From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yw1-f67.google.com ([209.85.161.67]:37213 "EHLO mail-yw1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726254AbeIMEKz (ORCPT ); Thu, 13 Sep 2018 00:10:55 -0400 Received: by mail-yw1-f67.google.com with SMTP id x83-v6so404646ywd.4 for ; Wed, 12 Sep 2018 16:04:14 -0700 (PDT) Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com. [209.85.219.181]) by smtp.gmail.com with ESMTPSA id p78-v6sm3199194ywp.31.2018.09.12.16.04.11 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Sep 2018 16:04:11 -0700 (PDT) Received: by mail-yb1-f181.google.com with SMTP id t71-v6so2493817ybi.7 for ; Wed, 12 Sep 2018 16:04:11 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <18c20c50-3ec5-0c85-93ef-58a3dbf3498c@schaufler-ca.com> References: <18c20c50-3ec5-0c85-93ef-58a3dbf3498c@schaufler-ca.com> From: Kees Cook Date: Wed, 12 Sep 2018 16:04:10 -0700 Message-ID: Subject: Re: [PATCH 02/10] Smack: Abstract use of cred security blob To: Casey Schaufler Cc: LSM , James Morris , LKLM , SE Linux , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , "Schaufler, Casey" Content-Type: text/plain; charset="UTF-8" Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Tue, Sep 11, 2018 at 9:41 AM, Casey Schaufler wrote: > Don't use the cred->security pointer directly. > Provide a helper function that provides the security blob pointer. > > Signed-off-by: Casey Schaufler > --- > security/smack/smack.h | 14 +++++++-- > security/smack/smack_access.c | 4 +-- > security/smack/smack_lsm.c | 57 +++++++++++++++++------------------ > security/smack/smackfs.c | 18 +++++------ > 4 files changed, 50 insertions(+), 43 deletions(-) > > diff --git a/security/smack/smack.h b/security/smack/smack.h > index f7db791fb566..0b55d6a55b26 100644 > --- a/security/smack/smack.h > +++ b/security/smack/smack.h > @@ -356,6 +356,11 @@ extern struct list_head smack_onlycap_list; > #define SMACK_HASH_SLOTS 16 > extern struct hlist_head smack_known_hash[SMACK_HASH_SLOTS]; > > +static inline struct task_smack *smack_cred(const struct cred *cred) > +{ > + return cred->security; > +} > + > /* > * Is the directory transmuting? > */ > @@ -382,13 +387,16 @@ static inline struct smack_known *smk_of_task(const struct task_smack *tsp) > return tsp->smk_task; > } > > -static inline struct smack_known *smk_of_task_struct(const struct task_struct *t) > +static inline struct smack_known *smk_of_task_struct( > + const struct task_struct *t) > { > struct smack_known *skp; > + const struct cred *cred; > > rcu_read_lock(); > - skp = smk_of_task(__task_cred(t)->security); > + cred = __task_cred(t); > rcu_read_unlock(); > + skp = smk_of_task(smack_cred(cred)); Hm, why is this safe? (i.e. what is pinning the cred?) I would expect get_cred()/put_cred() since this is not for "current"? And then what controls the skp lifetime? Everything else looks to be mechanical replacement, so that's fine. Did you use some tooling to do the mechanical replacement or was it done by hand? -Kees -- Kees Cook Pixel Security