On 12/24/19 6:59 PM, Casey Schaufler wrote:
Change the security_dentry_init_security() interface to
fill an lsmcontext structure instead of a void * data area
and a length. The lone caller of this interface is NFS4,
which may make copies of the data using its own mechanisms.
A rework of the nfs4 code to use the lsmcontext properly
is a significant project. SELinux is handled correctly, and
is the only current user.
Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
---
fs/nfs/nfs4proc.c | 15 ++++++++-------
include/linux/security.h | 7 +++----
security/security.c | 29 +++++++++++++++++++++++++----
3 files changed, 36 insertions(+), 15 deletions(-)
diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index a30e36654c57..6cd2463f890b 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -112,6 +112,7 @@ static inline struct nfs4_label *
nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
struct iattr *sattr, struct nfs4_label *label)
{
+ struct lsmcontext context;
int err;
if (label == NULL)
@@ -121,21 +122,21 @@ nfs4_label_init_security(struct inode *dir, struct dentry *dentry,
return NULL;
err = security_dentry_init_security(dentry, sattr->ia_mode,
- &dentry->d_name, (void **)&label->label, &label->len);
+ &dentry->d_name, &context);
+
+ label->label = context.context;
+ label->len = context.len;
No point in setting label->label/len if err != 0.
+
if (err == 0)
return label;
return NULL;
+
}
Leftover empty line.
static inline void
nfs4_label_release_security(struct nfs4_label *label)
{
- struct lsmcontext scaff; /* scaffolding */
-
- if (label) {
- lsmcontext_init(&scaff, label->label, label->len, 0);
- security_release_secctx(&scaff);
- }
+ kfree(label->label);
}
static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)
{
Not sure why you don't just leave the scaffolding here?
