On Wed, Sep 26, 2018 at 2:57 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> Instead of checking if the kmem_cache for file blobs
> has been initialized check if the blob is NULL. This
> allows non-blob using modules to do other kinds of
> clean up in the security_file_free hooks.
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
This looks like it should get folded into "LSM: Infrastructure
management of the file security".
-Kees
> ---
> security/security.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/security/security.c b/security/security.c
> index e7c8506041f1..76f7dc49b63c 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -1202,14 +1202,13 @@ void security_file_free(struct file *file)
> {
> void *blob;
>
> - if (!lsm_file_cache)
> - return;
> -
> call_void_hook(file_free_security, file);
>
> blob = file->f_security;
> - file->f_security = NULL;
> - kmem_cache_free(lsm_file_cache, blob);
> + if (blob) {
> + file->f_security = NULL;
> + kmem_cache_free(lsm_file_cache, blob);
> + }
> }
>
> int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> --
> 2.17.1
>
>
--
Kees Cook
Pixel Security
