diff options
Diffstat (limited to 'fs-call-security_d_instantiate-in-d_obtain_alias.patch')
-rw-r--r-- | fs-call-security_d_instantiate-in-d_obtain_alias.patch | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/fs-call-security_d_instantiate-in-d_obtain_alias.patch b/fs-call-security_d_instantiate-in-d_obtain_alias.patch deleted file mode 100644 index 3bce47f5e..000000000 --- a/fs-call-security_d_instantiate-in-d_obtain_alias.patch +++ /dev/null @@ -1,64 +0,0 @@ -From linux-fsdevel-owner@vger.kernel.org Thu Nov 18 21:03:11 2010 -From: Josef Bacik <josef@redhat.com> -To: linux-fsdevel@vger.kernel.org, eparis@redhat.com, - linux-kernel@vger.kernel.org, sds@tycho.nsa.gov, - selinux@tycho.nsa.gov, bfields@fieldses.org -Subject: [PATCH] fs: call security_d_instantiate in d_obtain_alias V2 -Date: Thu, 18 Nov 2010 20:52:55 -0500 -Message-Id: <1290131575-2489-1-git-send-email-josef@redhat.com> -X-Mailing-List: linux-fsdevel@vger.kernel.org - -While trying to track down some NFS problems with BTRFS, I kept noticing I was -getting -EACCESS for no apparent reason. Eric Paris and printk() helped me -figure out that it was SELinux that was giving me grief, with the following -denial - -type=AVC msg=audit(1290013638.413:95): avc: denied { 0x800000 } for pid=1772 -comm="nfsd" name="" dev=sda1 ino=256 scontext=system_u:system_r:kernel_t:s0 -tcontext=system_u:object_r:unlabeled_t:s0 tclass=file - -Turns out this is because in d_obtain_alias if we can't find an alias we create -one and do all the normal instantiation stuff, but we don't do the -security_d_instantiate. - -Usually we are protected from getting a hashed dentry that hasn't yet run -security_d_instantiate() by the parent's i_mutex, but obviously this isn't an -option there, so in order to deal with the case that a second thread comes in -and finds our new dentry before we get to run security_d_instantiate(), we go -ahead and call it if we find a dentry already. Eric assures me that this is ok -as the code checks to see if the dentry has been initialized already so calling -security_d_instantiate() against the same dentry multiple times is ok. With -this patch I'm no longer getting errant -EACCESS values. - -Signed-off-by: Josef Bacik <josef@redhat.com> ---- -V1->V2: --added second security_d_instantiate() call - - fs/dcache.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/fs/dcache.c b/fs/dcache.c -index 5699d4c..85388fc 100644 ---- a/fs/dcache.c -+++ b/fs/dcache.c -@@ -1577,9 +1577,13 @@ struct dentry *d_obtain_alias(struct inode *inode) - spin_unlock(&tmp->d_lock); - spin_unlock(&inode->i_lock); - -+ security_d_instantiate(tmp, inode); -+ - return tmp; - - out_iput: -+ if (res && !IS_ERR(res)) -+ security_d_instantiate(res, inode); - iput(inode); - return res; - } - --- -To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in -the body of a message to majordomo@vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html - |