Smack changes for 5.8
Clean out dead code and repair an out-of-bounds warning. -----BEGIN PGP SIGNATURE----- iQJLBAABCAA1FiEEC+9tH1YyUwIQzUIeOKUVfIxDyBEFAl7VYkUXHGNhc2V5QHNj aGF1Zmxlci1jYS5jb20ACgkQOKUVfIxDyBGiTg/9GK5Ca2J89EXL3S/c5kyf1m3G aJFgg778zAp7UyWiCu8BE6+wlMnutt4yKmLmysN1+lT2RnYaytQCpvtpE5MMAiVy q0foK+g3+JakmC838Ng/RkHxbq0n61bDKlnh9D044Tq85U8CxVh1not4E13ZiAS/ +iTS1sneWjtMVmkTB0MgXDT5QaVbJ2EkwQS62MhBfU6a0Tg+m0K+t1enX5oeG0cy OewK2grQPmZeqJDVuMr7Naqny/2740loRclI6f5PxjvGCVfbbOPqUTtcst4wLXtC B1S3rkN+8PXn45ixd3BKAZ8ghMKJKz4x9AzxU8rcg49Oxpczp9zV/jjF29ly4gHk rM/EmIIQNf2rM88K7hm8D0IaDX1lpg1n5B9sRvbn8tY/r/JilU6lxGIHpA81nHRy lcp5D9i60ajhLx0FcqgPNxn6/osFrcYlFd0HxPYXEF7XjoCaxuTSEzTMxnXAnCG5 y9o4YJtBYB9HhgUk22e85p+tdAHZ3avG18GAqIt467lpp3/W2jp/nGR9QeoTgE/5 l0qxMfG9d+SBviYJJ38mtB3mJf0pESZA6h8QzupgPSbw49DvWLBT9eTC5JxLbvWW bpydDsl0R7niZFYw2+Z4c07qt/I8cFzuOdbe8NMdEDYV2FxluqBpM9WKsW+EXdak gH0+ydyh8qBCLIaQprQ= =je/v -----END PGP SIGNATURE----- Merge tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next Pull smack updates from Casey Schaufler: "Clean out dead code and repair an out-of-bounds warning" * tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next: Smack: Remove unused inline function smk_ad_setfield_u_fs_path_mnt Smack:- Remove redundant inode_smack cache Smack:- Remove mutex lock "smk_lock" from inode_smack Smack: slab-out-of-bounds in vsscanf smack: remove redundant structure variable from header. smack: avoid unused 'sip' variable warning
This commit is contained in:
commit
acf25aa663
@ -109,9 +109,7 @@ struct inode_smack {
|
||||
struct smack_known *smk_inode; /* label of the fso */
|
||||
struct smack_known *smk_task; /* label of the task */
|
||||
struct smack_known *smk_mmap; /* label of the mmap domain */
|
||||
struct mutex smk_lock; /* initialization lock */
|
||||
int smk_flags; /* smack inode flags */
|
||||
struct rcu_head smk_rcu; /* for freeing inode_smack */
|
||||
};
|
||||
|
||||
struct task_smack {
|
||||
@ -148,7 +146,6 @@ struct smk_net4addr {
|
||||
struct smack_known *smk_label; /* label */
|
||||
};
|
||||
|
||||
#if IS_ENABLED(CONFIG_IPV6)
|
||||
/*
|
||||
* An entry in the table identifying IPv6 hosts.
|
||||
*/
|
||||
@ -159,9 +156,7 @@ struct smk_net6addr {
|
||||
int smk_masks; /* mask size */
|
||||
struct smack_known *smk_label; /* label */
|
||||
};
|
||||
#endif /* CONFIG_IPV6 */
|
||||
|
||||
#ifdef SMACK_IPV6_PORT_LABELING
|
||||
/*
|
||||
* An entry in the table identifying ports.
|
||||
*/
|
||||
@ -174,7 +169,6 @@ struct smk_port_label {
|
||||
short smk_sock_type; /* Socket type */
|
||||
short smk_can_reuse;
|
||||
};
|
||||
#endif /* SMACK_IPV6_PORT_LABELING */
|
||||
|
||||
struct smack_known_list_elem {
|
||||
struct list_head list;
|
||||
@ -335,9 +329,7 @@ extern struct smack_known smack_known_web;
|
||||
extern struct mutex smack_known_lock;
|
||||
extern struct list_head smack_known_list;
|
||||
extern struct list_head smk_net4addr_list;
|
||||
#if IS_ENABLED(CONFIG_IPV6)
|
||||
extern struct list_head smk_net6addr_list;
|
||||
#endif /* CONFIG_IPV6 */
|
||||
|
||||
extern struct mutex smack_onlycap_lock;
|
||||
extern struct list_head smack_onlycap_list;
|
||||
@ -505,10 +497,6 @@ static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
|
||||
struct dentry *d)
|
||||
{
|
||||
}
|
||||
static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
|
||||
struct vfsmount *m)
|
||||
{
|
||||
}
|
||||
static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
|
||||
struct inode *i)
|
||||
{
|
||||
|
@ -50,11 +50,8 @@
|
||||
#define SMK_RECEIVING 1
|
||||
#define SMK_SENDING 2
|
||||
|
||||
#ifdef SMACK_IPV6_PORT_LABELING
|
||||
DEFINE_MUTEX(smack_ipv6_lock);
|
||||
static DEFINE_MUTEX(smack_ipv6_lock);
|
||||
static LIST_HEAD(smk_ipv6_port_list);
|
||||
#endif
|
||||
static struct kmem_cache *smack_inode_cache;
|
||||
struct kmem_cache *smack_rule_cache;
|
||||
int smack_enabled;
|
||||
|
||||
@ -316,7 +313,6 @@ static void init_inode_smack(struct inode *inode, struct smack_known *skp)
|
||||
|
||||
isp->smk_inode = skp;
|
||||
isp->smk_flags = 0;
|
||||
mutex_init(&isp->smk_lock);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2320,7 +2316,6 @@ static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
#if IS_ENABLED(CONFIG_IPV6)
|
||||
/*
|
||||
* smk_ipv6_localhost - Check for local ipv6 host address
|
||||
* @sip: the address
|
||||
@ -2388,7 +2383,6 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
|
||||
|
||||
return NULL;
|
||||
}
|
||||
#endif /* CONFIG_IPV6 */
|
||||
|
||||
/**
|
||||
* smack_netlabel - Set the secattr on a socket
|
||||
@ -2477,7 +2471,6 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
|
||||
return smack_netlabel(sk, sk_lbl);
|
||||
}
|
||||
|
||||
#if IS_ENABLED(CONFIG_IPV6)
|
||||
/**
|
||||
* smk_ipv6_check - check Smack access
|
||||
* @subject: subject Smack label
|
||||
@ -2510,7 +2503,6 @@ static int smk_ipv6_check(struct smack_known *subject,
|
||||
rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
|
||||
return rc;
|
||||
}
|
||||
#endif /* CONFIG_IPV6 */
|
||||
|
||||
#ifdef SMACK_IPV6_PORT_LABELING
|
||||
/**
|
||||
@ -2599,6 +2591,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
|
||||
mutex_unlock(&smack_ipv6_lock);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* smk_ipv6_port_check - check Smack port access
|
||||
@ -2661,7 +2654,6 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
|
||||
|
||||
return smk_ipv6_check(skp, object, address, act);
|
||||
}
|
||||
#endif /* SMACK_IPV6_PORT_LABELING */
|
||||
|
||||
/**
|
||||
* smack_inode_setsecurity - set smack xattrs
|
||||
@ -2836,24 +2828,21 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
|
||||
return 0;
|
||||
if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
|
||||
struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
|
||||
#ifdef SMACK_IPV6_SECMARK_LABELING
|
||||
struct smack_known *rsp;
|
||||
#endif
|
||||
struct smack_known *rsp = NULL;
|
||||
|
||||
if (addrlen < SIN6_LEN_RFC2133)
|
||||
return 0;
|
||||
#ifdef SMACK_IPV6_SECMARK_LABELING
|
||||
rsp = smack_ipv6host_label(sip);
|
||||
if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
|
||||
rsp = smack_ipv6host_label(sip);
|
||||
if (rsp != NULL) {
|
||||
struct socket_smack *ssp = sock->sk->sk_security;
|
||||
|
||||
rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
|
||||
SMK_CONNECTING);
|
||||
}
|
||||
#endif
|
||||
#ifdef SMACK_IPV6_PORT_LABELING
|
||||
rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
|
||||
#endif
|
||||
if (__is_defined(SMACK_IPV6_PORT_LABELING))
|
||||
rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
|
||||
|
||||
return rc;
|
||||
}
|
||||
if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
|
||||
@ -3273,13 +3262,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
|
||||
|
||||
isp = smack_inode(inode);
|
||||
|
||||
mutex_lock(&isp->smk_lock);
|
||||
/*
|
||||
* If the inode is already instantiated
|
||||
* take the quick way out
|
||||
*/
|
||||
if (isp->smk_flags & SMK_INODE_INSTANT)
|
||||
goto unlockandout;
|
||||
return;
|
||||
|
||||
sbp = inode->i_sb;
|
||||
sbsp = sbp->s_security;
|
||||
@ -3330,7 +3318,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
|
||||
break;
|
||||
}
|
||||
isp->smk_flags |= SMK_INODE_INSTANT;
|
||||
goto unlockandout;
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -3465,8 +3453,6 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
|
||||
|
||||
isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
|
||||
|
||||
unlockandout:
|
||||
mutex_unlock(&isp->smk_lock);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -4760,15 +4746,9 @@ static __init int smack_init(void)
|
||||
struct cred *cred = (struct cred *) current->cred;
|
||||
struct task_smack *tsp;
|
||||
|
||||
smack_inode_cache = KMEM_CACHE(inode_smack, 0);
|
||||
if (!smack_inode_cache)
|
||||
return -ENOMEM;
|
||||
|
||||
smack_rule_cache = KMEM_CACHE(smack_rule, 0);
|
||||
if (!smack_rule_cache) {
|
||||
kmem_cache_destroy(smack_inode_cache);
|
||||
if (!smack_rule_cache)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the security state for the initial task.
|
||||
|
@ -878,11 +878,21 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
|
||||
else
|
||||
rule += strlen(skp->smk_known) + 1;
|
||||
|
||||
if (rule > data + count) {
|
||||
rc = -EOVERFLOW;
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = sscanf(rule, "%d", &maplevel);
|
||||
if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
|
||||
goto out;
|
||||
|
||||
rule += SMK_DIGITLEN;
|
||||
if (rule > data + count) {
|
||||
rc = -EOVERFLOW;
|
||||
goto out;
|
||||
}
|
||||
|
||||
ret = sscanf(rule, "%d", &catlen);
|
||||
if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
|
||||
goto out;
|
||||
|
Loading…
Reference in New Issue
Block a user