github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-02 11:33:28 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

smack: always "instantiate" inode in smack_inode_init_security()

Browse Source 
If memory allocation for the SMACK64TRANSMUTE
xattr value fails in smack_inode_init_security(),
the SMK_INODE_INSTANT flag is not set in
(struct inode_smack *issp)->smk_flags,
leaving the inode as not "instantiated".

It does not matter if fs frees the inode
after failed smack_inode_init_security() call,
but there is no guarantee for this.

To be safe, mark the inode as "instantiated",
even if allocation of xattr values fails.

Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Konstantin Andreev 2025-06-16 04:07:31 +03:00 committed by Casey Schaufler
parent 8e5d9f916a
commit 69204f6cdb
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
security/smack/smack_lsm.c
View File

@ -1015,6 +1015,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
struct task_smack *tsp = smack_cred(current_cred());
struct inode_smack * const issp = smack_inode(inode);
struct smack_known *dsp = smk_of_inode(dir);
int rc = 0;
int transflag = 0;
bool trans_cred;
bool trans_rule;
@ -1043,18 +1045,20 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
issp->smk_inode = dsp;
if (S_ISDIR(inode->i_mode)) {
issp->smk_flags |= SMK_INODE_TRANSMUTE;
transflag = SMK_INODE_TRANSMUTE;
if (xattr_dupval(xattrs, xattr_count,
XATTR_SMACK_TRANSMUTE,
TRANS_TRUE,
TRANS_TRUE_SIZE
))
return -ENOMEM;
rc = -ENOMEM;
}
}
issp->smk_flags |= SMK_INODE_INSTANT;
issp->smk_flags |= (SMK_INODE_INSTANT | transflag);
if (rc)
return rc;
return xattr_dupval(xattrs, xattr_count,
XATTR_SMACK_SUFFIX,