3017 3017 int may; 3018 3018 ··· 3027 3027 * 3028 3028 * Returns 0 if current has the requested access, error code otherwise 3029 3029 */ 3030 - static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 3030 + static int smack_shm_shmctl(struct kern_ipc_perm *shp, int cmd) 3031 3031 { 3032 3032 int may; 3033 3033 ··· 3062 3062 * 3063 3063 * Returns 0 if current has the requested access, error code otherwise 3064 3064 */ 3065 - static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, 3065 + static int smack_shm_shmat(struct kern_ipc_perm *shp, char __user *shmaddr, 3066 3066 int shmflg) 3067 3067 { 3068 3068 int may;