From: Stephen Smalley <sds@tycho.nsa.gov>
To: selinux@vger.kernel.org
Cc: paul@paul-moore.com, will@kernel.org, viro@zeniv.linux.org.uk,
neilb@suse.de, linux-fsdevel@vger.kernel.org,
Stephen Smalley <sds@tycho.nsa.gov>
Subject: [RFC PATCH 2/2] selinux: fall back to ref-walk upon LSM_AUDIT_DATA_DENTRY too
Date: Thu, 21 Nov 2019 09:52:45 -0500 [thread overview]
Message-ID: <20191121145245.8637-2-sds@tycho.nsa.gov> (raw)
In-Reply-To: <20191121145245.8637-1-sds@tycho.nsa.gov>
commit bda0be7ad994 ("security: make inode_follow_link RCU-walk aware")
passed down the rcu flag to the SELinux AVC, but failed to adjust the
test in slow_avc_audit() to also return -ECHILD on LSM_AUDIT_DATA_DENTRY.
Previously, we only returned -ECHILD if generating an audit record with
LSM_AUDIT_DATA_INODE since this was only relevant from inode_permission.
Return -ECHILD on either LSM_AUDIT_DATA_INODE or LSM_AUDIT_DATA_DENTRY.
LSM_AUDIT_DATA_INODE only requires this handling due to the fact
that dump_common_audit_data() calls d_find_alias() and collects the
dname from the result if any.
Other cases that might require similar treatment in the future are
LSM_AUDIT_DATA_PATH and LSM_AUDIT_DATA_FILE if any hook that takes
a path or file is called under RCU-walk.
Fixes: bda0be7ad994 ("security: make inode_follow_link RCU-walk aware")
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
security/selinux/avc.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 74c43ebe34bb..f1fa1072230c 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -779,7 +779,8 @@ noinline int slow_avc_audit(struct selinux_state *state,
* during retry. However this is logically just as if the operation
* happened a little later.
*/
- if ((a->type == LSM_AUDIT_DATA_INODE) &&
+ if ((a->type == LSM_AUDIT_DATA_INODE ||
+ a->type == LSM_AUDIT_DATA_DENTRY) &&
(flags & MAY_NOT_BLOCK))
return -ECHILD;
--
2.23.0
next prev parent reply other threads:[~2019-11-21 15:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-21 14:52 [RFC PATCH 1/2] selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" Stephen Smalley
2019-11-21 14:52 ` Stephen Smalley [this message]
2019-11-22 0:12 ` [RFC PATCH 2/2] selinux: fall back to ref-walk upon LSM_AUDIT_DATA_DENTRY too Paul Moore
2019-11-22 0:30 ` Paul Moore
2019-11-22 13:37 ` Stephen Smalley
2019-11-22 13:50 ` Stephen Smalley
2019-11-22 14:49 ` Paul Moore
2019-11-22 15:09 ` Stephen Smalley
2019-11-22 17:04 ` Stephen Smalley
2019-11-22 16:11 ` Al Viro
2019-11-22 16:27 ` Stephen Smalley
2019-12-05 14:20 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191121145245.8637-2-sds@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=linux-fsdevel@vger.kernel.org \
--cc=neilb@suse.de \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.