From mboxrd@z Thu Jan  1 00:00:00 1970
From: ebiederm@xmission.com (Eric W. Biederman)
Subject: Re: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.
Date: Thu, 17 Oct 2013 13:10:30 -0700
Message-ID: <87ppr38xqh.fsf@xmission.com>
References: <201310172035.IJI13032.HQJFFOOLtSOMFV@I-love.SAKURA.ne.jp>
	<201310172037.CGD82846.LOJHFStOFMVOFQ@I-love.SAKURA.ne.jp>
Mime-Version: 1.0
Content-Type: text/plain
Cc: linux-security-module@vger.kernel.org,
	linux-fsdevel@vger.kernel.org
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from out01.mta.xmission.com ([166.70.13.231]:54079 "EHLO
	out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1762691Ab3JQUKj (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 17 Oct 2013 16:10:39 -0400
In-Reply-To: <201310172037.CGD82846.LOJHFStOFMVOFQ@I-love.SAKURA.ne.jp>
	(Tetsuo Handa's message of "Thu, 17 Oct 2013 20:37:32 +0900")
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> writes:

>>>From 6bea9ec93a3596efb512292aee0ab88e219130cd Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> Date: Mon, 30 Sep 2013 20:07:24 +0900
> Subject: [PATCH 1/4] LSM: Add security_bprm_aborting_creds() hook.
>
> Add a LSM hook which is called only when an execve operation failed after
> prepare_bprm_creds() succeeded. This hook is used by TOMOYO for synchronously
> cleaning up resources allocated during an execve operation.
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
>  fs/exec.c                |    1 +
>  include/linux/security.h |   11 +++++++++++
>  security/capability.c    |    5 +++++
>  security/security.c      |    5 +++++
>  4 files changed, 22 insertions(+), 0 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index 8875dd1..89f0479 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1172,6 +1172,7 @@ void free_bprm(struct linux_binprm *bprm)
>  {
>  	free_arg_pages(bprm);
>  	if (bprm->cred) {
> +		security_bprm_aborting_creds(bprm);

Can you move this look outside of the cred_guard_mutex?  It looks like
you can and I expect not unnecessarily extending the scope of the mutex
would be a good idea.

>  		mutex_unlock(&current->signal->cred_guard_mutex);
>  		abort_creds(bprm->cred);
>  	}