• NeilBrown's avatar
    security: make inode_follow_link RCU-walk aware · bda0be7a
    NeilBrown authored
    inode_follow_link now takes an inode and rcu flag as well as the
    dentry.
    
    inode is used in preference to d_backing_inode(dentry), particularly
    in RCU-walk mode.
    
    selinux_inode_follow_link() gets dentry_has_perm() and
    inode_has_perm() open-coded into it so that it can call
    avc_has_perm_flags() in way that is safe if LOOKUP_RCU is set.
    
    Calling avc_has_perm_flags() with rcu_read_lock() held means
    that when avc_has_perm_noaudit calls avc_compute_av(), the attempt
    to rcu_read_unlock() before calling security_compute_av() will not
    actually drop the RCU read-lock.
    
    However as security_compute_av() is completely in a read_lock()ed
    region, it should be safe with the RCU read-lock held.
    Signed-off-by: default avatarNeilBrown <neilb@suse.de>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    bda0be7a
Name
Last commit
Last update
..
apparmor Loading commit data...
integrity Loading commit data...
keys Loading commit data...
selinux Loading commit data...
smack Loading commit data...
tomoyo Loading commit data...
yama Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
capability.c Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
lsm_audit.c Loading commit data...
min_addr.c Loading commit data...
security.c Loading commit data...