Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp505231imm; Mon, 1 Oct 2018 13:35:11 -0700 (PDT) X-Google-Smtp-Source: ACcGV62gGVnLQtAVfRhAgjgtTFNSfQLQNj2UuREl1fGgTFnslBYEZ7yezcAreEPaHo4Bqf/vn1IS X-Received: by 2002:a63:2066:: with SMTP id r38-v6mr6265975pgm.289.1538426111524; Mon, 01 Oct 2018 13:35:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538426111; cv=none; d=google.com; s=arc-20160816; b=y2dO+C8sZRixCyVIMGIlENb1diS+Bni0jaihiX+mHcIPG5qnyA8VDwsVntcaIs/NoM +OFg4uZx7yPTxrDiLc2k4i8fJRRrQrMn1cywJ7hODDxUWWmQeecJVYpfUM+pwgm0+0Rm YayD/rO2DXs1rObMBlUmXRTSOqr06mQdnaCdyKmmeFvaCSxAco0wUPwaNurv7EAxMZME UKRL+17770XQfYvyf1eGxeSgDNLbY4/VGRzeSef5JQ2xNDW0cgF4Y0dDPg1iGcXfcMMW DZgmBEcDBfblQiZZmgidYWEuVWRmmYPxMlCLj/IS3qs6mp2m4CfaVna0QamFslRcIZjS r+Yg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=khTebGVL9i62T+Xj8yjXJ0sI8LTNTIeX+GszD8f48Nk=; b=0+fQ8dR2yRA4dQuEBFZSsEeOI72pQZwA/rzvC+iIFqaocB/hhe/P1AwlxOJebZwWFB Cne0AFyhtDPp4clFLyKQ9XRf3+darUxVxRm78CWR+KF22l8wf1jOBu8ZKNv9oKXgzVn8 6mqsNMaxLZ8hIdYl1S6AP5LjU2sBDmYb2f5atiwMH+zdC2bAJI4FZJnddwcLuHJngJ2c ILDsDOd0jnmx0Y42K1mJLgWGCGzAkiny9zKtbsjOQuHEqF1phMtgx+c/4JLFXWRjuQFF BnZ3izKtfdXKRdnRHq7F4a+K+QX7mOknlAsZ7g2PzKIVUd16Hqn2VEGnPL2OrsRUpSNY /9tA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=X8WI43Zr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p74-v6si4572686pfa.44.2018.10.01.13.34.56; Mon, 01 Oct 2018 13:35:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=X8WI43Zr; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726408AbeJBDOK (ORCPT + 99 others); Mon, 1 Oct 2018 23:14:10 -0400 Received: from mail-yw1-f68.google.com ([209.85.161.68]:40378 "EHLO mail-yw1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726317AbeJBDOK (ORCPT ); Mon, 1 Oct 2018 23:14:10 -0400 Received: by mail-yw1-f68.google.com with SMTP id l79-v6so1978365ywc.7 for ; Mon, 01 Oct 2018 13:34:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=khTebGVL9i62T+Xj8yjXJ0sI8LTNTIeX+GszD8f48Nk=; b=X8WI43Zraz3OLHepdEtcK4ArMQLLsKAMf+HrUAsW8NA3cCC6Poebvan28Uyc8wY9Ir jW3+STc6+BoHFTm4u/hEEhaTLIEq+/vxBUsFEoaRQPHbHp8/WAQKo4IC9kklghyuHdrT h5cUPZMvzvko1/h8XlVthyh3PU1+Z1LvPGeX4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=khTebGVL9i62T+Xj8yjXJ0sI8LTNTIeX+GszD8f48Nk=; b=Y2VM8wTzapZ1fwY+RM2IVlcFbIMRRLzsIZxhxN9b1NSzNmbDfF9BZ9lchSGUIuquuW bdyCB8x+JJPiWgE+eABpc8/b3bGUrA8m8Ag6oBKopwvp834fnoC7kjLWEs0TvKv+t2hJ a3nl+XVCdK65L7N2g76jBklddxH/CAISIAhx80tNE+bOok4kQlbJ+2UvVFI8qQFjVqwg qvVxgRmWelmmUCcpQ27IQyJEHU6jWEKPGt84Sg9dqc8nz+9vRFKcL7fQWSrlCTJyB7gA IrHlOFN6lchHA6hr5EigkC8Qj50CiZJuV0qu0wvzCYGHu3KelnNxtd8lvtVQmzCI71nb di3g== X-Gm-Message-State: ABuFfoiROJLLlmrY4zp8HZBTkO/0/ahhdIeqJSWmkT3cPSI7w576ratO e1asal5cdp4b6GV2fzXe2bdBPV6X+kM= X-Received: by 2002:a81:160d:: with SMTP id 13-v6mr6669036yww.489.1538426075621; Mon, 01 Oct 2018 13:34:35 -0700 (PDT) Received: from mail-yw1-f45.google.com (mail-yw1-f45.google.com. [209.85.161.45]) by smtp.gmail.com with ESMTPSA id r5-v6sm14064268ywr.80.2018.10.01.13.34.35 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Oct 2018 13:34:35 -0700 (PDT) Received: by mail-yw1-f45.google.com with SMTP id y14-v6so6096757ywa.4 for ; Mon, 01 Oct 2018 13:34:35 -0700 (PDT) X-Received: by 2002:a81:1194:: with SMTP id 142-v6mr7000601ywr.168.1538425766274; Mon, 01 Oct 2018 13:29:26 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Mon, 1 Oct 2018 13:29:25 -0700 (PDT) In-Reply-To: <44210861-2830-2321-911d-8783f5f0b172@schaufler-ca.com> References: <44210861-2830-2321-911d-8783f5f0b172@schaufler-ca.com> From: Kees Cook Date: Mon, 1 Oct 2018 13:29:25 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v4 20/19] LSM: Correct file blob free empty blob check To: Casey Schaufler Cc: LSM , James Morris , SE Linux , LKLM , John Johansen , Tetsuo Handa , Paul Moore , Stephen Smalley , "linux-fsdevel@vger.kernel.org" , Alexey Dobriyan , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= , Salvatore Mesoraca Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 26, 2018 at 2:57 PM, Casey Schaufler wrote: > Instead of checking if the kmem_cache for file blobs > has been initialized check if the blob is NULL. This > allows non-blob using modules to do other kinds of > clean up in the security_file_free hooks. > > Signed-off-by: Casey Schaufler Reviewed-by: Kees Cook This looks like it should get folded into "LSM: Infrastructure management of the file security". -Kees > --- > security/security.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/security/security.c b/security/security.c > index e7c8506041f1..76f7dc49b63c 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -1202,14 +1202,13 @@ void security_file_free(struct file *file) > { > void *blob; > > - if (!lsm_file_cache) > - return; > - > call_void_hook(file_free_security, file); > > blob = file->f_security; > - file->f_security = NULL; > - kmem_cache_free(lsm_file_cache, blob); > + if (blob) { > + file->f_security = NULL; > + kmem_cache_free(lsm_file_cache, blob); > + } > } > > int security_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg) > -- > 2.17.1 > > -- Kees Cook Pixel Security