From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Morris Subject: Re: [PATCH 07/37] Security: De-embed task security record from task and use refcounting Date: Mon, 11 Feb 2008 21:57:37 +1100 (EST) Message-ID: References: <20080208165156.15902.62457.stgit@warthog.procyon.org.uk> <20080208165235.15902.8174.stgit@warthog.procyon.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: Trond.Myklebust@netapp.com, nfsv4@linux-nfs.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, linux-fsdevel@vger.kernel.org To: David Howells Return-path: In-Reply-To: <20080208165235.15902.8174.stgit@warthog.procyon.org.uk> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: nfsv4-bounces@linux-nfs.org Errors-To: nfsv4-bounces@linux-nfs.org List-Id: linux-fsdevel.vger.kernel.org On Fri, 8 Feb 2008, David Howells wrote: > Remove the temporarily embedded task security record from task_struct. Instead > it is made to dangle from the task_struct::sec and task_struct::act_as pointers > with references counted for each. ... These patches are kind of huge. > +static int selinux_task_dup_security(struct task_security *sec) > +{ > + struct task_security_struct *tsec1, *tsec2; > + > + tsec1 = sec->security; > + > + tsec2 = kmemdup(tsec1, sizeof(*tsec1), GFP_KERNEL); > + if (!tsec2) > + return -ENOMEM; > + > + tsec2->osid = tsec1->osid; > + tsec2->sid = tsec1->sid; > + > + tsec2->exec_sid = tsec1->exec_sid; > + tsec2->create_sid = tsec1->create_sid; > + tsec2->keycreate_sid = tsec1->keycreate_sid; > + tsec2->sockcreate_sid = tsec1->sockcreate_sid; > + tsec2->ptrace_sid = SECINITSID_UNLABELED; > + sec->security = tsec2; > + > + return 0; > } Why manually copy these fields after a kmemdup? What about the task backpointer? (i.e. tsec2->task) -- James Morris