From: John Stultz <john.stultz@xxxxxxxxxx> Subject: proc: add LSM hook checks to /proc/<tid>/timerslack_ns As requested, this patch checks the existing LSM hooks task_getscheduler/task_setscheduler when reading or modifying the task's timerslack value. Previous versions added new get/settimerslack LSM hooks, but since they checked the same PROCESS__SET/GETSCHED values as existing hooks, it was suggested we just use the existing ones. Link: http://lkml.kernel.org/r/1469132667-17377-2-git-send-email-john.stultz@xxxxxxxxxx Signed-off-by: John Stultz <john.stultz@xxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxxxx> Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx> Cc: Oren Laadan <orenl@xxxxxxxxxxx> Cc: Ruchi Kandoi <kandoiruchi@xxxxxxxxxx> Cc: Rom Lemarchand <romlem@xxxxxxxxxxx> Cc: Todd Kjos <tkjos@xxxxxxxxxx> Cc: Colin Cross <ccross@xxxxxxxxxxx> Cc: Nick Kralevich <nnk@xxxxxxxxxx> Cc: Dmitry Shmidt <dimitrysh@xxxxxxxxxx> Cc: Elliott Hughes <enh@xxxxxxxxxx> Cc: James Morris <jmorris@xxxxxxxxx> Cc: Android Kernel Team <kernel-team@xxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- fs/proc/base.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff -puN fs/proc/base.c~proc-add-lsm-hook-checks-to-proc-tid-timerslack_ns fs/proc/base.c --- a/fs/proc/base.c~proc-add-lsm-hook-checks-to-proc-tid-timerslack_ns +++ a/fs/proc/base.c @@ -2285,6 +2285,12 @@ static ssize_t timerslack_ns_write(struc goto out; } + err = security_task_setscheduler(p); + if (err) { + count = err; + goto out; + } + task_lock(p); if (slack_ns == 0) p->timer_slack_ns = p->default_timer_slack_ns; @@ -2313,6 +2319,10 @@ static int timerslack_ns_show(struct seq goto out; } + err = security_task_getscheduler(p); + if (err) + goto out; + task_lock(p); seq_printf(m, "%llu\n", p->timer_slack_ns); task_unlock(p); _ -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html