From de27a5bf9caef3f1fca1f315aa58eee54fbf929a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 30 Jan 2010 15:27:27 -0500 Subject: fix mnt_mountpoint abuse in smack (mnt,mnt_mountpoint) pair is conceptually wrong; if you want to use it for generating pathname and for nothing else *and* if you know that vfsmount tree is unchanging, you can get away with that, but the right solution for that is (mnt,mnt_root). Signed-off-by: Al Viro --- security/smack/smack_lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 529c9ca..8dffcb7 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -387,7 +387,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags) struct smk_audit_info ad; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); - smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint); + smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_root); smk_ad_setfield_u_fs_path_mnt(&ad, mnt); sbp = mnt->mnt_sb->s_security; -- cgit v1.1 From 37afdc7960ab493f827b5df9dc1b71b63b44331c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 5 Feb 2010 01:41:33 -0500 Subject: get rid of insanity with namespace roots in tomoyo passing *any* namespace root to __d_path() as root is equivalent to just passing it {NULL, NULL}; no need to bother with finding the root of our namespace in there. Signed-off-by: Al Viro --- security/tomoyo/realpath.c | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) (limited to 'security') diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 18369d49..6a4f849 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -89,27 +89,12 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname, sp = dentry->d_op->d_dname(dentry, newname + offset, newname_len - offset); } else { - /* Taken from d_namespace_path(). */ - struct path root; - struct path ns_root = { }; - struct path tmp; - - read_lock(¤t->fs->lock); - root = current->fs->root; - path_get(&root); - read_unlock(¤t->fs->lock); - spin_lock(&vfsmount_lock); - if (root.mnt && root.mnt->mnt_ns) - ns_root.mnt = mntget(root.mnt->mnt_ns->root); - if (ns_root.mnt) - ns_root.dentry = dget(ns_root.mnt->mnt_root); - spin_unlock(&vfsmount_lock); + struct path ns_root = {.mnt = NULL, .dentry = NULL}; + spin_lock(&dcache_lock); - tmp = ns_root; - sp = __d_path(path, &tmp, newname, newname_len); + /* go to whatever namespace root we are under */ + sp = __d_path(path, &ns_root, newname, newname_len); spin_unlock(&dcache_lock); - path_put(&root); - path_put(&ns_root); /* Prepend "/proc" prefix if using internal proc vfs mount. */ if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) && (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) { -- cgit v1.1 From 440b3c6c160f7d0a985f24ad1f4c24e00ee2d936 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 5 Feb 2010 09:37:21 -0500 Subject: get rid of ->mnt_parent in tomoyo/realpath Signed-off-by: Al Viro --- security/tomoyo/realpath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 6a4f849..455bc39 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -96,7 +96,7 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname, sp = __d_path(path, &ns_root, newname, newname_len); spin_unlock(&dcache_lock); /* Prepend "/proc" prefix if using internal proc vfs mount. */ - if (!IS_ERR(sp) && (path->mnt->mnt_parent == path->mnt) && + if (!IS_ERR(sp) && (path->mnt->mnt_flags & MNT_INTERNAL) && (strcmp(path->mnt->mnt_sb->s_type->name, "proc") == 0)) { sp -= 5; if (sp >= newname) -- cgit v1.1