mirror of
https://github.com/brain-hackers/linux-brain.git
synced 2024-06-09 23:36:23 +09:00
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull trivial vfs updates from Al Viro: "A few cleanups + Neil's namespace_unlock() optimization" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: exec: make prepare_bprm_creds static genheaders: %-<width>s had been there since v6; %-*s - since v7 VFS: use synchronize_rcu_expedited() in namespace_unlock() iov_iter: reduce code duplication
This commit is contained in:
commit
9b286efeb5
|
@ -1402,7 +1402,7 @@ EXPORT_SYMBOL(finalize_exec);
|
||||||
* Or, if exec fails before, free_bprm() should release ->cred and
|
* Or, if exec fails before, free_bprm() should release ->cred and
|
||||||
* and unlock.
|
* and unlock.
|
||||||
*/
|
*/
|
||||||
int prepare_bprm_creds(struct linux_binprm *bprm)
|
static int prepare_bprm_creds(struct linux_binprm *bprm)
|
||||||
{
|
{
|
||||||
if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex))
|
if (mutex_lock_interruptible(¤t->signal->cred_guard_mutex))
|
||||||
return -ERESTARTNOINTR;
|
return -ERESTARTNOINTR;
|
||||||
|
|
|
@ -1360,7 +1360,7 @@ static void namespace_unlock(void)
|
||||||
if (likely(hlist_empty(&head)))
|
if (likely(hlist_empty(&head)))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
synchronize_rcu();
|
synchronize_rcu_expedited();
|
||||||
|
|
||||||
group_pin_kill(&head);
|
group_pin_kill(&head);
|
||||||
}
|
}
|
||||||
|
|
|
@ -139,7 +139,6 @@ extern int transfer_args_to_stack(struct linux_binprm *bprm,
|
||||||
extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);
|
extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);
|
||||||
extern int copy_strings_kernel(int argc, const char *const *argv,
|
extern int copy_strings_kernel(int argc, const char *const *argv,
|
||||||
struct linux_binprm *bprm);
|
struct linux_binprm *bprm);
|
||||||
extern int prepare_bprm_creds(struct linux_binprm *bprm);
|
|
||||||
extern void install_exec_creds(struct linux_binprm *bprm);
|
extern void install_exec_creds(struct linux_binprm *bprm);
|
||||||
extern void set_binfmt(struct linux_binfmt *new);
|
extern void set_binfmt(struct linux_binfmt *new);
|
||||||
extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t);
|
extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t);
|
||||||
|
|
|
@ -561,13 +561,20 @@ static size_t copy_pipe_to_iter(const void *addr, size_t bytes,
|
||||||
return bytes;
|
return bytes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static __wsum csum_and_memcpy(void *to, const void *from, size_t len,
|
||||||
|
__wsum sum, size_t off)
|
||||||
|
{
|
||||||
|
__wsum next = csum_partial_copy_nocheck(from, to, len, 0);
|
||||||
|
return csum_block_add(sum, next, off);
|
||||||
|
}
|
||||||
|
|
||||||
static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
|
static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
|
||||||
__wsum *csum, struct iov_iter *i)
|
__wsum *csum, struct iov_iter *i)
|
||||||
{
|
{
|
||||||
struct pipe_inode_info *pipe = i->pipe;
|
struct pipe_inode_info *pipe = i->pipe;
|
||||||
size_t n, r;
|
size_t n, r;
|
||||||
size_t off = 0;
|
size_t off = 0;
|
||||||
__wsum sum = *csum, next;
|
__wsum sum = *csum;
|
||||||
int idx;
|
int idx;
|
||||||
|
|
||||||
if (!sanity(i))
|
if (!sanity(i))
|
||||||
|
@ -579,8 +586,7 @@ static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
|
||||||
for ( ; n; idx = next_idx(idx, pipe), r = 0) {
|
for ( ; n; idx = next_idx(idx, pipe), r = 0) {
|
||||||
size_t chunk = min_t(size_t, n, PAGE_SIZE - r);
|
size_t chunk = min_t(size_t, n, PAGE_SIZE - r);
|
||||||
char *p = kmap_atomic(pipe->bufs[idx].page);
|
char *p = kmap_atomic(pipe->bufs[idx].page);
|
||||||
next = csum_partial_copy_nocheck(addr, p + r, chunk, 0);
|
sum = csum_and_memcpy(p + r, addr, chunk, sum, off);
|
||||||
sum = csum_block_add(sum, next, off);
|
|
||||||
kunmap_atomic(p);
|
kunmap_atomic(p);
|
||||||
i->idx = idx;
|
i->idx = idx;
|
||||||
i->iov_offset = r + chunk;
|
i->iov_offset = r + chunk;
|
||||||
|
@ -1401,17 +1407,15 @@ size_t csum_and_copy_from_iter(void *addr, size_t bytes, __wsum *csum,
|
||||||
err ? v.iov_len : 0;
|
err ? v.iov_len : 0;
|
||||||
}), ({
|
}), ({
|
||||||
char *p = kmap_atomic(v.bv_page);
|
char *p = kmap_atomic(v.bv_page);
|
||||||
next = csum_partial_copy_nocheck(p + v.bv_offset,
|
sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
|
||||||
(to += v.bv_len) - v.bv_len,
|
p + v.bv_offset, v.bv_len,
|
||||||
v.bv_len, 0);
|
sum, off);
|
||||||
kunmap_atomic(p);
|
kunmap_atomic(p);
|
||||||
sum = csum_block_add(sum, next, off);
|
|
||||||
off += v.bv_len;
|
off += v.bv_len;
|
||||||
}),({
|
}),({
|
||||||
next = csum_partial_copy_nocheck(v.iov_base,
|
sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
|
||||||
(to += v.iov_len) - v.iov_len,
|
v.iov_base, v.iov_len,
|
||||||
v.iov_len, 0);
|
sum, off);
|
||||||
sum = csum_block_add(sum, next, off);
|
|
||||||
off += v.iov_len;
|
off += v.iov_len;
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
|
@ -1445,17 +1449,15 @@ bool csum_and_copy_from_iter_full(void *addr, size_t bytes, __wsum *csum,
|
||||||
0;
|
0;
|
||||||
}), ({
|
}), ({
|
||||||
char *p = kmap_atomic(v.bv_page);
|
char *p = kmap_atomic(v.bv_page);
|
||||||
next = csum_partial_copy_nocheck(p + v.bv_offset,
|
sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
|
||||||
(to += v.bv_len) - v.bv_len,
|
p + v.bv_offset, v.bv_len,
|
||||||
v.bv_len, 0);
|
sum, off);
|
||||||
kunmap_atomic(p);
|
kunmap_atomic(p);
|
||||||
sum = csum_block_add(sum, next, off);
|
|
||||||
off += v.bv_len;
|
off += v.bv_len;
|
||||||
}),({
|
}),({
|
||||||
next = csum_partial_copy_nocheck(v.iov_base,
|
sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
|
||||||
(to += v.iov_len) - v.iov_len,
|
v.iov_base, v.iov_len,
|
||||||
v.iov_len, 0);
|
sum, off);
|
||||||
sum = csum_block_add(sum, next, off);
|
|
||||||
off += v.iov_len;
|
off += v.iov_len;
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
|
@ -1493,17 +1495,15 @@ size_t csum_and_copy_to_iter(const void *addr, size_t bytes, void *csump,
|
||||||
err ? v.iov_len : 0;
|
err ? v.iov_len : 0;
|
||||||
}), ({
|
}), ({
|
||||||
char *p = kmap_atomic(v.bv_page);
|
char *p = kmap_atomic(v.bv_page);
|
||||||
next = csum_partial_copy_nocheck((from += v.bv_len) - v.bv_len,
|
sum = csum_and_memcpy(p + v.bv_offset,
|
||||||
p + v.bv_offset,
|
(from += v.bv_len) - v.bv_len,
|
||||||
v.bv_len, 0);
|
v.bv_len, sum, off);
|
||||||
kunmap_atomic(p);
|
kunmap_atomic(p);
|
||||||
sum = csum_block_add(sum, next, off);
|
|
||||||
off += v.bv_len;
|
off += v.bv_len;
|
||||||
}),({
|
}),({
|
||||||
next = csum_partial_copy_nocheck((from += v.iov_len) - v.iov_len,
|
sum = csum_and_memcpy(v.iov_base,
|
||||||
v.iov_base,
|
(from += v.iov_len) - v.iov_len,
|
||||||
v.iov_len, 0);
|
v.iov_len, sum, off);
|
||||||
sum = csum_block_add(sum, next, off);
|
|
||||||
off += v.iov_len;
|
off += v.iov_len;
|
||||||
})
|
})
|
||||||
)
|
)
|
||||||
|
|
|
@ -19,8 +19,6 @@ struct security_class_mapping {
|
||||||
#include "classmap.h"
|
#include "classmap.h"
|
||||||
#include "initial_sid_to_string.h"
|
#include "initial_sid_to_string.h"
|
||||||
|
|
||||||
#define max(x, y) (((int)(x) > (int)(y)) ? x : y)
|
|
||||||
|
|
||||||
const char *progname;
|
const char *progname;
|
||||||
|
|
||||||
static void usage(void)
|
static void usage(void)
|
||||||
|
@ -46,11 +44,9 @@ static char *stoupperx(const char *s)
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
int i, j, k;
|
int i, j;
|
||||||
int isids_len;
|
int isids_len;
|
||||||
FILE *fout;
|
FILE *fout;
|
||||||
const char *needle = "SOCKET";
|
|
||||||
char *substr;
|
|
||||||
|
|
||||||
progname = argv[0];
|
progname = argv[0];
|
||||||
|
|
||||||
|
@ -80,20 +76,14 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
for (i = 0; secclass_map[i].name; i++) {
|
for (i = 0; secclass_map[i].name; i++) {
|
||||||
struct security_class_mapping *map = &secclass_map[i];
|
struct security_class_mapping *map = &secclass_map[i];
|
||||||
fprintf(fout, "#define SECCLASS_%s", map->name);
|
fprintf(fout, "#define SECCLASS_%-39s %2d\n", map->name, i+1);
|
||||||
for (j = 0; j < max(1, 40 - strlen(map->name)); j++)
|
|
||||||
fprintf(fout, " ");
|
|
||||||
fprintf(fout, "%2d\n", i+1);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fprintf(fout, "\n");
|
fprintf(fout, "\n");
|
||||||
|
|
||||||
for (i = 1; i < isids_len; i++) {
|
for (i = 1; i < isids_len; i++) {
|
||||||
const char *s = initial_sid_to_string[i];
|
const char *s = initial_sid_to_string[i];
|
||||||
fprintf(fout, "#define SECINITSID_%s", s);
|
fprintf(fout, "#define SECINITSID_%-39s %2d\n", s, i);
|
||||||
for (j = 0; j < max(1, 40 - strlen(s)); j++)
|
|
||||||
fprintf(fout, " ");
|
|
||||||
fprintf(fout, "%2d\n", i);
|
|
||||||
}
|
}
|
||||||
fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
|
fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
|
||||||
fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
|
fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
|
||||||
|
@ -101,9 +91,10 @@ int main(int argc, char *argv[])
|
||||||
fprintf(fout, "\tbool sock = false;\n\n");
|
fprintf(fout, "\tbool sock = false;\n\n");
|
||||||
fprintf(fout, "\tswitch (kern_tclass) {\n");
|
fprintf(fout, "\tswitch (kern_tclass) {\n");
|
||||||
for (i = 0; secclass_map[i].name; i++) {
|
for (i = 0; secclass_map[i].name; i++) {
|
||||||
|
static char s[] = "SOCKET";
|
||||||
struct security_class_mapping *map = &secclass_map[i];
|
struct security_class_mapping *map = &secclass_map[i];
|
||||||
substr = strstr(map->name, needle);
|
int len = strlen(map->name), l = sizeof(s) - 1;
|
||||||
if (substr && strcmp(substr, needle) == 0)
|
if (len >= l && memcmp(map->name + len - l, s, l) == 0)
|
||||||
fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
|
fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
|
||||||
}
|
}
|
||||||
fprintf(fout, "\t\tsock = true;\n");
|
fprintf(fout, "\t\tsock = true;\n");
|
||||||
|
@ -129,17 +120,15 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
for (i = 0; secclass_map[i].name; i++) {
|
for (i = 0; secclass_map[i].name; i++) {
|
||||||
struct security_class_mapping *map = &secclass_map[i];
|
struct security_class_mapping *map = &secclass_map[i];
|
||||||
|
int len = strlen(map->name);
|
||||||
for (j = 0; map->perms[j]; j++) {
|
for (j = 0; map->perms[j]; j++) {
|
||||||
if (j >= 32) {
|
if (j >= 32) {
|
||||||
fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
|
fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
|
||||||
map->name, map->perms[j]);
|
map->name, map->perms[j]);
|
||||||
exit(5);
|
exit(5);
|
||||||
}
|
}
|
||||||
fprintf(fout, "#define %s__%s", map->name,
|
fprintf(fout, "#define %s__%-*s 0x%08xU\n", map->name,
|
||||||
map->perms[j]);
|
39-len, map->perms[j], 1U<<j);
|
||||||
for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
|
|
||||||
fprintf(fout, " ");
|
|
||||||
fprintf(fout, "0x%08xU\n", (1<<j));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user