[PATCH] Replace inode_post_lookup hook with d_instantiate hook

This patch removes the security_inode_post_lookup hook entirely and adds a security_d_instantiate hook call to the d_instantiate function and the d_splice_alias function. The inode_post_lookup hook was subject to races since the inode is already accessible through the dcache before it is called, didn't handle filesystems that directly populate the dcache, and wasn't always called in the desired context (e.g. for pipe, shmem, and devpts inodes). The d_instantiate hook enables initialization of the inode security information. This hook is used by SELinux and by DTE to setup the inode security state, and eliminated the need for the inode_precondition function in SELinux.

[PATCH] Replace inode_post_lookup hook with d_instantiate hook
This patch removes the security_inode_post_lookup hook entirely and adds a security_d_instantiate hook call to the d_instantiate function and the d_splice_alias function. The inode_post_lookup hook was subject to races since the inode is already accessible through the dcache before it is called, didn't handle filesystems that directly populate the dcache, and wasn't always called in the desired context (e.g. for pipe, shmem, and devpts inodes). The d_instantiate hook enables initialization of the inode security information. This hook is used by SELinux and by DTE to setup the inode security state, and eliminated the need for the inode_precondition function in SELinux.
4f152a7e · Stephen D. Smalley · Linus Torvalds · 8c3468ed · 4f152a7e · 4f152a7e
Commit 4f152a7e authored Jan 15, 2003 by Stephen D. Smalley Committed by Linus Torvalds Jan 15, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 27 deletions

fs/dcache.c fs/dcache.c +3 -0

fs/namei.c fs/namei.c +3 -6

include/linux/security.h include/linux/security.h +10 -15

security/dummy.c security/dummy.c +7 -6

No files found.
--- a/fs/dcache.c
+++ b/fs/dcache.c
@@ -25,6 +25,7 @@
 #include <linux/module.h>
 #include <linux/mount.h>
 #include <asm/uaccess.h>
+#include <linux/security.h>
 #define DCACHE_PARANOIA 1
 /* #define DCACHE_DEBUG 1 */
@@ -699,6 +700,7 @@ struct dentry * d_alloc(struct dentry * parent, const struct qstr *name)
 void d_instantiate(struct dentry *entry, struct inode * inode)
 {
 	if (!list_empty(&entry->d_alias)) BUG();
+	security_d_instantiate(entry, inode);
 	spin_lock(&dcache_lock);
 	if (inode)
 		list_add(&entry->d_alias, &inode->i_dentry);
@@ -825,6 +827,7 @@ struct dentry *d_splice_alias(struct inode *inode, struct dentry *dentry)
 	struct dentry *new = NULL;
 	if (inode && S_ISDIR(inode->i_mode)) {
+		security_d_instantiate(dentry, inode);
 		spin_lock(&dcache_lock);
 		if (!list_empty(&inode->i_dentry)) {
 			new = list_entry(inode->i_dentry.next, struct dentry, d_alias);

--- a/fs/namei.c
+++ b/fs/namei.c
@@ -372,10 +372,8 @@ static struct dentry * real_lookup(struct dentry * parent, struct qstr * name, i
 			result = dir->i_op->lookup(dir, dentry);
 			if (result)
 				dput(dentry);
-			else {
+			else
 				result = dentry;
-				security_inode_post_lookup(dir, result);
-			}
 		}
 		up(&dir->i_sem);
 		return result;
@@ -916,10 +914,9 @@ struct dentry * lookup_hash(struct qstr *name, struct dentry * base)
 		if (!new)
 			goto out;
 		dentry = inode->i_op->lookup(inode, new);
-		if (!dentry) {
+		if (!dentry)
 			dentry = new;
-			security_inode_post_lookup(inode, dentry);
+		else
-		} else
 			dput(new);
 	}
 out:

--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -339,10 +339,6 @@ struct swap_info_struct;
 *	@mnt is the vfsmount where the dentry was looked up
 *	@dentry contains the dentry structure for the file.
 *	Return 0 if permission is granted.
- * @inode_post_lookup:
- *	Set the security attributes for a file after it has been looked up.
- *	@inode contains the inode structure for parent directory.
- *	@d contains the dentry structure for the file.
 * @inode_delete:
 *	@inode contains the inode structure for deleted inode.
 *	This hook is called when a deleted inode is released (i.e. an inode
@@ -868,7 +864,6 @@ struct security_operations {
 	int (*inode_permission_lite) (struct inode *inode, int mask);
 	int (*inode_setattr)	(struct dentry *dentry, struct iattr *attr);
 	int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
-	void (*inode_post_lookup) (struct inode *inode, struct dentry *d);
        void (*inode_delete) (struct inode *inode);
 	int (*inode_setxattr) (struct dentry *dentry, char *name, void *value,
 			       size_t size, int flags);
@@ -953,6 +948,8 @@ struct security_operations {
 	                          struct security_operations *ops);
 	int (*unregister_security) (const char *name,
 	                            struct security_operations *ops);
+	void (*d_instantiate) (struct dentry * dentry, struct inode * inode);
 };
 /* global variables */
@@ -1246,12 +1243,6 @@ static inline int security_inode_getattr (struct vfsmount *mnt,
 	return security_ops->inode_getattr (mnt, dentry);
 }
-static inline void security_inode_post_lookup (struct inode *inode,
-					       struct dentry *dentry)
-{
-	security_ops->inode_post_lookup (inode, dentry);
-}
 static inline void security_inode_delete (struct inode *inode)
 {
 	security_ops->inode_delete (inode);
@@ -1549,6 +1540,11 @@ static inline int security_sem_semop (struct sem_array * sma,
 	return security_ops->sem_semop(sma, sops, nsops, alter);
 }
+static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
+{
+	security_ops->d_instantiate (dentry, inode);
+}
 /* prototypes */
 extern int security_scaffolding_startup	(void);
 extern int register_security	(struct security_operations *ops);
@@ -1828,10 +1824,6 @@ static inline int security_inode_getattr (struct vfsmount *mnt,
 	return 0;
 }
-static inline void security_inode_post_lookup (struct inode *inode,
-					       struct dentry *dentry)
-{ }
 static inline void security_inode_delete (struct inode *inode)
 { }
@@ -2115,6 +2107,9 @@ static inline int security_sem_semop (struct sem_array * sma,
 	return 0;
 }
+static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
+{ }
 #endif	/* CONFIG_SECURITY */
 #endif /* ! __LINUX_SECURITY_H */

--- a/security/dummy.c
+++ b/security/dummy.c
@@ -311,11 +311,6 @@ static int dummy_inode_getattr (struct vfsmount *mnt, struct dentry *dentry)
 	return 0;
 }
-static void dummy_inode_post_lookup (struct inode *ino, struct dentry *d)
-{
-	return;
-}
 static void dummy_inode_delete (struct inode *ino)
 {
 	return;
@@ -612,6 +607,12 @@ static int dummy_unregister_security (const char *name, struct security_operatio
 	return -EINVAL;
 }
+static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
+{
+	return;
+}
 struct security_operations dummy_security_ops;
 #define set_to_dummy_if_null(ops, function)				\
@@ -674,7 +675,6 @@ void security_fixup_ops (struct security_operations *ops)
 	set_to_dummy_if_null(ops, inode_permission_lite);
 	set_to_dummy_if_null(ops, inode_setattr);
 	set_to_dummy_if_null(ops, inode_getattr);
-	set_to_dummy_if_null(ops, inode_post_lookup);
 	set_to_dummy_if_null(ops, inode_delete);
 	set_to_dummy_if_null(ops, inode_setxattr);
 	set_to_dummy_if_null(ops, inode_getxattr);
@@ -731,5 +731,6 @@ void security_fixup_ops (struct security_operations *ops)
 	set_to_dummy_if_null(ops, sem_semop);
 	set_to_dummy_if_null(ops, register_security);
 	set_to_dummy_if_null(ops, unregister_security);
+	set_to_dummy_if_null(ops, d_instantiate);
 }