On Sun, 2017-01-08 at 19:26 +0000, Al Viro wrote: > On Sun, Jan 08, 2017 at 08:09:55PM +0100, Christoph Hellwig wrote: > > > No. We need an ->ima_measure file_operation, guts of process_measurement > > turned into a library function that the FS can call after taking fs-specific > > locks. And maybe also a small wrapper around it that takes ilock and > > can be used directly for file systems not needing special locking. > > Incidentally, it had been literally years since the problems with their > pathname handling had been brought up and we *still* have got no answer. > In the current tree, ima_d_path() is quite capable of returning > path->dentry->d_name.name. Which gets used by subsequent code, > even though there is no warranty whatsoever that it won't be > pointing to freed memory by the time the caller of ima_d_path() > gets it. The pathname/filename is being used in the measurement list and for audit logging. It's currently using d_absolute_path() to get the full pathname, but falls back to using the dentry->d_name.name on failure. Ok, so instead of returning the dentry->d_name.name, we should make a copy it, assuming the error isn't memory related. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
