On Wed, Jan 07, 2009 at 03:19:38PM -0500, jim owens wrote: > > Add call to LSM security initialization and save > resulting security xattr for new inodes. > > Add xattr support to symlink inode ops. > > Set inode->i_op for existing special files. > > Signed-off-by: jim owens <[email protected]> > --- > fs/btrfs/inode.c | 23 +++++++++++++++++++---- > fs/btrfs/xattr.c | 32 ++++++++++++++++++++++++++++++++ > fs/btrfs/xattr.h | 2 ++ > 3 files changed, 53 insertions(+), 4 deletions(-) > > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c > index cdb7011..dd6152a 100644 > --- a/fs/btrfs/inode.c > +++ b/fs/btrfs/inode.c > @@ -91,6 +91,16 @@ static noinline int cow_file_range(struct inode *inode, > u64 start, u64 end, int *page_started, > unsigned long *nr_written, int unlock); > > +static int btrfs_init_inode_security(struct inode *inode, struct inode > *dir) > +{ > + int err; > + > + err = btrfs_init_acl(inode, dir); > + if (!err) > + err = btrfs_xattr_security_init(inode, dir); > + return err; > +} > + > /* > * a very lame attempt at stopping writes when the FS is 85% full. There > * are countless ways this is incorrect, but it is better than nothing. > @@ -2039,6 +2049,7 @@ void btrfs_read_locked_inode(struct inode *inode) > inode->i_mapping->backing_dev_info = &root->fs_info->bdi; > break; > default: > + inode->i_op = &btrfs_special_inode_operations; > init_special_inode(inode, inode->i_mode, rdev); > break; > } > @@ -3586,7 +3597,7 @@ static int btrfs_mknod(struct inode *dir, struct > dentry *dentry, > if (IS_ERR(inode)) > goto out_unlock; > > - err = btrfs_init_acl(inode, dir); > + err = btrfs_init_inode_security(inode, dir); > if (err) { > drop_inode = 1; > goto out_unlock; > @@ -3649,7 +3660,7 @@ static int btrfs_create(struct inode *dir, struct > dentry *dentry, > if (IS_ERR(inode)) > goto out_unlock; > > - err = btrfs_init_acl(inode, dir); > + err = btrfs_init_inode_security(inode, dir); > if (err) { > drop_inode = 1; > goto out_unlock; > @@ -3772,7 +3783,7 @@ static int btrfs_mkdir(struct inode *dir, struct > dentry *dentry, int mode) > > drop_on_err = 1; > > - err = btrfs_init_acl(inode, dir); > + err = btrfs_init_inode_security(inode, dir); > if (err) > goto out_fail; > > @@ -4733,7 +4744,7 @@ static int btrfs_symlink(struct inode *dir, struct > dentry *dentry, > if (IS_ERR(inode)) > goto out_unlock; > > - err = btrfs_init_acl(inode, dir); > + err = btrfs_init_inode_security(inode, dir); > if (err) { > drop_inode = 1; > goto out_unlock; > @@ -5032,4 +5043,8 @@ static struct inode_operations > btrfs_symlink_inode_operations = { > .follow_link = page_follow_link_light, > .put_link = page_put_link, > .permission = btrfs_permission, > + .setxattr = btrfs_setxattr, > + .getxattr = btrfs_getxattr, > + .listxattr = btrfs_listxattr, > + .removexattr = btrfs_removexattr, > }; > diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c > index 7f332e2..02195f4 100644 > --- a/fs/btrfs/xattr.c > +++ b/fs/btrfs/xattr.c > @@ -21,6 +21,7 @@ > #include <linux/slab.h> > #include <linux/rwsem.h> > #include <linux/xattr.h> > +#include <linux/security.h> > #include "ctree.h" > #include "btrfs_inode.h" > #include "transaction.h" > @@ -320,3 +321,34 @@ int btrfs_removexattr(struct dentry *dentry, const > char *name) > return -EOPNOTSUPP; > return __btrfs_setxattr(dentry->d_inode, name, NULL, 0, XATTR_REPLACE); > } > + > +int btrfs_xattr_security_init(struct inode *inode, struct inode *dir) > +{ > + int err; > + size_t len; > + void *value; > + char *suffix; > + char *name; > + > + err = security_inode_init_security(inode, dir, &suffix, &value, &len); > + if (err) { > + if (err == -EOPNOTSUPP) > + return 0; > + return err; > + } > + > + name = kmalloc(XATTR_SECURITY_PREFIX_LEN + strlen(suffix) + 1, > + GFP_NOFS);
Use kzalloc here otherwise the end of name could be some random thing and strlen() will read past the end of the memory. Thanks, Josef -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
