Smack updates for v6.4

-----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCAA1FiEEC+9tH1YyUwIQzUIeOKUVfIxDyBEFAmRGv+4XHGNhc2V5QHNj
 aGF1Zmxlci1jYS5jb20ACgkQOKUVfIxDyBE4QxAAkHiCueaplFsGvYhtx6aeajNC
 0ScA84efBMhQJ/jP4FsTh893bGUkbDv+dyasAVOoAdfFPfgpecEOELzhOaaXv5l2
 8pZ1CtTPXU9h5Csg7D6idII/EyzBUkKDCLbrZexT6A6ZEl0xTqY6Pz6/3uee/W4J
 Z/84U1lX/GgI/SzV6JFcO0XYDj2yp7cfdwIzPUHRky5HgPgLm3roB+eZQwONHfYl
 qYX5xAYCxMx6Uqx3kFb+wgXEJ71lFQGBd7zAZsinGqlrH0vIA63BqpxcHPhYTJNl
 9Y/t6Mb9ds2C1CCGhQTPn/m4hcqYcA5oLuhGWNhOeXMX450XBQ4v7nRw45Dkb1Sa
 IPwJTPfuH2I5r5dOW8cGVCrDp5OT+XQJ5OrsIBtdrPxPGX8x6XyaC4DLG3mympC6
 UfBxdP60Jtm/PRuLCX3tX92zzXhFuqt63Gw87b6htlgEPpirJlhZaEiCYKGlshS1
 b6+kMn1snCxqbBvE/jI3FKHp/C8F/lKNnuVRid9J6HkoyABubWMZ3UIAY+SkVw6b
 9BuF8dn+S/HOqPiijDDnwjnnhHFJQg3F8XRCmNP9MsDqfajcwWHs9ik0NLSMfD50
 CXpp3WIZDVGllmNSeYgkkZKuYV+yNbydLU+DaMfWEkOS7euRoaDozShVJdBTRfnV
 7PYZ3V4KhWkNCWXWfbw=
 =Ynnl
 -----END PGP SIGNATURE-----

Merge tag 'Smack-for-6.4' of https://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler:
 "There are two changes, one small and one more substantial:

   - Remove of an unnecessary cast

   - The mount option processing introduced with the mount rework makes
     copies of mount option values. There is no good reason to make
     copies of Smack labels, as they are maintained on a list and never
     removed.

     The code now uses pointers to entries on the list, reducing
     processing time and memory use"

* tag 'Smack-for-6.4' of https://github.com/cschaufler/smack-next:
  Smack: Improve mount process memory use
  smack_lsm: remove unnecessary type casting
This commit is contained in:
Linus Torvalds 2023-04-24 11:37:24 -07:00
commit dc7e22a368

View File

@ -550,23 +550,22 @@ static int smack_sb_alloc_security(struct super_block *sb)
} }
struct smack_mnt_opts { struct smack_mnt_opts {
const char *fsdefault, *fsfloor, *fshat, *fsroot, *fstransmute; const char *fsdefault;
const char *fsfloor;
const char *fshat;
const char *fsroot;
const char *fstransmute;
}; };
static void smack_free_mnt_opts(void *mnt_opts) static void smack_free_mnt_opts(void *mnt_opts)
{ {
struct smack_mnt_opts *opts = mnt_opts; kfree(mnt_opts);
kfree(opts->fsdefault);
kfree(opts->fsfloor);
kfree(opts->fshat);
kfree(opts->fsroot);
kfree(opts->fstransmute);
kfree(opts);
} }
static int smack_add_opt(int token, const char *s, void **mnt_opts) static int smack_add_opt(int token, const char *s, void **mnt_opts)
{ {
struct smack_mnt_opts *opts = *mnt_opts; struct smack_mnt_opts *opts = *mnt_opts;
struct smack_known *skp;
if (!opts) { if (!opts) {
opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
@ -577,31 +576,35 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
if (!s) if (!s)
return -ENOMEM; return -ENOMEM;
skp = smk_import_entry(s, 0);
if (IS_ERR(skp))
return PTR_ERR(skp);
switch (token) { switch (token) {
case Opt_fsdefault: case Opt_fsdefault:
if (opts->fsdefault) if (opts->fsdefault)
goto out_opt_err; goto out_opt_err;
opts->fsdefault = s; opts->fsdefault = skp->smk_known;
break; break;
case Opt_fsfloor: case Opt_fsfloor:
if (opts->fsfloor) if (opts->fsfloor)
goto out_opt_err; goto out_opt_err;
opts->fsfloor = s; opts->fsfloor = skp->smk_known;
break; break;
case Opt_fshat: case Opt_fshat:
if (opts->fshat) if (opts->fshat)
goto out_opt_err; goto out_opt_err;
opts->fshat = s; opts->fshat = skp->smk_known;
break; break;
case Opt_fsroot: case Opt_fsroot:
if (opts->fsroot) if (opts->fsroot)
goto out_opt_err; goto out_opt_err;
opts->fsroot = s; opts->fsroot = skp->smk_known;
break; break;
case Opt_fstransmute: case Opt_fstransmute:
if (opts->fstransmute) if (opts->fstransmute)
goto out_opt_err; goto out_opt_err;
opts->fstransmute = s; opts->fstransmute = skp->smk_known;
break; break;
} }
return 0; return 0;
@ -629,33 +632,14 @@ static int smack_fs_context_dup(struct fs_context *fc,
fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL); fc->security = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
if (!fc->security) if (!fc->security)
return -ENOMEM; return -ENOMEM;
dst = fc->security;
if (src->fsdefault) { dst = fc->security;
dst->fsdefault = kstrdup(src->fsdefault, GFP_KERNEL); dst->fsdefault = src->fsdefault;
if (!dst->fsdefault) dst->fsfloor = src->fsfloor;
return -ENOMEM; dst->fshat = src->fshat;
} dst->fsroot = src->fsroot;
if (src->fsfloor) { dst->fstransmute = src->fstransmute;
dst->fsfloor = kstrdup(src->fsfloor, GFP_KERNEL);
if (!dst->fsfloor)
return -ENOMEM;
}
if (src->fshat) {
dst->fshat = kstrdup(src->fshat, GFP_KERNEL);
if (!dst->fshat)
return -ENOMEM;
}
if (src->fsroot) {
dst->fsroot = kstrdup(src->fsroot, GFP_KERNEL);
if (!dst->fsroot)
return -ENOMEM;
}
if (src->fstransmute) {
dst->fstransmute = kstrdup(src->fstransmute, GFP_KERNEL);
if (!dst->fstransmute)
return -ENOMEM;
}
return 0; return 0;
} }
@ -712,8 +696,8 @@ static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
if (token != Opt_error) { if (token != Opt_error) {
arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL); arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
rc = smack_add_opt(token, arg, mnt_opts); rc = smack_add_opt(token, arg, mnt_opts);
kfree(arg);
if (unlikely(rc)) { if (unlikely(rc)) {
kfree(arg);
if (*mnt_opts) if (*mnt_opts)
smack_free_mnt_opts(*mnt_opts); smack_free_mnt_opts(*mnt_opts);
*mnt_opts = NULL; *mnt_opts = NULL;
@ -1477,7 +1461,7 @@ static int smack_inode_getsecurity(struct mnt_idmap *idmap,
struct socket_smack *ssp; struct socket_smack *ssp;
struct socket *sock; struct socket *sock;
struct super_block *sbp; struct super_block *sbp;
struct inode *ip = (struct inode *)inode; struct inode *ip = inode;
struct smack_known *isp; struct smack_known *isp;
if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)