Smack changes for 5.8

Clean out dead code and repair an out-of-bounds warning.
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCAA1FiEEC+9tH1YyUwIQzUIeOKUVfIxDyBEFAl7VYkUXHGNhc2V5QHNj
 aGF1Zmxlci1jYS5jb20ACgkQOKUVfIxDyBGiTg/9GK5Ca2J89EXL3S/c5kyf1m3G
 aJFgg778zAp7UyWiCu8BE6+wlMnutt4yKmLmysN1+lT2RnYaytQCpvtpE5MMAiVy
 q0foK+g3+JakmC838Ng/RkHxbq0n61bDKlnh9D044Tq85U8CxVh1not4E13ZiAS/
 +iTS1sneWjtMVmkTB0MgXDT5QaVbJ2EkwQS62MhBfU6a0Tg+m0K+t1enX5oeG0cy
 OewK2grQPmZeqJDVuMr7Naqny/2740loRclI6f5PxjvGCVfbbOPqUTtcst4wLXtC
 B1S3rkN+8PXn45ixd3BKAZ8ghMKJKz4x9AzxU8rcg49Oxpczp9zV/jjF29ly4gHk
 rM/EmIIQNf2rM88K7hm8D0IaDX1lpg1n5B9sRvbn8tY/r/JilU6lxGIHpA81nHRy
 lcp5D9i60ajhLx0FcqgPNxn6/osFrcYlFd0HxPYXEF7XjoCaxuTSEzTMxnXAnCG5
 y9o4YJtBYB9HhgUk22e85p+tdAHZ3avG18GAqIt467lpp3/W2jp/nGR9QeoTgE/5
 l0qxMfG9d+SBviYJJ38mtB3mJf0pESZA6h8QzupgPSbw49DvWLBT9eTC5JxLbvWW
 bpydDsl0R7niZFYw2+Z4c07qt/I8cFzuOdbe8NMdEDYV2FxluqBpM9WKsW+EXdak
 gH0+ydyh8qBCLIaQprQ=
 =je/v
 -----END PGP SIGNATURE-----

Merge tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler:
 "Clean out dead code and repair an out-of-bounds warning"

* tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next:
  Smack: Remove unused inline function smk_ad_setfield_u_fs_path_mnt
  Smack:- Remove redundant inode_smack cache
  Smack:- Remove mutex lock "smk_lock" from inode_smack
  Smack: slab-out-of-bounds in vsscanf
  smack: remove redundant structure variable from header.
  smack: avoid unused 'sip' variable warning
This commit is contained in:
Linus Torvalds 2020-06-04 10:31:05 -07:00
commit acf25aa663
3 changed files with 21 additions and 43 deletions

View File

@ -109,9 +109,7 @@ struct inode_smack {
struct smack_known *smk_inode; /* label of the fso */
struct smack_known *smk_task; /* label of the task */
struct smack_known *smk_mmap; /* label of the mmap domain */
struct mutex smk_lock; /* initialization lock */
int smk_flags; /* smack inode flags */
struct rcu_head smk_rcu; /* for freeing inode_smack */
};
struct task_smack {
@ -148,7 +146,6 @@ struct smk_net4addr {
struct smack_known *smk_label; /* label */
};
#if IS_ENABLED(CONFIG_IPV6)
/*
* An entry in the table identifying IPv6 hosts.
*/
@ -159,9 +156,7 @@ struct smk_net6addr {
int smk_masks; /* mask size */
struct smack_known *smk_label; /* label */
};
#endif /* CONFIG_IPV6 */
#ifdef SMACK_IPV6_PORT_LABELING
/*
* An entry in the table identifying ports.
*/
@ -174,7 +169,6 @@ struct smk_port_label {
short smk_sock_type; /* Socket type */
short smk_can_reuse;
};
#endif /* SMACK_IPV6_PORT_LABELING */
struct smack_known_list_elem {
struct list_head list;
@ -335,9 +329,7 @@ extern struct smack_known smack_known_web;
extern struct mutex smack_known_lock;
extern struct list_head smack_known_list;
extern struct list_head smk_net4addr_list;
#if IS_ENABLED(CONFIG_IPV6)
extern struct list_head smk_net6addr_list;
#endif /* CONFIG_IPV6 */
extern struct mutex smack_onlycap_lock;
extern struct list_head smack_onlycap_list;
@ -505,10 +497,6 @@ static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a,
struct dentry *d)
{
}
static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a,
struct vfsmount *m)
{
}
static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a,
struct inode *i)
{

View File

@ -50,11 +50,8 @@
#define SMK_RECEIVING 1
#define SMK_SENDING 2
#ifdef SMACK_IPV6_PORT_LABELING
DEFINE_MUTEX(smack_ipv6_lock);
static DEFINE_MUTEX(smack_ipv6_lock);
static LIST_HEAD(smk_ipv6_port_list);
#endif
static struct kmem_cache *smack_inode_cache;
struct kmem_cache *smack_rule_cache;
int smack_enabled;
@ -316,7 +313,6 @@ static void init_inode_smack(struct inode *inode, struct smack_known *skp)
isp->smk_inode = skp;
isp->smk_flags = 0;
mutex_init(&isp->smk_lock);
}
/**
@ -2320,7 +2316,6 @@ static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
return NULL;
}
#if IS_ENABLED(CONFIG_IPV6)
/*
* smk_ipv6_localhost - Check for local ipv6 host address
* @sip: the address
@ -2388,7 +2383,6 @@ static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
return NULL;
}
#endif /* CONFIG_IPV6 */
/**
* smack_netlabel - Set the secattr on a socket
@ -2477,7 +2471,6 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
return smack_netlabel(sk, sk_lbl);
}
#if IS_ENABLED(CONFIG_IPV6)
/**
* smk_ipv6_check - check Smack access
* @subject: subject Smack label
@ -2510,7 +2503,6 @@ static int smk_ipv6_check(struct smack_known *subject,
rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
return rc;
}
#endif /* CONFIG_IPV6 */
#ifdef SMACK_IPV6_PORT_LABELING
/**
@ -2599,6 +2591,7 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
mutex_unlock(&smack_ipv6_lock);
return;
}
#endif
/**
* smk_ipv6_port_check - check Smack port access
@ -2661,7 +2654,6 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
return smk_ipv6_check(skp, object, address, act);
}
#endif /* SMACK_IPV6_PORT_LABELING */
/**
* smack_inode_setsecurity - set smack xattrs
@ -2836,24 +2828,21 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
return 0;
if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) {
struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
#ifdef SMACK_IPV6_SECMARK_LABELING
struct smack_known *rsp;
#endif
struct smack_known *rsp = NULL;
if (addrlen < SIN6_LEN_RFC2133)
return 0;
#ifdef SMACK_IPV6_SECMARK_LABELING
rsp = smack_ipv6host_label(sip);
if (__is_defined(SMACK_IPV6_SECMARK_LABELING))
rsp = smack_ipv6host_label(sip);
if (rsp != NULL) {
struct socket_smack *ssp = sock->sk->sk_security;
rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
SMK_CONNECTING);
}
#endif
#ifdef SMACK_IPV6_PORT_LABELING
rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
#endif
if (__is_defined(SMACK_IPV6_PORT_LABELING))
rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
return rc;
}
if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in))
@ -3273,13 +3262,12 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
isp = smack_inode(inode);
mutex_lock(&isp->smk_lock);
/*
* If the inode is already instantiated
* take the quick way out
*/
if (isp->smk_flags & SMK_INODE_INSTANT)
goto unlockandout;
return;
sbp = inode->i_sb;
sbsp = sbp->s_security;
@ -3330,7 +3318,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
break;
}
isp->smk_flags |= SMK_INODE_INSTANT;
goto unlockandout;
return;
}
/*
@ -3465,8 +3453,6 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
unlockandout:
mutex_unlock(&isp->smk_lock);
return;
}
@ -4760,15 +4746,9 @@ static __init int smack_init(void)
struct cred *cred = (struct cred *) current->cred;
struct task_smack *tsp;
smack_inode_cache = KMEM_CACHE(inode_smack, 0);
if (!smack_inode_cache)
return -ENOMEM;
smack_rule_cache = KMEM_CACHE(smack_rule, 0);
if (!smack_rule_cache) {
kmem_cache_destroy(smack_inode_cache);
if (!smack_rule_cache)
return -ENOMEM;
}
/*
* Set the security state for the initial task.

View File

@ -878,11 +878,21 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
else
rule += strlen(skp->smk_known) + 1;
if (rule > data + count) {
rc = -EOVERFLOW;
goto out;
}
ret = sscanf(rule, "%d", &maplevel);
if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
goto out;
rule += SMK_DIGITLEN;
if (rule > data + count) {
rc = -EOVERFLOW;
goto out;
}
ret = sscanf(rule, "%d", &catlen);
if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
goto out;