From ede19ea0c47fb23f3fc779833d1e57cf76f3371e Mon Sep 17 00:00:00 2001
From: Yannick GICQUEL <yannick.gicquel@iot.bzh>
Date: Mon, 19 Oct 2015 15:57:07 +0200
Subject: kernel: smack security backport from kernel 4
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Here is the backport of all patches relating to smack support
on kernel side. For more details, see file:

  meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README

Please note that patches are applied only if "smack" is in the
ditro features. Here are the 2 lines to add in the local.conf

OVERRIDES .= ":smack"
DISTRO_FEATURES_append = " smack"

Change-Id: I147a3532aec531f977d6ec34c576261835711f1e
Signed-off-by: Yannick GICQUEL <yannick.gicquel@iot.bzh>
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 ...attr-Constify-name-member-of-struct-xattr.patch | 239 +++++++++++++++++++++
 1 file changed, 239 insertions(+)
 create mode 100644 meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch

(limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch')

diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch
new file mode 100644
index 0000000..01e1e95
--- /dev/null
+++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0007-xattr-Constify-name-member-of-struct-xattr.patch
@@ -0,0 +1,239 @@
+From fe82cc13962e6dbf81dec4093e7dc947b296a988 Mon Sep 17 00:00:00 2001
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Date: Thu, 25 Jul 2013 05:44:02 +0900
+Subject: [PATCH 07/54] xattr: Constify ->name member of "struct xattr".
+
+Since everybody sets kstrdup()ed constant string to "struct xattr"->name but
+nobody modifies "struct xattr"->name , we can omit kstrdup() and its failure
+checking by constifying ->name member of "struct xattr".
+
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Reviewed-by: Joel Becker <jlbec@evilplan.org> [ocfs2]
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+Acked-by: Casey Schaufler <casey@schaufler-ca.com>
+Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
+Reviewed-by: Paul Moore <paul@paul-moore.com>
+Tested-by: Paul Moore <paul@paul-moore.com>
+Acked-by: Eric Paris <eparis@redhat.com>
+Signed-off-by: James Morris <james.l.morris@oracle.com>
+---
+ fs/ocfs2/xattr.h                    |  2 +-
+ include/linux/security.h            |  8 ++++----
+ include/linux/xattr.h               |  2 +-
+ include/uapi/linux/reiserfs_xattr.h |  2 +-
+ security/capability.c               |  2 +-
+ security/integrity/evm/evm_main.c   |  2 +-
+ security/security.c                 |  8 +++-----
+ security/selinux/hooks.c            | 17 ++++++-----------
+ security/smack/smack_lsm.c          |  9 +++------
+ 9 files changed, 21 insertions(+), 31 deletions(-)
+
+diff --git a/fs/ocfs2/xattr.h b/fs/ocfs2/xattr.h
+index e5c7f15..19f134e 100644
+--- a/fs/ocfs2/xattr.h
++++ b/fs/ocfs2/xattr.h
+@@ -32,7 +32,7 @@ enum ocfs2_xattr_type {
+ 
+ struct ocfs2_security_xattr_info {
+ 	int enable;
+-	char *name;
++	const char *name;
+ 	void *value;
+ 	size_t value_len;
+ };
+diff --git a/include/linux/security.h b/include/linux/security.h
+index 1d8fe3c..0f246d4 100644
+--- a/include/linux/security.h
++++ b/include/linux/security.h
+@@ -1472,7 +1472,7 @@ struct security_operations {
+ 	int (*inode_alloc_security) (struct inode *inode);
+ 	void (*inode_free_security) (struct inode *inode);
+ 	int (*inode_init_security) (struct inode *inode, struct inode *dir,
+-				    const struct qstr *qstr, char **name,
++				    const struct qstr *qstr, const char **name,
+ 				    void **value, size_t *len);
+ 	int (*inode_create) (struct inode *dir,
+ 			     struct dentry *dentry, umode_t mode);
+@@ -1744,7 +1744,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
+ 				 const struct qstr *qstr,
+ 				 initxattrs initxattrs, void *fs_data);
+ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
+-				     const struct qstr *qstr, char **name,
++				     const struct qstr *qstr, const char **name,
+ 				     void **value, size_t *len);
+ int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
+ int security_inode_link(struct dentry *old_dentry, struct inode *dir,
+@@ -2056,8 +2056,8 @@ static inline int security_inode_init_security(struct inode *inode,
+ static inline int security_old_inode_init_security(struct inode *inode,
+ 						   struct inode *dir,
+ 						   const struct qstr *qstr,
+-						   char **name, void **value,
+-						   size_t *len)
++						   const char **name,
++						   void **value, size_t *len)
+ {
+ 	return -EOPNOTSUPP;
+ }
+diff --git a/include/linux/xattr.h b/include/linux/xattr.h
+index fdbafc6..91b0a68 100644
+--- a/include/linux/xattr.h
++++ b/include/linux/xattr.h
+@@ -31,7 +31,7 @@ struct xattr_handler {
+ };
+ 
+ struct xattr {
+-	char *name;
++	const char *name;
+ 	void *value;
+ 	size_t value_len;
+ };
+diff --git a/include/uapi/linux/reiserfs_xattr.h b/include/uapi/linux/reiserfs_xattr.h
+index d8ce17c..38fdd64 100644
+--- a/include/uapi/linux/reiserfs_xattr.h
++++ b/include/uapi/linux/reiserfs_xattr.h
+@@ -16,7 +16,7 @@ struct reiserfs_xattr_header {
+ };
+ 
+ struct reiserfs_security_handle {
+-	char *name;
++	const char *name;
+ 	void *value;
+ 	size_t length;
+ };
+diff --git a/security/capability.c b/security/capability.c
+index 26e0d3d..432e8af 100644
+--- a/security/capability.c
++++ b/security/capability.c
+@@ -119,7 +119,7 @@ static void cap_inode_free_security(struct inode *inode)
+ }
+ 
+ static int cap_inode_init_security(struct inode *inode, struct inode *dir,
+-				   const struct qstr *qstr, char **name,
++				   const struct qstr *qstr, const char **name,
+ 				   void **value, size_t *len)
+ {
+ 	return -EOPNOTSUPP;
+diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
+index cdbde17..2787080 100644
+--- a/security/integrity/evm/evm_main.c
++++ b/security/integrity/evm/evm_main.c
+@@ -405,7 +405,7 @@ int evm_inode_init_security(struct inode *inode,
+ 
+ 	evm_xattr->value = xattr_data;
+ 	evm_xattr->value_len = sizeof(*xattr_data);
+-	evm_xattr->name = kstrdup(XATTR_EVM_SUFFIX, GFP_NOFS);
++	evm_xattr->name = XATTR_EVM_SUFFIX;
+ 	return 0;
+ out:
+ 	kfree(xattr_data);
+diff --git a/security/security.c b/security/security.c
+index bf919ce..7813fd8 100644
+--- a/security/security.c
++++ b/security/security.c
+@@ -335,10 +335,10 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
+ 	if (unlikely(IS_PRIVATE(inode)))
+ 		return 0;
+ 
+-	memset(new_xattrs, 0, sizeof new_xattrs);
+ 	if (!initxattrs)
+ 		return security_ops->inode_init_security(inode, dir, qstr,
+ 							 NULL, NULL, NULL);
++	memset(new_xattrs, 0, sizeof(new_xattrs));
+ 	lsm_xattr = new_xattrs;
+ 	ret = security_ops->inode_init_security(inode, dir, qstr,
+ 						&lsm_xattr->name,
+@@ -353,16 +353,14 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
+ 		goto out;
+ 	ret = initxattrs(inode, new_xattrs, fs_data);
+ out:
+-	for (xattr = new_xattrs; xattr->name != NULL; xattr++) {
+-		kfree(xattr->name);
++	for (xattr = new_xattrs; xattr->value != NULL; xattr++)
+ 		kfree(xattr->value);
+-	}
+ 	return (ret == -EOPNOTSUPP) ? 0 : ret;
+ }
+ EXPORT_SYMBOL(security_inode_init_security);
+ 
+ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
+-				     const struct qstr *qstr, char **name,
++				     const struct qstr *qstr, const char **name,
+ 				     void **value, size_t *len)
+ {
+ 	if (unlikely(IS_PRIVATE(inode)))
+diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
+index d2f4381..0c47e2c 100644
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -2533,7 +2533,8 @@ static void selinux_inode_free_security(struct inode *inode)
+ }
+ 
+ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
+-				       const struct qstr *qstr, char **name,
++				       const struct qstr *qstr,
++				       const char **name,
+ 				       void **value, size_t *len)
+ {
+ 	const struct task_security_struct *tsec = current_security();
+@@ -2541,7 +2542,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
+ 	struct superblock_security_struct *sbsec;
+ 	u32 sid, newsid, clen;
+ 	int rc;
+-	char *namep = NULL, *context;
++	char *context;
+ 
+ 	dsec = dir->i_security;
+ 	sbsec = dir->i_sb->s_security;
+@@ -2577,19 +2578,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
+ 	if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
+ 		return -EOPNOTSUPP;
+ 
+-	if (name) {
+-		namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
+-		if (!namep)
+-			return -ENOMEM;
+-		*name = namep;
+-	}
++	if (name)
++		*name = XATTR_SELINUX_SUFFIX;
+ 
+ 	if (value && len) {
+ 		rc = security_sid_to_context_force(newsid, &context, &clen);
+-		if (rc) {
+-			kfree(namep);
++		if (rc)
+ 			return rc;
+-		}
+ 		*value = context;
+ 		*len = clen;
+ 	}
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index 3f7682a..a113a77 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -582,7 +582,7 @@ static void smack_inode_free_security(struct inode *inode)
+  * Returns 0 if it all works out, -ENOMEM if there's no memory
+  */
+ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
+-				     const struct qstr *qstr, char **name,
++				     const struct qstr *qstr, const char **name,
+ 				     void **value, size_t *len)
+ {
+ 	struct inode_smack *issp = inode->i_security;
+@@ -591,11 +591,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
+ 	char *dsp = smk_of_inode(dir);
+ 	int may;
+ 
+-	if (name) {
+-		*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS);
+-		if (*name == NULL)
+-			return -ENOMEM;
+-	}
++	if (name)
++		*name = XATTR_SMACK_SUFFIX;
+ 
+ 	if (value) {
+ 		rcu_read_lock();
+-- 
+2.1.4
+
-- 
cgit 1.2.3-korg