From: "Miloslav Trmač" <mitr@redhat.com>
To: eparis@redhat.com, herbert@gondor.hengli.com.au
Cc: linux-audit@redhat.com, linux-crypto@vger.kernel.org,
"Miloslav Trmač" <mitr@redhat.com>
Subject: [PATCH 2/5] Add unique IDs to AF_ALG sockets
Date: Wed, 24 Nov 2010 18:05:52 +0100 [thread overview]
Message-ID: <1290618355-31193-3-git-send-email-mitr@redhat.com> (raw)
In-Reply-To: <1290618355-31193-1-git-send-email-mitr@redhat.com>
Ideally we should be able to use i_ino of the inode associated with the
socket, but i_ino can have duplicate values if the static counter inside
new_inode() wraps around.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
---
crypto/af_alg.c | 66 +++++++++++++++++++++++++++++++++++++++++++++-
crypto/algif_hash.c | 2 +-
crypto/algif_skcipher.c | 2 +-
include/crypto/if_alg.h | 10 +++---
4 files changed, 71 insertions(+), 9 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index cabed0e..490ae43 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -15,10 +15,12 @@
#include <asm/atomic.h>
#include <crypto/if_alg.h>
#include <linux/crypto.h>
+#include <linux/idr.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/list.h>
#include <linux/module.h>
+#include <linux/mutex.h>
#include <linux/net.h>
#include <linux/rwsem.h>
@@ -38,6 +40,10 @@ static struct proto alg_proto = {
static LIST_HEAD(alg_types);
static DECLARE_RWSEM(alg_types_sem);
+#ifdef CONFIG_AUDIT
+static DEFINE_MUTEX(alg_ida_mutex);
+static DEFINE_IDA(alg_ida);
+#endif
static const struct af_alg_type *alg_get_type(const char *name)
{
@@ -107,6 +113,59 @@ int af_alg_unregister_type(const struct af_alg_type *type)
}
EXPORT_SYMBOL_GPL(af_alg_unregister_type);
+static struct sock *alg_sk_alloc(struct net *net)
+{
+ struct sock *sk;
+
+ sk = sk_alloc(net, PF_ALG, GFP_KERNEL, &alg_proto);
+ if (!sk)
+ goto out;
+
+#ifdef CONFIG_AUDIT
+ mutex_lock(&alg_ida_mutex);
+ /* ida_pre_get() should preallocate enough, and, due to
+ lists_ida_mutex, nobody else can use the preallocated data.
+ Therefore the loop recommended in idr_get_new() documentation is not
+ necessary. */
+ if (ida_pre_get(&alg_ida, GFP_KERNEL) == 0 ||
+ ida_get_new(&alg_ida, &alg_sk(sk)->id) != 0) {
+ mutex_unlock(&alg_ida_mutex);
+ alg_sk(sk)->id = -1;
+ sk_free(sk);
+ sk = NULL;
+ goto out;
+ }
+ mutex_unlock(&alg_ida_mutex);
+#endif
+
+out:
+ return sk;
+}
+
+#ifdef CONFIG_AUDIT
+static void alg_sk_destruct(struct sock *sk)
+{
+ struct alg_sock *ask = alg_sk(sk);
+
+ if (ask->id != -1) {
+ mutex_lock(&alg_ida_mutex);
+ ida_remove(&alg_ida, ask->id);
+ mutex_unlock(&alg_ida_mutex);
+ }
+}
+#else
+static void alg_sk_destruct(struct sock *sk) {}
+#endif
+
+void af_alg_sk_destruct_child(struct sock *sk)
+{
+ struct alg_sock *ask = alg_sk(sk);
+
+ sock_put(ask->parent);
+ alg_sk_destruct(sk);
+}
+EXPORT_SYMBOL_GPL(af_alg_sk_destruct_child);
+
static void alg_do_release(const struct af_alg_type *type, void *private)
{
if (!type)
@@ -236,7 +295,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
if (!type)
goto unlock;
- sk2 = sk_alloc(sock_net(sk), PF_ALG, GFP_KERNEL, &alg_proto);
+ sk2 = alg_sk_alloc(sock_net(sk));
err = -ENOMEM;
if (!sk2)
goto unlock;
@@ -245,6 +304,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
err = type->accept(ask->private, sk2);
if (err) {
+ alg_sk_destruct(sk2);
sk_free(sk2);
goto unlock;
}
@@ -300,6 +360,7 @@ static void alg_sock_destruct(struct sock *sk)
struct alg_sock *ask = alg_sk(sk);
alg_do_release(ask->type, ask->private);
+ alg_sk_destruct(sk);
}
static int alg_create(struct net *net, struct socket *sock, int protocol,
@@ -314,7 +375,7 @@ static int alg_create(struct net *net, struct socket *sock, int protocol,
return -EPROTONOSUPPORT;
err = -ENOMEM;
- sk = sk_alloc(net, PF_ALG, GFP_KERNEL, &alg_proto);
+ sk = alg_sk_alloc(net);
if (!sk)
goto out;
@@ -474,6 +535,7 @@ static void __exit af_alg_exit(void)
{
sock_unregister(PF_ALG);
proto_unregister(&alg_proto);
+ ida_destroy(&alg_ida);
}
module_init(af_alg_init);
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 62122a1..f08a42c 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -256,7 +256,7 @@ static void hash_sock_destruct(struct sock *sk)
sock_kfree_s(sk, ctx->result,
crypto_ahash_digestsize(crypto_ahash_reqtfm(&ctx->req)));
sock_kfree_s(sk, ctx, ctx->len);
- af_alg_release_parent(sk);
+ af_alg_sk_destruct_child(sk);
}
static int hash_accept_parent(void *private, struct sock *sk)
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index d8d3ddf..4069460 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -575,7 +575,7 @@ static void skcipher_sock_destruct(struct sock *sk)
skcipher_free_sgl(sk);
sock_kfree_s(sk, ctx->iv, crypto_ablkcipher_ivsize(tfm));
sock_kfree_s(sk, ctx, ctx->len);
- af_alg_release_parent(sk);
+ af_alg_sk_destruct_child(sk);
}
static int skcipher_accept_parent(void *private, struct sock *sk)
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index c5813c8..336b9f2 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -31,6 +31,9 @@ struct alg_sock {
const struct af_alg_type *type;
void *private;
+#ifdef CONFIG_AUDIT
+ int id;
+#endif
};
struct af_alg_completion {
@@ -62,6 +65,8 @@ struct af_alg_sgl {
int af_alg_register_type(const struct af_alg_type *type);
int af_alg_unregister_type(const struct af_alg_type *type);
+void af_alg_sk_destruct_child(struct sock *sk);
+
int af_alg_release(struct socket *sock);
int af_alg_accept(struct sock *sk, struct socket *newsock);
@@ -79,11 +84,6 @@ static inline struct alg_sock *alg_sk(struct sock *sk)
return (struct alg_sock *)sk;
}
-static inline void af_alg_release_parent(struct sock *sk)
-{
- sock_put(alg_sk(sk)->parent);
-}
-
static inline void af_alg_init_completion(struct af_alg_completion *completion)
{
init_completion(&completion->completion);
--
1.7.3.2
next prev parent reply other threads:[~2010-11-24 17:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-24 17:05 [PATCH 0/5] RFC v2: AF_ALG auditing Miloslav Trmač
2010-11-24 17:05 ` [PATCH 1/5] Add general crypto auditing infrastructure Miloslav Trmač
2010-11-24 17:05 ` Miloslav Trmač [this message]
2010-11-24 17:05 ` [PATCH 3/5] Add "alg_name" operation to af_alg_type Miloslav Trmač
2010-11-24 17:05 ` [PATCH 4/5] Audit type-independent events Miloslav Trmač
2010-11-24 17:05 ` [PATCH 5/5] Audit type-specific crypto operations Miloslav Trmač
2010-12-02 7:48 ` [PATCH 0/5] RFC v2: AF_ALG auditing Herbert Xu
-- strict thread matches above, loose matches on Subject: below --
2010-11-23 12:47 RFC: " Miloslav Trmac
2010-11-23 12:50 ` [PATCH 2/5] Add unique IDs to AF_ALG sockets Miloslav Trmač
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1290618355-31193-3-git-send-email-mitr@redhat.com \
--to=mitr@redhat.com \
--cc=eparis@redhat.com \
--cc=herbert@gondor.hengli.com.au \
--cc=linux-audit@redhat.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox