struct btrfs_device *device = NULL;
struct btrfs_fs_devices *fs_devices = NULL;
struct btrfs_fs_info *fs_info = NULL;
- struct security_mnt_opts new_sec_opts;
+ void *new_sec_opts = NULL;
fmode_t mode = FMODE_READ;
int error = 0;
if (!(flags & SB_RDONLY))
mode |= FMODE_WRITE;
- security_init_mnt_opts(&new_sec_opts);
if (data) {
error = security_sb_eat_lsm_opts(data, &new_sec_opts);
if (error)
error = btrfs_fill_super(s, fs_devices, data);
}
if (!error)
- error = security_sb_set_mnt_opts(s, &new_sec_opts, 0, NULL);
+ error = security_sb_set_mnt_opts(s, new_sec_opts, 0, NULL);
security_free_mnt_opts(&new_sec_opts);
if (error) {
deactivate_locked_super(s);
btrfs_remount_prepare(fs_info);
if (data) {
- struct security_mnt_opts new_sec_opts;
+ void *new_sec_opts = NULL;
- security_init_mnt_opts(&new_sec_opts);
ret = security_sb_eat_lsm_opts(data, &new_sec_opts);
if (!ret)
- ret = security_sb_remount(sb, &new_sec_opts);
+ ret = security_sb_remount(sb, new_sec_opts);
security_free_mnt_opts(&new_sec_opts);
if (ret)
goto restore;
int err;
struct super_block *sb = path->mnt->mnt_sb;
struct mount *mnt = real_mount(path->mnt);
- struct security_mnt_opts opts;
+ void *sec_opts = NULL;
if (!check_mnt(mnt))
return -EINVAL;
if (!can_change_locked_flags(mnt, mnt_flags))
return -EPERM;
- security_init_mnt_opts(&opts);
if (data && !(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)) {
- err = security_sb_eat_lsm_opts(data, &opts);
+ err = security_sb_eat_lsm_opts(data, &sec_opts);
if (err)
return err;
}
- err = security_sb_remount(sb, &opts);
- security_free_mnt_opts(&opts);
+ err = security_sb_remount(sb, sec_opts);
+ security_free_mnt_opts(&sec_opts);
if (err)
return err;
unsigned short protocol;
} nfs_server;
- struct security_mnt_opts lsm_opts;
+ void *lsm_opts;
struct net *net;
};
data->minorversion = 0;
data->need_mount = true;
data->net = current->nsproxy->net_ns;
- security_init_mnt_opts(&data->lsm_opts);
+ data->lsm_opts = NULL;
}
return data;
}
/* compare new mount options with old ones */
error = nfs_compare_remount_data(nfss, data);
if (!error)
- error = security_sb_remount(sb, &data->lsm_opts);
+ error = security_sb_remount(sb, data->lsm_opts);
out:
nfs_free_parsed_mount_data(data);
return error;
if (NFS_SB(s)->caps & NFS_CAP_SECURITY_LABEL)
kflags |= SECURITY_LSM_NATIVE_LABELS;
- error = security_sb_set_mnt_opts(s, &mount_info->parsed->lsm_opts,
+ error = security_sb_set_mnt_opts(s, mount_info->parsed->lsm_opts,
kflags, &kflags_out);
if (error)
goto err;
struct dentry *root;
struct super_block *sb;
int error = -ENOMEM;
- struct security_mnt_opts opts;
-
- security_init_mnt_opts(&opts);
+ void *sec_opts = NULL;
if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) {
- error = security_sb_eat_lsm_opts(data, &opts);
+ error = security_sb_eat_lsm_opts(data, &sec_opts);
if (error)
return ERR_PTR(error);
}
smp_wmb();
sb->s_flags |= SB_BORN;
- error = security_sb_set_mnt_opts(sb, &opts, 0, NULL);
+ error = security_sb_set_mnt_opts(sb, sec_opts, 0, NULL);
if (error)
goto out_sb;
"negative value (%lld)\n", type->name, sb->s_maxbytes);
up_write(&sb->s_umount);
- security_free_mnt_opts(&opts);
+ security_free_mnt_opts(&sec_opts);
return root;
out_sb:
dput(root);
deactivate_locked_super(sb);
out_free_secdata:
- security_free_mnt_opts(&opts);
+ security_free_mnt_opts(&sec_opts);
return ERR_PTR(error);
}
int (*sb_alloc_security)(struct super_block *sb);
void (*sb_free_security)(struct super_block *sb);
- int (*sb_eat_lsm_opts)(char *orig, struct security_mnt_opts *opts);
- int (*sb_remount)(struct super_block *sb,
- struct security_mnt_opts *opts);
+ void (*sb_free_mnt_opts)(void *mnt_opts);
+ int (*sb_eat_lsm_opts)(char *orig, void **mnt_opts);
+ int (*sb_remount)(struct super_block *sb, void *mnt_opts);
int (*sb_kern_mount)(struct super_block *sb);
int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
int (*sb_statfs)(struct dentry *dentry);
int (*sb_umount)(struct vfsmount *mnt, int flags);
int (*sb_pivotroot)(const struct path *old_path, const struct path *new_path);
int (*sb_set_mnt_opts)(struct super_block *sb,
- struct security_mnt_opts *opts,
+ void *mnt_opts,
unsigned long kern_flags,
unsigned long *set_kern_flags);
int (*sb_clone_mnt_opts)(const struct super_block *oldsb,
struct super_block *newsb,
unsigned long kern_flags,
unsigned long *set_kern_flags);
- int (*sb_parse_opts_str)(char *options, struct security_mnt_opts *opts);
+ int (*sb_parse_opts_str)(char *options, void **mnt_opts);
int (*dentry_init_security)(struct dentry *dentry, int mode,
const struct qstr *name, void **ctx,
u32 *ctxlen);
struct hlist_head bprm_committed_creds;
struct hlist_head sb_alloc_security;
struct hlist_head sb_free_security;
+ struct hlist_head sb_free_mnt_opts;
struct hlist_head sb_eat_lsm_opts;
struct hlist_head sb_remount;
struct hlist_head sb_kern_mount;
int register_lsm_notifier(struct notifier_block *nb);
int unregister_lsm_notifier(struct notifier_block *nb);
-static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
-{
- opts->mnt_opts = NULL;
- opts->mnt_opts_flags = NULL;
- opts->num_mnt_opts = 0;
-}
-
-static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
-{
- int i;
- if (opts->mnt_opts)
- for (i = 0; i < opts->num_mnt_opts; i++)
- kfree(opts->mnt_opts[i]);
- kfree(opts->mnt_opts);
- opts->mnt_opts = NULL;
- kfree(opts->mnt_opts_flags);
- opts->mnt_opts_flags = NULL;
- opts->num_mnt_opts = 0;
-}
-
/* prototypes */
extern int security_init(void);
void security_bprm_committed_creds(struct linux_binprm *bprm);
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
-int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts);
-int security_sb_remount(struct super_block *sb, struct security_mnt_opts *opts);
+void security_free_mnt_opts(void **mnt_opts);
+int security_sb_eat_lsm_opts(char *options, void **mnt_opts);
+int security_sb_remount(struct super_block *sb, void *mnt_opts);
int security_sb_kern_mount(struct super_block *sb);
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
int security_sb_statfs(struct dentry *dentry);
int security_sb_umount(struct vfsmount *mnt, int flags);
int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
int security_sb_set_mnt_opts(struct super_block *sb,
- struct security_mnt_opts *opts,
+ void *mnt_opts,
unsigned long kern_flags,
unsigned long *set_kern_flags);
int security_sb_clone_mnt_opts(const struct super_block *oldsb,
struct super_block *newsb,
unsigned long kern_flags,
unsigned long *set_kern_flags);
-int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts);
+int security_sb_parse_opts_str(char *options, void **mnt_opts);
int security_dentry_init_security(struct dentry *dentry, int mode,
const struct qstr *name, void **ctx,
u32 *ctxlen);
return 0;
}
-static inline void security_init_mnt_opts(struct security_mnt_opts *opts)
-{
-}
-
-static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
+static inline void security_free_mnt_opts(void **mnt_opts)
{
}
{ }
static inline int security_sb_eat_lsm_opts(char *options,
- struct security_mnt_opts *opts)
+ void **mnt_opts)
{
return 0;
}
static inline int security_sb_remount(struct super_block *sb,
- struct security_mnt_opts *opts)
+ void *mnt_opts)
{
return 0;
}
}
static inline int security_sb_set_mnt_opts(struct super_block *sb,
- struct security_mnt_opts *opts,
+ void *mnt_opts,
unsigned long kern_flags,
unsigned long *set_kern_flags)
{
return 0;
}
-static inline int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
+static inline int security_sb_parse_opts_str(char *options, void **mnt_opts)
{
return 0;
}
call_void_hook(sb_free_security, sb);
}
-int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts)
+void security_free_mnt_opts(void **mnt_opts)
{
- return call_int_hook(sb_eat_lsm_opts, 0, options, opts);
+ if (!*mnt_opts)
+ return;
+ call_void_hook(sb_free_mnt_opts, *mnt_opts);
+ *mnt_opts = NULL;
+}
+EXPORT_SYMBOL(security_free_mnt_opts);
+
+int security_sb_eat_lsm_opts(char *options, void **mnt_opts)
+{
+ return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts);
}
EXPORT_SYMBOL(security_sb_eat_lsm_opts);
int security_sb_remount(struct super_block *sb,
- struct security_mnt_opts *opts)
+ void *mnt_opts)
{
- return call_int_hook(sb_remount, 0, sb, opts);
+ return call_int_hook(sb_remount, 0, sb, mnt_opts);
}
EXPORT_SYMBOL(security_sb_remount);
}
int security_sb_set_mnt_opts(struct super_block *sb,
- struct security_mnt_opts *opts,
+ void *mnt_opts,
unsigned long kern_flags,
unsigned long *set_kern_flags)
{
return call_int_hook(sb_set_mnt_opts,
- opts->num_mnt_opts ? -EOPNOTSUPP : 0, sb,
- opts, kern_flags, set_kern_flags);
+ mnt_opts ? -EOPNOTSUPP : 0, sb,
+ mnt_opts, kern_flags, set_kern_flags);
}
EXPORT_SYMBOL(security_sb_set_mnt_opts);
}
EXPORT_SYMBOL(security_sb_clone_mnt_opts);
-int security_sb_parse_opts_str(char *options, struct security_mnt_opts *opts)
+int security_sb_parse_opts_str(char *options, void **mnt_opts)
{
- return call_int_hook(sb_parse_opts_str, 0, options, opts);
+ return call_int_hook(sb_parse_opts_str, 0, options, mnt_opts);
}
EXPORT_SYMBOL(security_sb_parse_opts_str);
kfree(sbsec);
}
+static void selinux_free_mnt_opts(void *mnt_opts)
+{
+ struct security_mnt_opts *opts = mnt_opts;
+ int i;
+
+ if (opts->mnt_opts)
+ for (i = 0; i < opts->num_mnt_opts; i++)
+ kfree(opts->mnt_opts[i]);
+ kfree(opts->mnt_opts);
+ kfree(opts->mnt_opts_flags);
+ kfree(opts);
+}
+
static inline int inode_doinit(struct inode *inode)
{
return inode_doinit_with_dentry(inode, NULL);
* labeling information.
*/
static int selinux_set_mnt_opts(struct super_block *sb,
- struct security_mnt_opts *opts,
+ void *mnt_opts,
unsigned long kern_flags,
unsigned long *set_kern_flags)
{
struct inode_security_struct *root_isec;
u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0;
u32 defcontext_sid = 0;
- char **mount_options = opts->mnt_opts;
- int *flags = opts->mnt_opts_flags;
- int num_opts = opts->num_mnt_opts;
+ struct security_mnt_opts *opts = mnt_opts;
+ char **mount_options = opts ? opts->mnt_opts : NULL;
+ int *flags = opts ? opts->mnt_opts_flags : NULL;
+ int num_opts = opts ? opts->num_mnt_opts : 0;
mutex_lock(&sbsec->lock);
}
static int selinux_parse_opts_str(char *options,
- struct security_mnt_opts *opts)
+ void **mnt_opts)
{
char *p;
char *context = NULL, *defcontext = NULL;
char *fscontext = NULL, *rootcontext = NULL;
int rc, num_mnt_opts = 0;
+ struct security_mnt_opts *opts = *mnt_opts;
+
+ if (!opts) {
+ opts = kzalloc(sizeof(struct security_mnt_opts), GFP_KERNEL);
+ *mnt_opts = opts;
+ if (!opts)
+ return -ENOMEM;
+ }
opts->num_mnt_opts = 0;
return 0;
out_err:
- security_free_mnt_opts(opts);
+ security_free_mnt_opts(mnt_opts);
kfree(context);
kfree(defcontext);
kfree(fscontext);
return rc;
}
-static int selinux_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts)
+static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts)
{
char *s = (char *)get_zeroed_page(GFP_KERNEL);
int err;
return -ENOMEM;
err = selinux_sb_copy_data(options, s);
if (!err)
- err = selinux_parse_opts_str(s, opts);
+ err = selinux_parse_opts_str(s, mnt_opts);
free_page((unsigned long)s);
return err;
}
-static int selinux_sb_remount(struct super_block *sb,
- struct security_mnt_opts *opts)
+static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
{
+ struct security_mnt_opts *opts = mnt_opts;
int i, *flags;
char **mount_options;
struct superblock_security_struct *sbsec = sb->s_security;
if (!(sbsec->flags & SE_SBINITIALIZED))
return 0;
+ if (!opts)
+ return 0;
+
mount_options = opts->mnt_opts;
flags = opts->mnt_opts_flags;
LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
+ LSM_HOOK_INIT(sb_free_mnt_opts, selinux_free_mnt_opts),
LSM_HOOK_INIT(sb_remount, selinux_sb_remount),
LSM_HOOK_INIT(sb_kern_mount, selinux_sb_kern_mount),
LSM_HOOK_INIT(sb_show_options, selinux_sb_show_options),
static void delayed_superblock_init(struct super_block *sb, void *unused)
{
- struct security_mnt_opts opts;
-
- security_init_mnt_opts(&opts);
- selinux_set_mnt_opts(sb, &opts, 0, NULL);
- security_free_mnt_opts(&opts);
+ selinux_set_mnt_opts(sb, NULL, 0, NULL);
}
void selinux_complete_init(void)
sb->s_security = NULL;
}
+static void smack_free_mnt_opts(void *mnt_opts)
+{
+ struct security_mnt_opts *opts = mnt_opts;
+ int i;
+
+ if (opts->mnt_opts)
+ for (i = 0; i < opts->num_mnt_opts; i++)
+ kfree(opts->mnt_opts[i]);
+ kfree(opts->mnt_opts);
+ kfree(opts->mnt_opts_flags);
+ kfree(opts);
+}
+
/**
* smack_sb_copy_data - copy mount options data for processing
* @orig: where to start
* converts Smack specific mount options to generic security option format
*/
static int smack_parse_opts_str(char *options,
- struct security_mnt_opts *opts)
+ void **mnt_opts)
{
+ struct security_mnt_opts *opts = *mnt_opts;
char *p;
char *fsdefault = NULL;
char *fsfloor = NULL;
int num_mnt_opts = 0;
int token;
- opts->num_mnt_opts = 0;
-
if (!options)
return 0;
+ if (!opts) {
+ opts = kzalloc(sizeof(struct security_mnt_opts), GFP_KERNEL);
+ *mnt_opts = opts;
+ if (!opts)
+ return -ENOMEM;
+ }
+ opts->num_mnt_opts = 0;
+
while ((p = strsep(&options, ",")) != NULL) {
substring_t args[MAX_OPT_ARGS];
kfree(fshat);
kfree(fsroot);
kfree(fstransmute);
- security_free_mnt_opts(opts);
+ security_free_mnt_opts(mnt_opts);
return rc;
}
-static int smack_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts)
+static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
{
char *s = (char *)get_zeroed_page(GFP_KERNEL);
int err;
return -ENOMEM;
err = smack_sb_copy_data(options, s);
if (!err)
- err = smack_parse_opts_str(s, opts);
+ err = smack_parse_opts_str(s, mnt_opts);
free_page((unsigned long)s);
return err;
}
* labels.
*/
static int smack_set_mnt_opts(struct super_block *sb,
- struct security_mnt_opts *opts,
+ void *mnt_opts,
unsigned long kern_flags,
unsigned long *set_kern_flags)
{
struct inode_smack *isp;
struct smack_known *skp;
int i;
- int num_opts = opts->num_mnt_opts;
+ struct security_mnt_opts *opts = mnt_opts;
+ int num_opts = opts ? opts->num_mnt_opts : 0;
int transmute = 0;
if (sp->smk_flags & SMK_SB_INITIALIZED)
LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
+ LSM_HOOK_INIT(sb_free_mnt_opts, smack_free_mnt_opts),
LSM_HOOK_INIT(sb_eat_lsm_opts, smack_sb_eat_lsm_opts),
LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
projects / thirdparty / kernel / linux.git / commitdiff
