diff options
author | Yannick GICQUEL <yannick.gicquel@iot.bzh> | 2015-10-19 15:57:07 +0200 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.200> | 2015-11-06 15:23:36 +0000 |
commit | ede19ea0c47fb23f3fc779833d1e57cf76f3371e (patch) | |
tree | 47d6fae2283c54def1871aaf2a73828ac68b1b34 /meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch | |
parent | 1cd8ab18abca96e4ee108f80225058d875b28347 (diff) |
kernel: smack security backport from kernel 4
Here is the backport of all patches relating to smack support
on kernel side. For more details, see file:
meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README
Please note that patches are applied only if "smack" is in the
ditro features. Here are the 2 lines to add in the local.conf
OVERRIDES .= ":smack"
DISTRO_FEATURES_append = " smack"
Change-Id: I147a3532aec531f977d6ec34c576261835711f1e
Signed-off-by: Yannick GICQUEL <yannick.gicquel@iot.bzh>
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch')
-rw-r--r-- | meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch new file mode 100644 index 0000000..01e1e95 --- /dev/null +++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch @@ -0,0 +1,239 @@ +From fe82cc13962e6dbf81dec4093e7dc947b296a988 Mon Sep 17 00:00:00 2001 +From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> +Date: Thu, 25 Jul 2013 05:44:02 +0900 +Subject: [PATCH 07/54] xattr: Constify ->name member of "struct xattr". + +Since everybody sets kstrdup()ed constant string to "struct xattr"->name but +nobody modifies "struct xattr"->name , we can omit kstrdup() and its failure +checking by constifying ->name member of "struct xattr". + +Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> +Reviewed-by: Joel Becker <jlbec@evilplan.org> [ocfs2] +Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> +Acked-by: Casey Schaufler <casey@schaufler-ca.com> +Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> +Reviewed-by: Paul Moore <paul@paul-moore.com> +Tested-by: Paul Moore <paul@paul-moore.com> +Acked-by: Eric Paris <eparis@redhat.com> +Signed-off-by: James Morris <james.l.morris@oracle.com> +--- + fs/ocfs2/xattr.h | 2 +- + include/linux/security.h | 8 ++++---- + include/linux/xattr.h | 2 +- + include/uapi/linux/reiserfs_xattr.h | 2 +- + security/capability.c | 2 +- + security/integrity/evm/evm_main.c | 2 +- + security/security.c | 8 +++----- + security/selinux/hooks.c | 17 ++++++----------- + security/smack/smack_lsm.c | 9 +++------ + 9 files changed, 21 insertions(+), 31 deletions(-) + +diff --git a/fs/ocfs2/xattr.h b/fs/ocfs2/xattr.h +index e5c7f15..19f134e 100644 +--- a/fs/ocfs2/xattr.h ++++ b/fs/ocfs2/xattr.h +@@ -32,7 +32,7 @@ enum ocfs2_xattr_type { + + struct ocfs2_security_xattr_info { + int enable; +- char *name; ++ const char *name; + void *value; + size_t value_len; + }; +diff --git a/include/linux/security.h b/include/linux/security.h +index 1d8fe3c..0f246d4 100644 +--- a/include/linux/security.h ++++ b/include/linux/security.h +@@ -1472,7 +1472,7 @@ struct security_operations { + int (*inode_alloc_security) (struct inode *inode); + void (*inode_free_security) (struct inode *inode); + int (*inode_init_security) (struct inode *inode, struct inode *dir, +- const struct qstr *qstr, char **name, ++ const struct qstr *qstr, const char **name, + void **value, size_t *len); + int (*inode_create) (struct inode *dir, + struct dentry *dentry, umode_t mode); +@@ -1744,7 +1744,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, + const struct qstr *qstr, + initxattrs initxattrs, void *fs_data); + int security_old_inode_init_security(struct inode *inode, struct inode *dir, +- const struct qstr *qstr, char **name, ++ const struct qstr *qstr, const char **name, + void **value, size_t *len); + int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); + int security_inode_link(struct dentry *old_dentry, struct inode *dir, +@@ -2056,8 +2056,8 @@ static inline int security_inode_init_security(struct inode *inode, + static inline int security_old_inode_init_security(struct inode *inode, + struct inode *dir, + const struct qstr *qstr, +- char **name, void **value, +- size_t *len) ++ const char **name, ++ void **value, size_t *len) + { + return -EOPNOTSUPP; + } +diff --git a/include/linux/xattr.h b/include/linux/xattr.h +index fdbafc6..91b0a68 100644 +--- a/include/linux/xattr.h ++++ b/include/linux/xattr.h +@@ -31,7 +31,7 @@ struct xattr_handler { + }; + + struct xattr { +- char *name; ++ const char *name; + void *value; + size_t value_len; + }; +diff --git a/include/uapi/linux/reiserfs_xattr.h b/include/uapi/linux/reiserfs_xattr.h +index d8ce17c..38fdd64 100644 +--- a/include/uapi/linux/reiserfs_xattr.h ++++ b/include/uapi/linux/reiserfs_xattr.h +@@ -16,7 +16,7 @@ struct reiserfs_xattr_header { + }; + + struct reiserfs_security_handle { +- char *name; ++ const char *name; + void *value; + size_t length; + }; +diff --git a/security/capability.c b/security/capability.c +index 26e0d3d..432e8af 100644 +--- a/security/capability.c ++++ b/security/capability.c +@@ -119,7 +119,7 @@ static void cap_inode_free_security(struct inode *inode) + } + + static int cap_inode_init_security(struct inode *inode, struct inode *dir, +- const struct qstr *qstr, char **name, ++ const struct qstr *qstr, const char **name, + void **value, size_t *len) + { + return -EOPNOTSUPP; +diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c +index cdbde17..2787080 100644 +--- a/security/integrity/evm/evm_main.c ++++ b/security/integrity/evm/evm_main.c +@@ -405,7 +405,7 @@ int evm_inode_init_security(struct inode *inode, + + evm_xattr->value = xattr_data; + evm_xattr->value_len = sizeof(*xattr_data); +- evm_xattr->name = kstrdup(XATTR_EVM_SUFFIX, GFP_NOFS); ++ evm_xattr->name = XATTR_EVM_SUFFIX; + return 0; + out: + kfree(xattr_data); +diff --git a/security/security.c b/security/security.c +index bf919ce..7813fd8 100644 +--- a/security/security.c ++++ b/security/security.c +@@ -335,10 +335,10 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, + if (unlikely(IS_PRIVATE(inode))) + return 0; + +- memset(new_xattrs, 0, sizeof new_xattrs); + if (!initxattrs) + return security_ops->inode_init_security(inode, dir, qstr, + NULL, NULL, NULL); ++ memset(new_xattrs, 0, sizeof(new_xattrs)); + lsm_xattr = new_xattrs; + ret = security_ops->inode_init_security(inode, dir, qstr, + &lsm_xattr->name, +@@ -353,16 +353,14 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, + goto out; + ret = initxattrs(inode, new_xattrs, fs_data); + out: +- for (xattr = new_xattrs; xattr->name != NULL; xattr++) { +- kfree(xattr->name); ++ for (xattr = new_xattrs; xattr->value != NULL; xattr++) + kfree(xattr->value); +- } + return (ret == -EOPNOTSUPP) ? 0 : ret; + } + EXPORT_SYMBOL(security_inode_init_security); + + int security_old_inode_init_security(struct inode *inode, struct inode *dir, +- const struct qstr *qstr, char **name, ++ const struct qstr *qstr, const char **name, + void **value, size_t *len) + { + if (unlikely(IS_PRIVATE(inode))) +diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c +index d2f4381..0c47e2c 100644 +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -2533,7 +2533,8 @@ static void selinux_inode_free_security(struct inode *inode) + } + + static int selinux_inode_init_security(struct inode *inode, struct inode *dir, +- const struct qstr *qstr, char **name, ++ const struct qstr *qstr, ++ const char **name, + void **value, size_t *len) + { + const struct task_security_struct *tsec = current_security(); +@@ -2541,7 +2542,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, + struct superblock_security_struct *sbsec; + u32 sid, newsid, clen; + int rc; +- char *namep = NULL, *context; ++ char *context; + + dsec = dir->i_security; + sbsec = dir->i_sb->s_security; +@@ -2577,19 +2578,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, + if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) + return -EOPNOTSUPP; + +- if (name) { +- namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); +- if (!namep) +- return -ENOMEM; +- *name = namep; +- } ++ if (name) ++ *name = XATTR_SELINUX_SUFFIX; + + if (value && len) { + rc = security_sid_to_context_force(newsid, &context, &clen); +- if (rc) { +- kfree(namep); ++ if (rc) + return rc; +- } + *value = context; + *len = clen; + } +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index 3f7682a..a113a77 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -582,7 +582,7 @@ static void smack_inode_free_security(struct inode *inode) + * Returns 0 if it all works out, -ENOMEM if there's no memory + */ + static int smack_inode_init_security(struct inode *inode, struct inode *dir, +- const struct qstr *qstr, char **name, ++ const struct qstr *qstr, const char **name, + void **value, size_t *len) + { + struct inode_smack *issp = inode->i_security; +@@ -591,11 +591,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, + char *dsp = smk_of_inode(dir); + int may; + +- if (name) { +- *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS); +- if (*name == NULL) +- return -ENOMEM; +- } ++ if (name) ++ *name = XATTR_SMACK_SUFFIX; + + if (value) { + rcu_read_lock(); +-- +2.1.4 + |