summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2015-02-22 17:42:14 -0800
committerLinus Torvalds <torvalds@linux-foundation.org>2015-02-22 17:42:14 -0800
commitbe5e6616dd74e17fdd8e16ca015cfef94d49b467 (patch)
treea18826e557f0d6636f1e05a4ec30d584ed981a2b /security
parent90c453ca2214394eec602d98e6cb92d151908493 (diff)
parent0a280962dc6e117e0e4baa668453f753579265d9 (diff)
downloadlinux-be5e6616dd74e17fdd8e16ca015cfef94d49b467.tar.gz
Merge branch 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull more vfs updates from Al Viro: "Assorted stuff from this cycle. The big ones here are multilayer overlayfs from Miklos and beginning of sorting ->d_inode accesses out from David" * 'for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (51 commits) autofs4 copy_dev_ioctl(): keep the value of ->size we'd used for allocation procfs: fix race between symlink removals and traversals debugfs: leave freeing a symlink body until inode eviction Documentation/filesystems/Locking: ->get_sb() is long gone trylock_super(): replacement for grab_super_passive() fanotify: Fix up scripted S_ISDIR/S_ISREG/S_ISLNK conversions Cachefiles: Fix up scripted S_ISDIR/S_ISREG/S_ISLNK conversions VFS: (Scripted) Convert S_ISLNK/DIR/REG(dentry->d_inode) to d_is_*(dentry) SELinux: Use d_is_positive() rather than testing dentry->d_inode Smack: Use d_is_positive() rather than testing dentry->d_inode TOMOYO: Use d_is_dir() rather than d_inode and S_ISDIR() Apparmor: Use d_is_positive/negative() rather than testing dentry->d_inode Apparmor: mediated_filesystem() should use dentry->d_sb not inode->i_sb VFS: Split DCACHE_FILE_TYPE into regular and special types VFS: Add a fallthrough flag for marking virtual dentries VFS: Add a whiteout dentry type VFS: Introduce inode-getting helpers for layered/unioned fs environments Infiniband: Fix potential NULL d_inode dereference posix_acl: fix reference leaks in posix_acl_create autofs4: Wrong format for printing dentry ...
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/include/apparmor.h4
-rw-r--r--security/apparmor/lsm.c20
-rw-r--r--security/apparmor/path.c2
-rw-r--r--security/inode.c2
-rw-r--r--security/selinux/hooks.c8
-rw-r--r--security/smack/smack_lsm.c4
-rw-r--r--security/tomoyo/file.c4
7 files changed, 21 insertions, 23 deletions
diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h
index 97130f88838b..e4ea62663866 100644
--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -112,9 +112,9 @@ static inline unsigned int aa_dfa_null_transition(struct aa_dfa *dfa,
return aa_dfa_next(dfa, start, 0);
}
-static inline bool mediated_filesystem(struct inode *inode)
+static inline bool mediated_filesystem(struct dentry *dentry)
{
- return !(inode->i_sb->s_flags & MS_NOUSER);
+ return !(dentry->d_sb->s_flags & MS_NOUSER);
}
#endif /* __APPARMOR_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 65ca451a764d..107db88b1d5f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -226,7 +226,7 @@ static int common_perm_rm(int op, struct path *dir,
struct inode *inode = dentry->d_inode;
struct path_cond cond = { };
- if (!inode || !dir->mnt || !mediated_filesystem(inode))
+ if (!inode || !dir->mnt || !mediated_filesystem(dentry))
return 0;
cond.uid = inode->i_uid;
@@ -250,7 +250,7 @@ static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
{
struct path_cond cond = { current_fsuid(), mode };
- if (!dir->mnt || !mediated_filesystem(dir->dentry->d_inode))
+ if (!dir->mnt || !mediated_filesystem(dir->dentry))
return 0;
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
@@ -285,7 +285,7 @@ static int apparmor_path_truncate(struct path *path)
path->dentry->d_inode->i_mode
};
- if (!path->mnt || !mediated_filesystem(path->dentry->d_inode))
+ if (!path->mnt || !mediated_filesystem(path->dentry))
return 0;
return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
@@ -305,7 +305,7 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
struct aa_profile *profile;
int error = 0;
- if (!mediated_filesystem(old_dentry->d_inode))
+ if (!mediated_filesystem(old_dentry))
return 0;
profile = aa_current_profile();
@@ -320,7 +320,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct aa_profile *profile;
int error = 0;
- if (!mediated_filesystem(old_dentry->d_inode))
+ if (!mediated_filesystem(old_dentry))
return 0;
profile = aa_current_profile();
@@ -346,7 +346,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
static int apparmor_path_chmod(struct path *path, umode_t mode)
{
- if (!mediated_filesystem(path->dentry->d_inode))
+ if (!mediated_filesystem(path->dentry))
return 0;
return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
@@ -358,7 +358,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
path->dentry->d_inode->i_mode
};
- if (!mediated_filesystem(path->dentry->d_inode))
+ if (!mediated_filesystem(path->dentry))
return 0;
return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
@@ -366,7 +366,7 @@ static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
static int apparmor_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
{
- if (!mediated_filesystem(dentry->d_inode))
+ if (!mediated_filesystem(dentry))
return 0;
return common_perm_mnt_dentry(OP_GETATTR, mnt, dentry,
@@ -379,7 +379,7 @@ static int apparmor_file_open(struct file *file, const struct cred *cred)
struct aa_profile *profile;
int error = 0;
- if (!mediated_filesystem(file_inode(file)))
+ if (!mediated_filesystem(file->f_path.dentry))
return 0;
/* If in exec, permission is handled by bprm hooks.
@@ -432,7 +432,7 @@ static int common_file_perm(int op, struct file *file, u32 mask)
BUG_ON(!fprofile);
if (!file->f_path.mnt ||
- !mediated_filesystem(file_inode(file)))
+ !mediated_filesystem(file->f_path.dentry))
return 0;
profile = __aa_current_profile();
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 35b394a75d76..71e0e3a15b9d 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -114,7 +114,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen,
* security_path hooks as a deleted dentry except without an inode
* allocated.
*/
- if (d_unlinked(path->dentry) && path->dentry->d_inode &&
+ if (d_unlinked(path->dentry) && d_is_positive(path->dentry) &&
!(flags & PATH_MEDIATE_DELETED)) {
error = -ENOENT;
goto out;
diff --git a/security/inode.c b/security/inode.c
index 8e7ca62078ab..131a3c49f766 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -203,7 +203,7 @@ void securityfs_remove(struct dentry *dentry)
mutex_lock(&parent->d_inode->i_mutex);
if (positive(dentry)) {
if (dentry->d_inode) {
- if (S_ISDIR(dentry->d_inode->i_mode))
+ if (d_is_dir(dentry))
simple_rmdir(parent->d_inode, dentry);
else
simple_unlink(parent->d_inode, dentry);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 29c39e0b03ed..4d1a54190388 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1799,7 +1799,7 @@ static inline int may_rename(struct inode *old_dir,
old_dsec = old_dir->i_security;
old_isec = old_dentry->d_inode->i_security;
- old_is_dir = S_ISDIR(old_dentry->d_inode->i_mode);
+ old_is_dir = d_is_dir(old_dentry);
new_dsec = new_dir->i_security;
ad.type = LSM_AUDIT_DATA_DENTRY;
@@ -1822,14 +1822,14 @@ static inline int may_rename(struct inode *old_dir,
ad.u.dentry = new_dentry;
av = DIR__ADD_NAME | DIR__SEARCH;
- if (new_dentry->d_inode)
+ if (d_is_positive(new_dentry))
av |= DIR__REMOVE_NAME;
rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
if (rc)
return rc;
- if (new_dentry->d_inode) {
+ if (d_is_positive(new_dentry)) {
new_isec = new_dentry->d_inode->i_security;
- new_is_dir = S_ISDIR(new_dentry->d_inode->i_mode);
+ new_is_dir = d_is_dir(new_dentry);
rc = avc_has_perm(sid, new_isec->sid,
new_isec->sclass,
(new_is_dir ? DIR__RMDIR : FILE__UNLINK), &ad);
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index ed94f6f836e7..c934311812f1 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -855,7 +855,7 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
rc = smk_curacc(isp, MAY_WRITE, &ad);
rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc);
- if (rc == 0 && new_dentry->d_inode != NULL) {
+ if (rc == 0 && d_is_positive(new_dentry)) {
isp = smk_of_inode(new_dentry->d_inode);
smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
rc = smk_curacc(isp, MAY_WRITE, &ad);
@@ -961,7 +961,7 @@ static int smack_inode_rename(struct inode *old_inode,
rc = smk_curacc(isp, MAY_READWRITE, &ad);
rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc);
- if (rc == 0 && new_dentry->d_inode != NULL) {
+ if (rc == 0 && d_is_positive(new_dentry)) {
isp = smk_of_inode(new_dentry->d_inode);
smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
rc = smk_curacc(isp, MAY_READWRITE, &ad);
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 400390790745..c151a1869597 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -905,11 +905,9 @@ int tomoyo_path2_perm(const u8 operation, struct path *path1,
!tomoyo_get_realpath(&buf2, path2))
goto out;
switch (operation) {
- struct dentry *dentry;
case TOMOYO_TYPE_RENAME:
case TOMOYO_TYPE_LINK:
- dentry = path1->dentry;
- if (!dentry->d_inode || !S_ISDIR(dentry->d_inode->i_mode))
+ if (!d_is_dir(path1->dentry))
break;
/* fall through */
case TOMOYO_TYPE_PIVOT_ROOT: