From: "Serge E. Hallyn" <serue@us.ibm.com>
To: "David P. Quigley" <dpquigl@tycho.nsa.gov>
Cc: linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, jmorris@namei.org,
sds@tycho.nsa.gov
Subject: Re: [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer
Date: Fri, 26 Oct 2007 10:02:25 -0500 [thread overview]
Message-ID: <20071026150225.GA539@sergelap.austin.ibm.com> (raw)
In-Reply-To: <1193410245.27034.29.camel@moss-terrapins.epoch.ncsc.mil>
Quoting David P. Quigley (dpquigl@tycho.nsa.gov):
> On Thu, 2007-10-25 at 19:02 -0500, Serge E. Hallyn wrote:
> > Quoting David P. Quigley (dpquigl@tycho.nsa.gov):
> > > static int task_alloc_security(struct task_struct *task)
> > > @@ -2423,14 +2397,22 @@ static const char *selinux_inode_xattr_getsuffix(void)
> > > *
> > > * Permission check is handled by selinux_inode_getxattr hook.
> > > */
> > > -static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
> > > +static int selinux_inode_getsecurity(const struct inode *inode,
> > > + const char *name,
> > > + void **buffer)
> > > {
> > > + u32 size;
> > > + int error;
> > > struct inode_security_struct *isec = inode->i_security;
> > >
> > > if (strcmp(name, XATTR_SELINUX_SUFFIX))
> > > return -EOPNOTSUPP;
> > >
> > > - return selinux_getsecurity(isec->sid, buffer, size);
> > > + error = security_sid_to_context(isec->sid, (char **)buffer, &size);
> >
> > The only other downside I see here is that when the user just passes in
> > NULL for a buffer, security_sid_to_context() will still
> > kmalloc the buffer only to have it immediately freed by
> > xattr_getsecurity() through release_secctx(). I trust that isn't seen
> > as any major performance impact?
>
> There is no way to avoid this in the SELinux case. SELinux doesn't store
> the sid to string mapping directly. Rather it takes the sid and then
> builds the string from fields in the related structure. So regardless
> this data is being allocated internally. The only issue I potentially
> see is that if someone passes in null expecting just to get the length
> we are actually returning a value. However we are changing the semantics
> of the function so the old semantics are no longer valid.
Hmm? Which semantics are no longer valid?
You're changing the semantincs of the in-kernel API, but userspace can
still send in NULL to query the length of the buffer needed. So if
userspace does two getxattrs, one to get the length, then another to get
the value, selinux will be kmallocing twice.
For a file manager doing a listing on a huge directory and wanting to
list the selinux type, i could see that being a performance issue. Of
course they could get around that by sending in a 'reasonably large'
buffer for a first try.
-serge
next prev parent reply other threads:[~2007-10-26 15:02 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-22 19:06 [RFC 0/2] getsecurity/vfs_getxattr cleanup David P. Quigley
2007-10-22 19:10 ` [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer David P. Quigley
2007-10-23 23:38 ` James Morris
2007-10-26 0:02 ` Serge E. Hallyn
2007-10-26 14:50 ` David P. Quigley
2007-10-26 15:02 ` Serge E. Hallyn [this message]
2007-10-26 15:04 ` Stephen Smalley
2007-10-26 15:35 ` Serge E. Hallyn
2007-10-26 15:13 ` David P. Quigley
2007-10-26 15:20 ` David P. Quigley
2007-10-26 15:54 ` David P. Quigley
2007-10-26 16:36 ` Serge E. Hallyn
2007-10-26 17:36 ` David P. Quigley
2007-10-26 15:07 ` Serge E. Hallyn
2007-10-26 15:16 ` David P. Quigley
2007-10-26 22:14 ` James Morris
2007-10-31 20:55 ` David P. Quigley
2007-11-01 3:56 ` James Morris
2007-10-22 19:11 ` [PATCH 2/2] VFS: Reorder vfs_getxattr to avoid unnecessary calls to the LSM David P. Quigley
2007-10-23 23:42 ` James Morris
2007-10-25 23:43 ` Serge E. Hallyn
2007-10-23 20:17 ` [RFC 0/2] getsecurity/vfs_getxattr cleanup David P. Quigley
-- strict thread matches above, loose matches on Subject: below --
2007-11-01 14:35 [PATCH 0/2] getsecurity/vfs_getxattr cleanup V2 David P. Quigley
2007-11-01 14:40 ` [PATCH 1/2] VFS/Security: Rework inode_getsecurity and callers to return resulting buffer David P. Quigley
2007-11-01 20:58 ` James Morris
2007-11-01 22:43 ` Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071026150225.GA539@sergelap.austin.ibm.com \
--to=serue@us.ibm.com \
--cc=dpquigl@tycho.nsa.gov \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).