github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
efd5ce8b23
linux/security
History
Stephen Smalley efd5ce8b23 selinux: fall back to ref-walk if audit is required 
[ Upstream commit 0188d5c025 ]

commit bda0be7ad9 ("security: make inode_follow_link RCU-walk aware")
passed down the rcu flag to the SELinux AVC, but failed to adjust the
test in slow_avc_audit() to also return -ECHILD on LSM_AUDIT_DATA_DENTRY.
Previously, we only returned -ECHILD if generating an audit record with
LSM_AUDIT_DATA_INODE since this was only relevant from inode_permission.
Move the handling of MAY_NOT_BLOCK to avc_audit() and its inlined
equivalent in selinux_inode_permission() immediately after we determine
that audit is required, and always fall back to ref-walk in this case.

Fixes: bda0be7ad9 ("security: make inode_follow_link RCU-walk aware")
Reported-by: Will Deacon <will@kernel.org>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-02-24 08:34:40 +01:00
..
apparmor apparmor: don't try to replace stale label in ptrace access check 2020-01-27 14:49:55 +01:00
integrity ima: fix freeing ongoing ahash_request 2019-10-11 18:21:11 +02:00
keys keys: Timestamp new keys 2020-01-27 14:50:23 +01:00
loadpin module: replace the existing LSM hook in init_module 2018-07-16 12:31:57 -07:00
selinux selinux: fall back to ref-walk if audit is required 2020-02-24 08:34:40 +01:00
smack LSM: generalize flag passing to security_capable 2020-01-23 08:21:29 +01:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-05 14:43:38 +00:00
yama Yama: Check for pid death before checking ancestry 2019-01-22 21:40:32 +01:00
commoncap.c LSM: generalize flag passing to security_capable 2020-01-23 08:21:29 +01:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
Kconfig Revert "x86/mm/legacy: Populate the user page-table with user pgd's" 2018-09-14 17:08:45 +02:00
lsm_audit.c missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
Makefile
min_addr.c
security.c LSM: generalize flag passing to security_capable 2020-01-23 08:21:29 +01:00