If we register a LSM hook and if we use the parameter passed to
security_task_alloc(struct task_struct *p), the value of p->parent is
wrong. This patch move the call to security_task_alloc() after the
initialization of the field p->parent.
Guillaume,
Signed-Off-By: Guillaume Thouvenin <[email protected]>
--- kernel/fork.c.orig 2004-10-19 08:41:53.000000000 +0200
+++ kernel/fork.c 2004-11-23 15:29:25.799903744 +0100
@@ -1006,8 +1006,6 @@ static task_t *copy_process(unsigned lon
}
#endif
- if ((retval = security_task_alloc(p)))
- goto bad_fork_cleanup_policy;
if ((retval = audit_alloc(p)))
goto bad_fork_cleanup_security;
/* copy all the process information */
@@ -1092,6 +1090,9 @@ static task_t *copy_process(unsigned lon
p->real_parent = current;
p->parent = p->real_parent;
+ if ((retval = security_task_alloc(p)))
+ goto bad_fork_cleanup_policy;
+
if (clone_flags & CLONE_THREAD) {
spin_lock(¤t->sighand->siglock);
/*
On Tue, Nov 23, 2004 at 03:38:51PM +0100, Guillaume Thouvenin wrote:
> If we register a LSM hook and if we use the parameter passed to
> security_task_alloc(struct task_struct *p), the value of p->parent is
> wrong. This patch move the call to security_task_alloc() after the
> initialization of the field p->parent.
No, that's way too late for this hook.
> --- kernel/fork.c.orig 2004-10-19 08:41:53.000000000 +0200
> +++ kernel/fork.c 2004-11-23 15:29:25.799903744 +0100
> @@ -1006,8 +1006,6 @@ static task_t *copy_process(unsigned lon
> }
> #endif
>
> - if ((retval = security_task_alloc(p)))
> - goto bad_fork_cleanup_policy;
> if ((retval = audit_alloc(p)))
> goto bad_fork_cleanup_security;
> /* copy all the process information */
> @@ -1092,6 +1090,9 @@ static task_t *copy_process(unsigned lon
> p->real_parent = current;
> p->parent = p->real_parent;
>
> + if ((retval = security_task_alloc(p)))
> + goto bad_fork_cleanup_policy;
> +
And the error path is wrong :)
thanks,
greg k-h