bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 06:44:00 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add start_renaming_two_dentries()

Browse Source 
A few callers want to lock for a rename and already have both dentries.
Also debugfs does want to perform a lookup but doesn't want permission
checking, so start_renaming_dentry() cannot be used.

This patch introduces start_renaming_two_dentries() which is given both
dentries.  debugfs performs one lookup itself.  As it will only continue
with a negative dentry and as those cannot be renamed or unlinked, it is
safe to do the lookup before getting the rename locks.

overlayfs uses start_renaming_two_dentries() in three places and  selinux
uses it twice in sel_make_policy_nodes().

In sel_make_policy_nodes() we now lock for rename twice instead of just
once so the combined operation is no longer atomic w.r.t the parent
directory locks.  As selinux_state.policy_mutex is held across the whole
operation this does not open up any interesting races.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: NeilBrown <neil@brown.name>
Link: https://patch.msgid.link/20251113002050.676694-13-neilb@ownmail.net
Signed-off-by: Christian Brauner <brauner@kernel.org>
This commit is contained in:
NeilBrown
2025-11-13 11:18:35 +11:00
committed by Christian Brauner
parent ac50950ca1
commit 833d2b3a07
5 changed files with 132 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
security/selinux/selinuxfs.c
View File

@@ -506,6 +506,7 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
{
int ret = 0;
struct dentry *tmp_parent, *tmp_bool_dir, *tmp_class_dir;
struct renamedata rd = {};
unsigned int bool_num = 0;
char **bool_names = NULL;
int *bool_values = NULL;
@@ -539,9 +540,14 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
if (ret)
goto out;
lock_rename(tmp_parent, fsi->sb->s_root);
rd.old_parent = tmp_parent;
rd.new_parent = fsi->sb->s_root;
/* booleans */
ret = start_renaming_two_dentries(&rd, tmp_bool_dir, fsi->bool_dir);
if (ret)
goto out;
d_exchange(tmp_bool_dir, fsi->bool_dir);
swap(fsi->bool_num, bool_num);
@@ -549,12 +555,17 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
swap(fsi->bool_pending_values, bool_values);
fsi->bool_dir = tmp_bool_dir;
end_renaming(&rd);
/* classes */
ret = start_renaming_two_dentries(&rd, tmp_class_dir, fsi->class_dir);
if (ret)
goto out;
d_exchange(tmp_class_dir, fsi->class_dir);
fsi->class_dir = tmp_class_dir;
unlock_rename(tmp_parent, fsi->sb->s_root);
end_renaming(&rd);
out:
sel_remove_old_bool_data(bool_num, bool_names, bool_values);