From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthew Wilcox Subject: [PATCH] LSM file locking patch is bogus Date: Sat, 27 Jul 2002 23:31:49 +0100 Sender: linux-fsdevel-owner@vger.kernel.org Message-ID: <20020727233149.G1441@parcelfarce.linux.theplanet.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-security-module@wirex.com, linux-fsdevel@vger.kernel.org Return-path: To: Linus Torvalds Content-Disposition: inline List-Id: linux-fsdevel.vger.kernel.org - Remove third argument from file_lock security op. Whether the lock is blocking or not cannot make any difference to a security module! - Fix the call in sys_flock to pass the translated lock command, not the original. - Add a call in fcntl_setlease. If they're going to know about two types of lock, let's tell them about the third too. diff -urNX dontdiff linux-2.5.29/fs/locks.c linux-2.5.29-scsi/fs/locks.c --- linux-2.5.29/fs/locks.c 2002-07-27 12:09:31.000000000 -0600 +++ linux-2.5.29-scsi/fs/locks.c 2002-07-27 15:20:41.000000000 -0600 @@ -1242,6 +1242,9 @@ return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; + error = security_ops->file_lock(filp, arg); + if (error) + return error; lock_kernel(); @@ -1359,8 +1362,7 @@ if (error < 0) goto out_putf; - error = security_ops->file_lock(filp, cmd, - (cmd & LOCK_NB) ? 0 : 1); + error = security_ops->file_lock(filp, lock->fl_type); if (error) goto out_putf; @@ -1494,8 +1496,7 @@ goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type, - cmd == F_SETLKW); + error = security_ops->file_lock(filp, file_lock->fl_type); if (error) goto out; @@ -1618,8 +1619,7 @@ goto out; } - error = security_ops->file_lock(filp, file_lock->fl_type, - cmd == F_SETLKW64); + error = security_ops->file_lock(filp, file_lock->fl_type); if (error) goto out; diff -urNX dontdiff linux-2.5.29/include/linux/security.h linux-2.5.29-scsi/include/linux/security.h --- linux-2.5.29/include/linux/security.h 2002-07-27 12:09:31.000000000 -0600 +++ linux-2.5.29-scsi/include/linux/security.h 2002-07-27 15:20:16.000000000 -0600 @@ -407,7 +407,6 @@ * @file contains the file structure. * @cmd contains the posix-translated lock operation to perform * (e.g. F_RDLCK, F_WRLCK). - * @blocking indicates if the request is for a blocking lock. * Return 0 if permission is granted. * @file_fcntl: * Check permission before allowing the file operation specified by @cmd @@ -753,7 +752,7 @@ int (*file_mmap) (struct file * file, unsigned long prot, unsigned long flags); int (*file_mprotect) (struct vm_area_struct * vma, unsigned long prot); - int (*file_lock) (struct file * file, unsigned int cmd, int blocking); + int (*file_lock) (struct file * file, unsigned int cmd); int (*file_fcntl) (struct file * file, unsigned int cmd, unsigned long arg); int (*file_set_fowner) (struct file * file); -- Revolutions do not require corporate support.