| Message ID | 2a901d27-dba5-4ff4-9e47-373c54965253@I-love.SAKURA.ne.jp (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | fs/exec: remove current->in_execve flag | expand |
Hi Tetsuo,
kernel test robot noticed the following build warnings:
[auto build test WARNING on kees/for-next/execve]
[also build test WARNING on linux/master tip/sched/core linus/master v6.8-rc2 next-20240202]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Tetsuo-Handa/LSM-add-security_execve_abort-hook/20240203-185605
base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/execve
patch link: https://lore.kernel.org/r/2a901d27-dba5-4ff4-9e47-373c54965253%40I-love.SAKURA.ne.jp
patch subject: [PATCH v2 2/3] tomoyo: replace current->in_execve flag with security_execve_abort() hook
config: alpha-allyesconfig (https://download.01.org/0day-ci/archive/20240204/202402040956.6IuNw6B3-lkp@intel.com/config)
compiler: alpha-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240204/202402040956.6IuNw6B3-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202402040956.6IuNw6B3-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> security/tomoyo/tomoyo.c:30: warning: Excess function parameter 'bprm' description in 'tomoyo_execve_abort'
vim +30 security/tomoyo/tomoyo.c
ee18d64c1f6320 David Howells 2009-09-02 23
0f2a55d5bb2372 Tetsuo Handa 2011-07-14 24 /**
89cebc094231d4 Tetsuo Handa 2024-02-03 25 * tomoyo_execve_abort - Target for security_execve_abort().
0f2a55d5bb2372 Tetsuo Handa 2011-07-14 26 *
89cebc094231d4 Tetsuo Handa 2024-02-03 27 * @bprm: void
0f2a55d5bb2372 Tetsuo Handa 2011-07-14 28 */
89cebc094231d4 Tetsuo Handa 2024-02-03 29 static void tomoyo_execve_abort(void)
f7433243770c77 Kentaro Takeda 2009-02-05 @30 {
89cebc094231d4 Tetsuo Handa 2024-02-03 31 /* Restore old_domain_info saved by execve() request. */
8c6cb983cd52d7 Tetsuo Handa 2019-01-19 32 struct tomoyo_task *s = tomoyo_task(current);
43fc460907dc56 Casey Schaufler 2018-09-21 33
89cebc094231d4 Tetsuo Handa 2024-02-03 34 if (s->old_domain_info) {
8c6cb983cd52d7 Tetsuo Handa 2019-01-19 35 atomic_dec(&s->domain_info->users);
8c6cb983cd52d7 Tetsuo Handa 2019-01-19 36 s->domain_info = s->old_domain_info;
8c6cb983cd52d7 Tetsuo Handa 2019-01-19 37 s->old_domain_info = NULL;
f7433243770c77 Kentaro Takeda 2009-02-05 38 }
ec8e6a4e062e2e Tetsuo Handa 2010-02-11 39 }
ec8e6a4e062e2e Tetsuo Handa 2010-02-11 40
On Sat, Feb 03, 2024 at 07:53:17PM +0900, Tetsuo Handa wrote: > TOMOYO was using current->in_execve flag in order to restore previous state > when previous execve() request failed. Since security_execve_abort() hook > was added, switch to use it. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> With the kern-doc fixed, this looks good. (I can fix up the kern-doc if this goes via my tree.) Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 04a92c3d65d4..9da11aaffeb9 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -18,34 +18,24 @@ struct tomoyo_domain_info *tomoyo_domain(void) { struct tomoyo_task *s = tomoyo_task(current); - if (s->old_domain_info && !current->in_execve) { - atomic_dec(&s->old_domain_info->users); - s->old_domain_info = NULL; - } return s->domain_info; } /** - * tomoyo_cred_prepare - Target for security_prepare_creds(). - * - * @new: Pointer to "struct cred". - * @old: Pointer to "struct cred". - * @gfp: Memory allocation flags. + * tomoyo_execve_abort - Target for security_execve_abort(). * - * Returns 0. + * @bprm: void */ -static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, - gfp_t gfp) +static void tomoyo_execve_abort(void) { - /* Restore old_domain_info saved by previous execve() request. */ + /* Restore old_domain_info saved by execve() request. */ struct tomoyo_task *s = tomoyo_task(current); - if (s->old_domain_info && !current->in_execve) { + if (s->old_domain_info) { atomic_dec(&s->domain_info->users); s->domain_info = s->old_domain_info; s->old_domain_info = NULL; } - return 0; } /** @@ -554,8 +544,8 @@ static const struct lsm_id tomoyo_lsmid = { * registering TOMOYO. */ static struct security_hook_list tomoyo_hooks[] __ro_after_init = { - LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare), LSM_HOOK_INIT(bprm_committed_creds, tomoyo_bprm_committed_creds), + LSM_HOOK_INIT(execve_abort, tomoyo_execve_abort), LSM_HOOK_INIT(task_alloc, tomoyo_task_alloc), LSM_HOOK_INIT(task_free, tomoyo_task_free), #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER
TOMOYO was using current->in_execve flag in order to restore previous state when previous execve() request failed. Since security_execve_abort() hook was added, switch to use it. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> --- security/tomoyo/tomoyo.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-)