mirror of
https://github.com/torvalds/linux.git
synced 2024-11-22 12:11:40 +00:00
selinux/stable-4.18 PR 20180629
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAls2gk0UHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQVeRaWujKfIqEvRAAgjtXjU7cN9Vj7GZpwgSjJKyXSruR RDM19CRDKIo27UoxaqD92hFnmDreoysdzLi9cunDxshsUbGdHeyXvaOkY2apqpkn msPIKO3pmoiq0Umze1/smgl6g0ruPxc+ZSslfuHLUjephogfuDGKgfTeLN60z6up KaiVPoaSni+DZSsiFOkzUHwQFfhTRqONBx/tfPo2H1K0bP2dy9YuOCdvpZEqpc7P 8tx/uF3pYrUBuq9ufEgWt2VC0fU1uZJEI21BQqKcrXLYlmVr73pWYLXnV1NWck0A rY5DABxbDf1sXCAIhYRJJDiM51uPltmFfntGF3sS1OKYOgyxIxf51xwgl9dXsGOA jOFFwUuXeHJpWICTm1PQCdpA/mzLVgrPzt8ULPE6zYnP+LbBId6RSrPz6Irhswal /wiq1mlhdAdeBf2r/tY3VXUy8dMNLjfeHLD3scx07hfFuswXCPTC6xwlyiKPsgKD 1hGCQazZZTNAcMVI4A00SpPZVGx1yU/Yu/+8vMKyV5BmT55TPcQElcQy+ZZxuX1a 711B9U7P6w7k8UwL+hVSncgwCLI1vb4MKnmrGZRH9wXiUdaKcgivaDDoeoLTtqBF dcIP84OtigAHbJHxWXoTmuRX9KGmtgF5sUBgFv2kg8R8EgnmVKaWJxyyttRg4awo RZXmTh2eC3p3IGw= =fzCd -----END PGP SIGNATURE----- Merge tag 'selinux-pr-20180629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux fix from Paul Moore: "One fairly straightforward patch to fix a longstanding issue where a process could stall while accessing files in selinuxfs and block everyone else due to a held mutex. The patch passes all our tests and looks to apply cleanly to your current tree" * tag 'selinux-pr-20180629' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: move user accesses in selinuxfs out of locked regions
This commit is contained in:
Linus Torvalds
commit
34a484d58c
@ -441,22 +441,16 @@ static int sel_release_policy(struct inode *inode, struct file *filp)
|
||||
static ssize_t sel_read_policy(struct file *filp, char __user *buf,
|
||||
size_t count, loff_t *ppos)
|
||||
{
|
||||
struct selinux_fs_info *fsi = file_inode(filp)->i_sb->s_fs_info;
|
||||
struct policy_load_memory *plm = filp->private_data;
|
||||
int ret;
|
||||
|
||||
mutex_lock(&fsi->mutex);
|
||||
|
||||
ret = avc_has_perm(&selinux_state,
|
||||
current_sid(), SECINITSID_SECURITY,
|
||||
SECCLASS_SECURITY, SECURITY__READ_POLICY, NULL);
|
||||
if (ret)
|
||||
goto out;
|
||||
return ret;
|
||||
|
||||
ret = simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
|
||||
out:
|
||||
mutex_unlock(&fsi->mutex);
|
||||
return ret;
|
||||
return simple_read_from_buffer(buf, count, ppos, plm->data, plm->len);
|
||||
}
|
||||
|
||||
static vm_fault_t sel_mmap_policy_fault(struct vm_fault *vmf)
|
||||
@ -1188,25 +1182,29 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf,
|
||||
ret = -EINVAL;
|
||||
if (index >= fsi->bool_num || strcmp(name,
|
||||
fsi->bool_pending_names[index]))
|
||||
goto out;
|
||||
goto out_unlock;
|
||||
|
||||
ret = -ENOMEM;
|
||||
page = (char *)get_zeroed_page(GFP_KERNEL);
|
||||
if (!page)
|
||||
goto out;
|
||||
goto out_unlock;
|
||||
|
||||
cur_enforcing = security_get_bool_value(fsi->state, index);
|
||||
if (cur_enforcing < 0) {
|
||||
ret = cur_enforcing;
|
||||
goto out;
|
||||
goto out_unlock;
|
||||
}
|
||||
length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing,
|
||||
fsi->bool_pending_values[index]);
|
||||
ret = simple_read_from_buffer(buf, count, ppos, page, length);
|
||||
out:
|
||||
mutex_unlock(&fsi->mutex);
|
||||
ret = simple_read_from_buffer(buf, count, ppos, page, length);
|
||||
out_free:
|
||||
free_page((unsigned long)page);
|
||||
return ret;
|
||||
|
||||
out_unlock:
|
||||
mutex_unlock(&fsi->mutex);
|
||||
goto out_free;
|
||||
}
|
||||
|
||||
static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
|
||||
@ -1219,6 +1217,17 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
|
||||
unsigned index = file_inode(filep)->i_ino & SEL_INO_MASK;
|
||||
const char *name = filep->f_path.dentry->d_name.name;
|
||||
|
||||
if (count >= PAGE_SIZE)
|
||||
return -ENOMEM;
|
||||
|
||||
/* No partial writes. */
|
||||
if (*ppos != 0)
|
||||
return -EINVAL;
|
||||
|
||||
page = memdup_user_nul(buf, count);
|
||||
if (IS_ERR(page))
|
||||
return PTR_ERR(page);
|
||||
|
||||
mutex_lock(&fsi->mutex);
|
||||
|
||||
length = avc_has_perm(&selinux_state,
|
||||
@ -1233,22 +1242,6 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
|
||||
fsi->bool_pending_names[index]))
|
||||
goto out;
|
||||
|
||||
length = -ENOMEM;
|
||||
if (count >= PAGE_SIZE)
|
||||
goto out;
|
||||
|
||||
/* No partial writes. */
|
||||
length = -EINVAL;
|
||||
if (*ppos != 0)
|
||||
goto out;
|
||||
|
||||
page = memdup_user_nul(buf, count);
|
||||
if (IS_ERR(page)) {
|
||||
length = PTR_ERR(page);
|
||||
page = NULL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
length = -EINVAL;
|
||||
if (sscanf(page, "%d", &new_value) != 1)
|
||||
goto out;
|
||||
@ -1280,6 +1273,17 @@ static ssize_t sel_commit_bools_write(struct file *filep,
|
||||
ssize_t length;
|
||||
int new_value;
|
||||
|
||||
if (count >= PAGE_SIZE)
|
||||
return -ENOMEM;
|
||||
|
||||
/* No partial writes. */
|
||||
if (*ppos != 0)
|
||||
return -EINVAL;
|
||||
|
||||
page = memdup_user_nul(buf, count);
|
||||
if (IS_ERR(page))
|
||||
return PTR_ERR(page);
|
||||
|
||||
mutex_lock(&fsi->mutex);
|
||||
|
||||
length = avc_has_perm(&selinux_state,
|
||||
@ -1289,22 +1293,6 @@ static ssize_t sel_commit_bools_write(struct file *filep,
|
||||
if (length)
|
||||
goto out;
|
||||
|
||||
length = -ENOMEM;
|
||||
if (count >= PAGE_SIZE)
|
||||
goto out;
|
||||
|
||||
/* No partial writes. */
|
||||
length = -EINVAL;
|
||||
if (*ppos != 0)
|
||||
goto out;
|
||||
|
||||
page = memdup_user_nul(buf, count);
|
||||
if (IS_ERR(page)) {
|
||||
length = PTR_ERR(page);
|
||||
page = NULL;
|
||||
goto out;
|
||||
}
|
||||
|
||||
length = -EINVAL;
|
||||
if (sscanf(page, "%d", &new_value) != 1)
|
||||
goto out;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user