[PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook
Paul Moore
paul at paul-moore.com
Mon Aug 12 19:37:11 UTC 2024
On Mon, Jul 29, 2024 at 5:58 PM Paul Moore <paul at paul-moore.com> wrote:
>
> The LSM framework has an existing inode_free_security() hook which
> is used by LSMs that manage state associated with an inode, but
> due to the use of RCU to protect the inode, special care must be
> taken to ensure that the LSMs do not fully release the inode state
> until it is safe from a RCU perspective.
>
> This patch implements a new inode_free_security_rcu() implementation
> hook which is called when it is safe to free the LSM's internal inode
> state. Unfortunately, this new hook does not have access to the inode
> itself as it may already be released, so the existing
> inode_free_security() hook is retained for those LSMs which require
> access to the inode.
>
> Cc: stable at vger.kernel.org
> Reported-by: syzbot+5446fbf332b0602ede0b at syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/r/00000000000076ba3b0617f65cc8@google.com
> Signed-off-by: Paul Moore <paul at paul-moore.com>
> ---
> include/linux/lsm_hook_defs.h | 1 +
> security/integrity/ima/ima.h | 2 +-
> security/integrity/ima/ima_iint.c | 20 ++++++++-----------
> security/integrity/ima/ima_main.c | 2 +-
> security/landlock/fs.c | 9 ++++++---
> security/security.c | 32 +++++++++++++++----------------
> 6 files changed, 33 insertions(+), 33 deletions(-)
Merged into lsm/dev.
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list