diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Makefile | 3 | ||||
| -rw-r--r-- | security/inode.c | 4 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 16 | ||||
| -rw-r--r-- | security/keys/keyring.c | 18 | ||||
| -rw-r--r-- | security/keys/process_keys.c | 6 | ||||
| -rw-r--r-- | security/keys/request_key.c | 9 | ||||
| -rw-r--r-- | security/min_addr.c | 3 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 | ||||
| -rw-r--r-- | security/selinux/ss/ebitmap.c | 2 |
9 files changed, 44 insertions, 19 deletions
diff --git a/security/Makefile b/security/Makefile index 95ecc06392d7..510bbc80b9b4 100644 --- a/security/Makefile +++ b/security/Makefile @@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo # always enable default capabilities -obj-y += commoncap.o min_addr.o +obj-y += commoncap.o +obj-$(CONFIG_MMU) += min_addr.o # Object file lists obj-$(CONFIG_SECURITY) += security.o capability.o diff --git a/security/inode.c b/security/inode.c index f7496c6a022b..3d78d69a629b 100644 --- a/security/inode.c +++ b/security/inode.c @@ -168,13 +168,13 @@ static int create_by_name(const char *name, mode_t mode, mutex_lock(&parent->d_inode->i_mutex); *dentry = lookup_one_len(name, parent, strlen(name)); - if (!IS_ERR(dentry)) { + if (!IS_ERR(*dentry)) { if ((mode & S_IFMT) == S_IFDIR) error = mkdir(parent->d_inode, *dentry, mode); else error = create(parent->d_inode, *dentry, mode); } else - error = PTR_ERR(dentry); + error = PTR_ERR(*dentry); mutex_unlock(&parent->d_inode->i_mutex); return error; diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 06ec722897be..b0bd910b1de7 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid, */ long keyctl_session_to_parent(void) { +#ifdef TIF_NOTIFY_RESUME struct task_struct *me, *parent; const struct cred *mycred, *pcred; struct cred *cred, *oldcred; @@ -1258,6 +1259,7 @@ long keyctl_session_to_parent(void) keyring_r = NULL; me = current; + rcu_read_lock(); write_lock_irq(&tasklist_lock); parent = me->real_parent; @@ -1290,7 +1292,8 @@ long keyctl_session_to_parent(void) goto not_permitted; /* the keyrings must have the same UID */ - if (pcred ->tgcred->session_keyring->uid != mycred->euid || + if ((pcred->tgcred->session_keyring && + pcred->tgcred->session_keyring->uid != mycred->euid) || mycred->tgcred->session_keyring->uid != mycred->euid) goto not_permitted; @@ -1312,6 +1315,7 @@ long keyctl_session_to_parent(void) set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME); write_unlock_irq(&tasklist_lock); + rcu_read_unlock(); if (oldcred) put_cred(oldcred); return 0; @@ -1320,12 +1324,22 @@ already_same: ret = 0; not_permitted: write_unlock_irq(&tasklist_lock); + rcu_read_unlock(); put_cred(cred); return ret; error_keyring: key_ref_put(keyring_r); return ret; + +#else /* !TIF_NOTIFY_RESUME */ + /* + * To be removed when TIF_NOTIFY_RESUME has been implemented on + * m68k/xtensa + */ +#warning TIF_NOTIFY_RESUME not implemented + return -EOPNOTSUPP; +#endif /* !TIF_NOTIFY_RESUME */ } /*****************************************************************************/ diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 8ec02746ca99..e031952a49e1 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -524,9 +524,8 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check) struct key *keyring; int bucket; - keyring = ERR_PTR(-EINVAL); if (!name) - goto error; + return ERR_PTR(-EINVAL); bucket = keyring_hash(name); @@ -553,17 +552,18 @@ struct key *find_keyring_by_name(const char *name, bool skip_perm_check) KEY_SEARCH) < 0) continue; - /* we've got a match */ - atomic_inc(&keyring->usage); - read_unlock(&keyring_name_lock); - goto error; + /* we've got a match but we might end up racing with + * key_cleanup() if the keyring is currently 'dead' + * (ie. it has a zero usage count) */ + if (!atomic_inc_not_zero(&keyring->usage)) + continue; + goto out; } } - read_unlock(&keyring_name_lock); keyring = ERR_PTR(-ENOKEY); - - error: +out: + read_unlock(&keyring_name_lock); return keyring; } /* end find_keyring_by_name() */ diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 5c23afb31ece..931cfda6e1f9 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -509,7 +509,7 @@ try_again: ret = install_thread_keyring(); if (ret < 0) { - key = ERR_PTR(ret); + key_ref = ERR_PTR(ret); goto error; } goto reget_creds; @@ -527,7 +527,7 @@ try_again: ret = install_process_keyring(); if (ret < 0) { - key = ERR_PTR(ret); + key_ref = ERR_PTR(ret); goto error; } goto reget_creds; @@ -586,7 +586,7 @@ try_again: case KEY_SPEC_GROUP_KEYRING: /* group keyrings are not yet supported */ - key = ERR_PTR(-EINVAL); + key_ref = ERR_PTR(-EINVAL); goto error; case KEY_SPEC_REQKEY_AUTH_KEY: diff --git a/security/keys/request_key.c b/security/keys/request_key.c index 03fe63ed55bd..9ac7bfd3bbdd 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c @@ -336,8 +336,10 @@ static int construct_alloc_key(struct key_type *type, key_already_present: mutex_unlock(&key_construction_mutex); - if (dest_keyring) + if (dest_keyring) { + __key_link(dest_keyring, key_ref_to_ptr(key_ref)); up_write(&dest_keyring->sem); + } mutex_unlock(&user->cons_lock); key_put(key); *_key = key = key_ref_to_ptr(key_ref); @@ -428,6 +430,11 @@ struct key *request_key_and_link(struct key_type *type, if (!IS_ERR(key_ref)) { key = key_ref_to_ptr(key_ref); + if (dest_keyring) { + construct_get_dest_keyring(&dest_keyring); + key_link(dest_keyring, key); + key_put(dest_keyring); + } } else if (PTR_ERR(key_ref) != -EAGAIN) { key = ERR_CAST(key_ref); } else { diff --git a/security/min_addr.c b/security/min_addr.c index c844eed7915d..d9f94258c108 100644 --- a/security/min_addr.c +++ b/security/min_addr.c @@ -33,6 +33,9 @@ int mmap_min_addr_handler(struct ctl_table *table, int write, { int ret; + if (write && !capable(CAP_SYS_RAWIO)) + return -EPERM; + ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos); update_mmap_min_addr(); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index bb230d5d7085..36d9e25688f8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2366,7 +2366,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) initrlim = init_task.signal->rlim + i; rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); } - update_rlimit_cpu(rlim->rlim_cur); + update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur); } } diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 68c7348d1acc..04b6145d767f 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -128,7 +128,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap, cmap_idx = delta / NETLBL_CATMAP_MAPSIZE; cmap_sft = delta % NETLBL_CATMAP_MAPSIZE; c_iter->bitmap[cmap_idx] - |= e_iter->maps[cmap_idx] << cmap_sft; + |= e_iter->maps[i] << cmap_sft; } e_iter = e_iter->next; } |