Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp2234101imm; Mon, 28 May 2018 04:28:06 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLSpQFpkbN+J8ZwCwdY99QEGpQoqLBbU15KUjgk+QgxZhu1dBvTSmp4rc2wWxNpv1AP4Q+x X-Received: by 2002:a62:3e9a:: with SMTP id y26-v6mr2013283pfj.98.1527506886239; Mon, 28 May 2018 04:28:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527506886; cv=none; d=google.com; s=arc-20160816; b=ng+7C1cm0J++PDCInTmkqtFkvjqZUgrza8NyBX8mt1DV/PMCp1q0ziiGFOIdaQqPI4 Xm1LQst7y8zHV4Fv0pW8n8VWZkAWZRzOuFn1D5krl73Tbo4QrB9Vx22itqjpZozDKw+W geqBCxxwTFxs5D+f82FWjuVs6ViCW5Vd4VvagI4x6v2WIOIypG+1OjFneRe8F0dHpWaa s1dkN1q6x0+oVrRhWKPYVDpwJw8ejkltjEoMH5ooGQ22UVFuLxe6KXfT0Z/51eZ42h+m nQmalSLY4Ls1OjZmY87eY5Pk+EIpncVdXsTk4w129zjomSlt7leRWpmX7U/wZc1WlfNQ KjFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=Umwj5O4v78OT3UEyxzXbCMfvitHy8SSgEP8NUgcMPWA=; b=PR4M1GxvntPBUveBnfOx6VkG/5MSRh0BBx9CIf/hED1jEShYXOeBQ4HDrVr1kyLWlQ aoU7797+pugxPSCcwVuT19S1Z5ZFDmQ2iSNS1rnOGktjujCo+Z//0zCe2BcaRc0Quzui 9Hd8FLZSVzdMrhMQ1oLDp2V3vpBsm5iQ5H7NQ2sy9J8R2bqEsVTVGPQZ+JvKY++2EjTA aqbcuZTxTn1Q8T+jrsKTXXh27C7ZkyTJijDK3Rvj3PIg69Gkf3mUyTDrq6O6yaeOcKIi +tsfxw1Z5vy6XmZgtSwATSZt5dWcKIEVHQGxLcBnYil3xplQN851iOpylwR84z6oOk/L ydHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wCvdMblW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b98-v6si7775655plb.504.2018.05.28.04.27.51; Mon, 28 May 2018 04:28:06 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=wCvdMblW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S938176AbeE1LZ4 (ORCPT + 99 others); Mon, 28 May 2018 07:25:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:41240 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932603AbeE1LZd (ORCPT ); Mon, 28 May 2018 07:25:33 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9A91B208A2; Mon, 28 May 2018 11:25:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1527506733; bh=O6x0mSAEbs5GIWOcDF7+0Jt+WREhpp4/SQ76aVcTSp8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wCvdMblW1VFeCkxErtcxOYfz04oHX1Mcs5BvsWlMCT5VXk0Wc7eEXegnxKBSABCvN pL2unzcBQm3HWt8rXsXXOalbjwo9yn8hPKdFgooSzxEbg3H6XMd3y6j/rmQMNqZB9u pyGUx942Z6MwSYFBvCja2U40XOCUBSQv73ZRI078= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Al Viro Subject: [PATCH 4.16 009/272] fix breakage caused by d_find_alias() semantics change Date: Mon, 28 May 2018 12:00:42 +0200 Message-Id: <20180528100240.988073616@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180528100240.256525891@linuxfoundation.org> References: <20180528100240.256525891@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Al Viro commit b127125d9db23e4856156a7c909a3c8e18b69f99 upstream. "VFS: don't keep disconnected dentries on d_anon" had a non-trivial side-effect - d_unhashed() now returns true for those dentries, making d_find_alias() skip them altogether. For most of its callers that's fine - we really want a connected alias there. However, there is a codepath where we relied upon picking such aliases if nothing else could be found - selinux delayed initialization of contexts for inodes on already mounted filesystems used to rely upon that. Cc: stable@kernel.org # f1ee616214cb "VFS: don't keep disconnected dentries on d_anon" Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- security/selinux/hooks.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1532,8 +1532,15 @@ static int inode_doinit_with_dentry(stru /* Called from d_instantiate or d_splice_alias. */ dentry = dget(opt_dentry); } else { - /* Called from selinux_complete_init, try to find a dentry. */ + /* + * Called from selinux_complete_init, try to find a dentry. + * Some filesystems really want a connected one, so try + * that first. We could split SECURITY_FS_USE_XATTR in + * two, depending upon that... + */ dentry = d_find_alias(inode); + if (!dentry) + dentry = d_find_any_alias(inode); } if (!dentry) { /* @@ -1636,14 +1643,19 @@ static int inode_doinit_with_dentry(stru if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) { /* We must have a dentry to determine the label on * procfs inodes */ - if (opt_dentry) + if (opt_dentry) { /* Called from d_instantiate or * d_splice_alias. */ dentry = dget(opt_dentry); - else + } else { /* Called from selinux_complete_init, try to - * find a dentry. */ + * find a dentry. Some filesystems really want + * a connected one, so try that first. + */ dentry = d_find_alias(inode); + if (!dentry) + dentry = d_find_any_alias(inode); + } /* * This can be hit on boot when a file is accessed * before the policy is loaded. When we load policy we