Davidlohr Bueso wrote:
> On Fri, 2015-02-20 at 07:11 +0900, Tetsuo Handa wrote:
> > Davidlohr Bueso wrote:
> > > On Thu, 2015-02-19 at 20:07 +0900, Tetsuo Handa wrote:
> > > > Why do we need to let the caller call path_put() ?
> > > > There is no need to do like proc_exe_link() does, for
> > > > tomoyo_get_exe() returns pathname as "char *".
> > >
> > > Having the pathname doesn't guarantee anything later, and thus doesn't
> > > seem very robust in the manager call if it can be dropped during the
> > > call... or can this never occur in this context?
> > >
> > tomoyo_get_exe() returns the pathname of executable of current thread.
> > The executable of current thread cannot be changed while current thread
> > is inside the manager call. Although the pathname of executable of
> > current thread could be changed by other threads via namespace manipulation
> > like pivot_root(), holding a reference guarantees nothing. Your patch helps
> > for avoiding memory allocation with mmap_sem held, but does not robustify
> > handling of mm->exe_file for tomoyo.
>
> Fair enough, I won't argue. This is beyond the scope if what I'm trying
> to accomplish here anyway. Are you ok with this instead?
>
I prefer cleanups excluded from this patch, like shown below.
Would you please resend?
> diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
> index e0fb750..73ce629 100644
> --- a/security/tomoyo/common.c
> +++ b/security/tomoyo/common.c
> @@ -908,6 +908,31 @@ static void tomoyo_read_manager(struct tomoyo_io_buffer *head)
> }
>
> /**
> + * tomoyo_get_exe - Get tomoyo_realpath() of current process.
> + *
> + * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
> + *
> + * This function uses kzalloc(), so the caller must call kfree()
> + * if this function didn't return NULL.
> + */
> +static const char *tomoyo_get_exe(void)
> +{
> + struct file *exe_file;
> + const char *cp = NULL;
No need to initialize cp here.
> + struct mm_struct *mm = current->mm;
> +
> + if (!mm)
> + return NULL;
> + exe_file = get_mm_exe_file(mm);
> + if (!exe_file)
> + return NULL;
> +
> + cp = tomoyo_realpath_from_path(&exe_file->f_path);
> + fput(exe_file);
> + return cp;
> +}
> +
> +/**
> * tomoyo_manager - Check whether the current process is a policy manager.
> *
> * Returns true if the current process is permitted to modify policy
> diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
> index b897d48..fc89eba 100644
> --- a/security/tomoyo/common.h
> +++ b/security/tomoyo/common.h
> @@ -947,7 +947,6 @@ char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
> char *tomoyo_read_token(struct tomoyo_acl_param *param);
> char *tomoyo_realpath_from_path(struct path *path);
> char *tomoyo_realpath_nofollow(const char *pathname);
> -const char *tomoyo_get_exe(void);
> const char *tomoyo_yesno(const unsigned int value);
> const struct tomoyo_path_info *tomoyo_compare_name_union
> (const struct tomoyo_path_info *name, const struct tomoyo_name_union *ptr);
> diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
> index 2952ba5..7eff479 100644
> --- a/security/tomoyo/util.c
> +++ b/security/tomoyo/util.c
> @@ -939,28 +939,6 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
> }
>
> /**
> - * tomoyo_get_exe - Get tomoyo_realpath() of current process.
> - *
> - * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
> - *
> - * This function uses kzalloc(), so the caller must call kfree()
> - * if this function didn't return NULL.
> - */
> -const char *tomoyo_get_exe(void)
> -{
> - struct mm_struct *mm = current->mm;
> - const char *cp = NULL;
> -
> - if (!mm)
> - return NULL;
> - down_read(&mm->mmap_sem);
> - if (mm->exe_file)
> - cp = tomoyo_realpath_from_path(&mm->exe_file->f_path);
> - up_read(&mm->mmap_sem);
> - return cp;
> -}
> -
> -/**
> * tomoyo_get_mode - Get MAC mode.
> *
> * @ns: Pointer to "struct tomoyo_policy_namespace".
> --
> 2.1.4
You can post TOMOYO patches to tomoyo-dev-en@xxxxxxxxxxxxxxxxxxxx .
I'll add your mail address to ML's accept list.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>