On Wed, Apr 03, 2024 at 11:07:49AM +0200, Roberto Sassu wrote: > From: Roberto Sassu <[email protected]> > > Commit 08abce60d63f ("security: Introduce path_post_mknod hook") > introduced security_path_post_mknod(), to replace the IMA-specific call to > ima_post_path_mknod(). > > For symmetry with security_path_mknod(), security_path_post_mknod() was > called after a successful mknod operation, for any file type, rather than > only for regular files at the time there was the IMA call. > > However, as reported by VFS maintainers, successful mknod operation does > not mean that the dentry always has an inode attached to it (for example, > not for FIFOs on a SAMBA mount). > > If that condition happens, the kernel crashes when > security_path_post_mknod() attempts to verify if the inode associated to > the dentry is private. > > Move security_path_post_mknod() where the ima_post_path_mknod() call was, > which is obviously correct from IMA/EVM perspective. IMA/EVM are the only > in-kernel users, and only need to inspect regular files. > > Reported-by: Steve French <[email protected]> > Closes: > https://lore.kernel.org/linux-kernel/cah2r5msavzxcuhhg8vkrmpukqhmbpe6k9_vjhgda1uavwx4...@mail.gmail.com/ > Suggested-by: Al Viro <[email protected]> > Fixes: 08abce60d63f ("security: Introduce path_post_mknod hook") > Signed-off-by: Roberto Sassu <[email protected]>
LGTM...
