From: Matthew Wilcox <matthew@wil.cx>
To: Linus Torvalds <torvalds@transmeta.com>
Cc: linux-security-module@wirex.com, linux-fsdevel@vger.kernel.org
Subject: [PATCH] LSM file locking patch is bogus
Date: Sat, 27 Jul 2002 23:31:49 +0100 [thread overview]
Message-ID: <20020727233149.G1441@parcelfarce.linux.theplanet.co.uk> (raw)
- Remove third argument from file_lock security op. Whether the lock is
blocking or not cannot make any difference to a security module!
- Fix the call in sys_flock to pass the translated lock command, not the
original.
- Add a call in fcntl_setlease. If they're going to know about two types
of lock, let's tell them about the third too.
diff -urNX dontdiff linux-2.5.29/fs/locks.c linux-2.5.29-scsi/fs/locks.c
--- linux-2.5.29/fs/locks.c 2002-07-27 12:09:31.000000000 -0600
+++ linux-2.5.29-scsi/fs/locks.c 2002-07-27 15:20:41.000000000 -0600
@@ -1242,6 +1242,9 @@
return -EACCES;
if (!S_ISREG(inode->i_mode))
return -EINVAL;
+ error = security_ops->file_lock(filp, arg);
+ if (error)
+ return error;
lock_kernel();
@@ -1359,8 +1362,7 @@
if (error < 0)
goto out_putf;
- error = security_ops->file_lock(filp, cmd,
- (cmd & LOCK_NB) ? 0 : 1);
+ error = security_ops->file_lock(filp, lock->fl_type);
if (error)
goto out_putf;
@@ -1494,8 +1496,7 @@
goto out;
}
- error = security_ops->file_lock(filp, file_lock->fl_type,
- cmd == F_SETLKW);
+ error = security_ops->file_lock(filp, file_lock->fl_type);
if (error)
goto out;
@@ -1618,8 +1619,7 @@
goto out;
}
- error = security_ops->file_lock(filp, file_lock->fl_type,
- cmd == F_SETLKW64);
+ error = security_ops->file_lock(filp, file_lock->fl_type);
if (error)
goto out;
diff -urNX dontdiff linux-2.5.29/include/linux/security.h linux-2.5.29-scsi/include/linux/security.h
--- linux-2.5.29/include/linux/security.h 2002-07-27 12:09:31.000000000 -0600
+++ linux-2.5.29-scsi/include/linux/security.h 2002-07-27 15:20:16.000000000 -0600
@@ -407,7 +407,6 @@
* @file contains the file structure.
* @cmd contains the posix-translated lock operation to perform
* (e.g. F_RDLCK, F_WRLCK).
- * @blocking indicates if the request is for a blocking lock.
* Return 0 if permission is granted.
* @file_fcntl:
* Check permission before allowing the file operation specified by @cmd
@@ -753,7 +752,7 @@
int (*file_mmap) (struct file * file,
unsigned long prot, unsigned long flags);
int (*file_mprotect) (struct vm_area_struct * vma, unsigned long prot);
- int (*file_lock) (struct file * file, unsigned int cmd, int blocking);
+ int (*file_lock) (struct file * file, unsigned int cmd);
int (*file_fcntl) (struct file * file, unsigned int cmd,
unsigned long arg);
int (*file_set_fowner) (struct file * file);
--
Revolutions do not require corporate support.
next reply other threads:[~2002-07-27 22:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-27 22:31 Matthew Wilcox [this message]
2002-07-28 3:02 ` [PATCH] LSM file locking patch is bogus Seth Arnold
2002-07-28 3:13 ` Linus Torvalds
2002-08-09 3:59 ` H. Peter Anvin
2002-07-28 18:47 ` Greg KH
2002-07-29 23:58 ` Chris Wright
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020727233149.G1441@parcelfarce.linux.theplanet.co.uk \
--to=matthew@wil.cx \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@wirex.com \
--cc=torvalds@transmeta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox