summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2023-04-24 11:37:24 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2023-04-24 11:37:24 -0700
commitdc7e22a368c2a217d2d3338b3bd984fdd0301173 (patch)
treec19fa6ad18981257515d41ded70e5688017be8ec /security
parent62443646a5fddd2c15dacd670fda84044ee7f748 (diff)
parentde93e515db306767549bb29a926f523ca2a601ab (diff)
Merge tag 'Smack-for-6.4' of https://github.com/cschaufler/smack-next
Pull smack updates from Casey Schaufler: "There are two changes, one small and one more substantial: - Remove of an unnecessary cast - The mount option processing introduced with the mount rework makes copies of mount option values. There is no good reason to make copies of Smack labels, as they are maintained on a list and never removed. The code now uses pointers to entries on the list, reducing processing time and memory use" * tag 'Smack-for-6.4' of https://github.com/cschaufler/smack-next: Smack: Improve mount process memory use smack_lsm: remove unnecessary type casting
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_lsm.c64
1 files changed, 24 insertions, 40 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index bc3c3e553133..7a3e9ab137d8 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -550,23 +550,22 @@ static int smack_sb_alloc_security(struct super_block *sb)
}
struct smack_mnt_opts {
- const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute;
+ const char *fsdefault;
+ const char *fsfloor;
+ const char *fshat;
+ const char *fsroot;
+ const char *fstransmute;
};
static void smack_free_mnt_opts(void *mnt_opts)
{
- struct smack_mnt_opts *opts = mnt_opts;
- kfree(opts->fsdefault);
- kfree(opts->fsfloor);
- kfree(opts->fshat);
- kfree(opts->fsroot);
- kfree(opts->fstransmute);
- kfree(opts);
+ kfree(mnt_opts);
}
static int smack_add_opt(int token, const char *s, void **mnt_opts)
{
struct smack_mnt_opts *opts = *mnt_opts;
+ struct smack_known *skp;
if (!opts) {
opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
@@ -577,31 +576,35 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
if (!s)
return -ENOMEM;
+ skp = smk_import_entry(s, 0);
+ if (IS_ERR(skp))
+ return PTR_ERR(skp);
+
switch (token) {
case Opt_fsdefault:
if (opts->fsdefault)
goto out_opt_err;
- opts->fsdefault = s;
+ opts->fsdefault = skp->smk_known;
break;
case Opt_fsfloor:
if (opts->fsfloor)
goto out_opt_err;
- opts->fsfloor = s;
+ opts->fsfloor = skp->smk_known;
break;
case Opt_fshat:
if (opts->fshat)
goto out_opt_err;
- opts->fshat = s;
+ opts->fshat = skp->smk_known;
break;
case Opt_fsroot:
if (opts->fsroot)
goto out_opt_err;
- opts->fsroot = s;
+ opts->fsroot = skp->smk_known;
break;
case Opt_fstransmute:
if (opts->fstransmute)
goto out_opt_err;
- opts->fstransmute = s;
+ opts->fstransmute = skp->smk_known;
break;
}
return 0;
@@ -629,33 +632,14 @@ static int smack_fs_context_dup(struct fs_context *fc,
fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
if (!fc->security)
return -ENOMEM;
+
dst = fc->security;
+ dst->fsdefault = src->fsdefault;
+ dst->fsfloor = src->fsfloor;
+ dst->fshat = src->fshat;
+ dst->fsroot = src->fsroot;
+ dst->fstransmute = src->fstransmute;
- if (src->fsdefault) {
- dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL);
- if (!dst->fsdefault)
- return -ENOMEM;
- }
- if (src->fsfloor) {
- dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
- if (!dst->fsfloor)
- return -ENOMEM;
- }
- if (src->fshat) {
- dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
- if (!dst->fshat)
- return -ENOMEM;
- }
- if (src->fsroot) {
- dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
- if (!dst->fsroot)
- return -ENOMEM;
- }
- if (src->fstransmute) {
- dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
- if (!dst->fstransmute)
- return -ENOMEM;
- }
return 0;
}
@@ -712,8 +696,8 @@ static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
if (token != Opt_error) {
arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
rc = smack_add_opt(token, arg, mnt_opts);
+ kfree(arg);
if (unlikely(rc)) {
- kfree(arg);
if (*mnt_opts)
smack_free_mnt_opts(*mnt_opts);
*mnt_opts = NULL;
@@ -1477,7 +1461,7 @@ static int smack_inode_getsecurity(struct mnt_idmap *idmap,
struct socket_smack *ssp;
struct socket *sock;
struct super_block *sbp;
- struct inode *ip = (struct inode *)inode;
+ struct inode *ip = inode;
struct smack_known *isp;
if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)