On Wed, Apr 03, 2024 at 09:57:29AM +0200, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > Commit 08abce60d63f ("security: Introduce path_post_mknod hook") > introduced security_path_post_mknod(), to replace the IMA-specific call to > ima_post_path_mknod(). > > For symmetry with security_path_mknod(), security_path_post_mknod() was > called after a successful mknod operation, for any file type, rather than > only for regular files at the time there was the IMA call. > > However, as reported by VFS maintainers, successful mknod operation does > not mean that the dentry always has an inode attached to it (for example, > not for FIFOs on a SAMBA mount). > > If that condition happens, the kernel crashes when > security_path_post_mknod() attempts to verify if the inode associated to > the dentry is private. > > Move security_path_post_mknod() where the ima_post_path_mknod() call was, > which is obviously correct from IMA/EVM perspective. IMA/EVM are the only > in-kernel users, and only need to inspect regular files. > > Reported-by: Steve French <smfrench@xxxxxxxxx> > Closes: https://lore.kernel.org/linux-kernel/CAH2r5msAVzxCUHHG8VKrMPUKQHmBpE6K9_vjhgDa1uAvwx4ppw@xxxxxxxxxxxxxx/ > Suggested-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Fixes: 08abce60d63f ("security: Introduce path_post_mknod hook") > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > --- Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>