unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../fs
History
Mimi Zohar 14dba5331b integrity: nfsd imbalance bug fix 
An nfsd exported file is opened/closed by the kernel causing the
integrity imbalance message.

Before a file is opened, there normally is permission checking, which
is done in inode_permission().  However, as integrity checking requires
a dentry and mount point, which is not available in inode_permission(),
the integrity (permission) checking must be called separately.

In order to detect any missing integrity checking calls, we keep track
of file open/closes.  ima_path_check() increments these counts and
does the integrity (permission) checking. As a result, the number of
calls to ima_path_check()/ima_file_free() should be balanced.  An extra
call to fput(), indicates the file could have been accessed without first
calling ima_path_check().

In nfsv3 permission checking is done once, followed by multiple reads,
which do an open/close for each read.  The integrity (permission) checking
call should be in nfsd_permission() after the inode_permission() call, but
as there is no correlation between the number of permission checking and
open calls, the integrity checking call should not increment the counters,
but defer it to when the file is actually opened.

This patch adds:
- integrity (permission) checking for nfsd exported files in nfsd_permission().
- a call to increment counts for files opened by nfsd.

This patch has been updated to return the nfs error types.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-05-28 09:32:43 +10:00
..
9p Fix a leak in failure exit in 9p ->get_sb() 2009-05-09 10:49:40 -04:00
adfs fs/adfs: return f_fsid for statfs(2) 2009-04-02 19:05:08 -07:00
affs Fix races around the access to ->s_options 2009-05-09 10:51:34 -04:00
afs Fix races around the access to ->s_options 2009-05-09 10:51:34 -04:00
autofs Fix autofs_expire() 2009-04-20 23:01:15 -04:00
autofs4 autofs4: fix incorrect return in autofs4_mount_busy() 2009-05-02 15:36:09 -07:00
befs befs: fix build on parisc 2009-04-08 10:21:43 -07:00
bfs
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2009-05-14 19:18:44 -07:00
cachefiles CacheFiles: A cache that backs onto a mounted filesystem 2009-04-03 16:42:41 +01:00
cifs cifs: fix pointer initialization and checks in cifs_follow_symlink (try #4) 2009-05-19 15:31:20 +00:00
coda
configfs configfs: Fix Trivial Warning in fs/configfs/symlink.c 2009-04-21 12:59:21 -07:00
cramfs fs/cramfs: return f_fsid for statfs(2) 2009-04-02 19:05:08 -07:00
debugfs
devpts devpts: correctly set default options 2009-05-15 08:03:23 -07:00
dlm
ecryptfs Convert obvious places to deactivate_locked_super() 2009-05-09 10:49:40 -04:00
efs fs/efs: return f_fsid for statfs(2) 2009-04-02 19:05:09 -07:00
exofs
exportfs
ext2 ext2: missing unlock in ext2_quota_write() 2009-04-27 16:49:52 +02:00
ext3 ext3: Try to avoid starting a transaction in writepage for data=writepage 2009-04-08 13:15:10 -04:00
ext4 ext4: Fix race in ext4_inode_info.i_cached_extent 2009-05-15 09:07:28 -04:00
fat vfat: Note the NLS requirement 2009-04-17 09:32:11 -07:00
freevxfs
fscache FS-Cache: Implement data I/O part of netfs API 2009-04-03 16:42:39 +01:00
fuse Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse 2009-05-13 16:32:57 -07:00
gfs2 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-05-10 10:49:08 -07:00
hfs hfs: fix memory leak when unmounting 2009-04-13 15:04:29 -07:00
hfsplus Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-04-02 21:09:10 -07:00
hostfs
hpfs Fix races around the access to ->s_options 2009-05-09 10:51:34 -04:00
hppfs hppfs: hppfs_read_file() may return -ERROR 2009-04-02 19:04:53 -07:00
hugetlbfs Merge branch 'master' into next 2009-05-22 18:40:59 +10:00
isofs fs/isofs: return f_fsid for statfs(2) 2009-04-02 19:05:09 -07:00
jbd Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 2009-04-24 08:37:40 -07:00
jbd2 jbd2: use SWRITE_SYNC_PLUG when writing synchronous revoke records 2009-04-14 07:50:56 -04:00
jffs2 Merge git://git.infradead.org/mtd-2.6 2009-04-06 14:56:26 -07:00
jfs
lockd lockd: fix list corruption on lockd restart 2009-05-06 17:19:36 -04:00
minix fs/minix: return f_fsid for statfs(2) 2009-04-02 19:05:09 -07:00
ncpfs ncpfs: use memdup_user() 2009-04-20 23:02:51 -04:00
nfs nfs: Fix NFS v4 client handling of MAY_EXEC in nfs_permission. 2009-05-18 20:11:12 -07:00
nfs_common
nfsd integrity: nfsd imbalance bug fix 2009-05-28 09:32:43 +10:00
nilfs2 nilfs2: check size of array structured data exchanged via ioctls 2009-05-12 01:48:54 +09:00
nls
notify inotify: use GFP_NOFS in kernel_event() to work around a lockdep false-positive 2009-05-06 16:36:09 -07:00
ntfs
ocfs2 ocfs2: Use nd_set_link(). 2009-05-09 10:49:40 -04:00
omfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-04-02 21:09:10 -07:00
openpromfs
partitions
proc Merge branch 'master' into next 2009-05-22 18:40:59 +10:00
qnx4 fs/qnx4: return f_fsid for statfs(2) 2009-04-02 19:05:10 -07:00
quota quota: remove obsolete comments in fs/quota/Makefile 2009-04-27 16:49:52 +02:00
ramfs ramfs: fix double freeing s_fs_info on failed mount 2009-04-07 07:39:59 -07:00
reiserfs reiserfs: fixup perms when xattrs are disabled 2009-05-17 11:45:45 -07:00
romfs ROMFS: romfs_dev_read() error ignored 2009-05-09 10:49:41 -04:00
smbfs
squashfs Squashfs: cody tidying, remove commented out line in Makefile 2009-05-13 03:25:20 +01:00
sysfs sysfs: use memdup_user() 2009-04-20 23:02:50 -04:00
sysv fs/sysv: return f_fsid for statfs(2) 2009-04-02 19:05:10 -07:00
ubifs Convert obvious places to deactivate_locked_super() 2009-05-09 10:49:40 -04:00
udf
ufs switch ufs directories to ufs_sync_file() 2009-05-09 10:49:42 -04:00
xfs Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs 2009-05-02 16:52:50 -07:00
aio.c
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c
binfmt_elf_fdpic.c ptrace: s/parent/real_parent/ in binfmt_elf_fdpic.c 2009-05-02 15:36:10 -07:00
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c bio: fix memcpy corruption in bio_copy_user_iov() 2009-04-28 20:24:29 +02:00
block_dev.c
buffer.c mm: close page_mkwrite races 2009-05-02 15:36:09 -07:00
char_dev.c
compat.c CRED: Rename cred_exec_mutex to reflect that it's a guard against ptrace 2009-05-11 08:15:36 +10:00
compat_binfmt_elf.c
compat_ioctl.c fs/compat_ioctl: fix build when !BLOCK 2009-04-20 23:01:16 -04:00
dcache.c fs: dcache fix LRU ordering 2009-05-09 10:49:40 -04:00
dcookies.c
direct-io.c dio: Remove code handling bio_alloc failure with __GFP_WAIT 2009-04-15 12:10:13 +02:00
drop_caches.c vfs: skip I_CLEAR state inodes 2009-04-02 19:04:48 -07:00
eventfd.c
eventpoll.c epoll: fix size check in epoll_create() 2009-05-12 14:11:35 -07:00
exec.c Merge branch 'master' into next 2009-05-22 18:40:59 +10:00
fcntl.c dup2: Fix return value with oldfd == newfd and invalid fd 2009-05-11 12:18:06 -07:00
fifo.c
file.c
file_table.c
filesystems.c fs: Mark get_filesystem_list() as __init function. 2009-04-20 23:02:52 -04:00
fs-writeback.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-04-03 15:24:35 -07:00
fs_struct.c
generic_acl.c
inode.c Make checkpatch.pl shut up on fs/inode.c 2009-05-09 10:49:41 -04:00
internal.h
ioctl.c fiemap: fix problem with setting FIEMAP_EXTENT_LAST 2009-05-06 16:36:09 -07:00
ioprio.c
Kconfig nilfs2: update makefile and Kconfig 2009-04-07 08:31:16 -07:00
Kconfig.binfmt
libfs.c Convert obvious places to deactivate_locked_super() 2009-05-09 10:49:40 -04:00
locks.c
Makefile nilfs2: update makefile and Kconfig 2009-04-07 08:31:16 -07:00
mbcache.c
mpage.c
namei.c Merge branch 'master' into next 2009-05-22 18:40:59 +10:00
namespace.c Fix races around the access to ->s_options 2009-05-09 10:51:34 -04:00
nfsctl.c
no-block.c
open.c Switch open_exec() and sys_uselib() to do_open_filp() 2009-05-09 10:49:42 -04:00
pipe.c splice: add helpers for locking pipe inode 2009-04-15 12:10:12 +02:00
pnode.c
pnode.h
posix_acl.c
read_write.c Make non-compat preadv/pwritev use native register size 2009-04-04 14:20:34 -07:00
read_write.h
readdir.c
select.c
seq_file.c
signalfd.c
splice.c splice: fix new kernel-doc warnings 2009-04-17 07:38:07 -07:00
stack.c
stat.c kill vfs_stat_fd / vfs_lstat_fd 2009-04-20 23:02:52 -04:00
super.c NULL noise in fs/super.c:kill_bdev_super() 2009-05-09 10:49:41 -04:00
sync.c
timerfd.c
utimes.c
xattr.c xattr: use memdup_user() 2009-04-20 23:02:50 -04:00
xattr_acl.c