From: Konstantin Andreev Date: Mon, 16 Jun 2025 01:07:31 +0000 (+0300) Subject: smack: always "instantiate" inode in smack_inode_init_security() X-Git-Tag: v6.19-rc1~188^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69204f6cdb90f56b7ca27966d1080841108fc5de;p=thirdparty%2Fkernel%2Flinux.git smack: always "instantiate" inode in smack_inode_init_security() If memory allocation for the SMACK64TRANSMUTE xattr value fails in smack_inode_init_security(), the SMK_INODE_INSTANT flag is not set in (struct inode_smack *issp)->smk_flags, leaving the inode as not "instantiated". It does not matter if fs frees the inode after failed smack_inode_init_security() call, but there is no guarantee for this. To be safe, mark the inode as "instantiated", even if allocation of xattr values fails. Signed-off-by: Konstantin Andreev Signed-off-by: Casey Schaufler --- diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 8609ae26e365e..5cd19f3498cbd 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -1015,6 +1015,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, struct task_smack *tsp = smack_cred(current_cred()); struct inode_smack * const issp = smack_inode(inode); struct smack_known *dsp = smk_of_inode(dir); + int rc = 0; + int transflag = 0; bool trans_cred; bool trans_rule; @@ -1043,18 +1045,20 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, issp->smk_inode = dsp; if (S_ISDIR(inode->i_mode)) { - issp->smk_flags |= SMK_INODE_TRANSMUTE; + transflag = SMK_INODE_TRANSMUTE; if (xattr_dupval(xattrs, xattr_count, XATTR_SMACK_TRANSMUTE, TRANS_TRUE, TRANS_TRUE_SIZE )) - return -ENOMEM; + rc = -ENOMEM; } } - issp->smk_flags |= SMK_INODE_INSTANT; + issp->smk_flags |= (SMK_INODE_INSTANT | transflag); + if (rc) + return rc; return xattr_dupval(xattrs, xattr_count, XATTR_SMACK_SUFFIX,