2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-11-20 16:46:23 +08:00
linux-next/security/selinux
Nick Piggin d996b62a8d tty: fix fu_list abuse
tty: fix fu_list abuse

tty code abuses fu_list, which causes a bug in remount,ro handling.

If a tty device node is opened on a filesystem, then the last link to the inode
removed, the filesystem will be allowed to be remounted readonly. This is
because fs_may_remount_ro does not find the 0 link tty inode on the file sb
list (because the tty code incorrectly removed it to use for its own purpose).
This can result in a filesystem with errors after it is marked "clean".

Taking idea from Christoph's initial patch, allocate a tty private struct
at file->private_data and put our required list fields in there, linking
file and tty. This makes tty nodes behave the same way as other device nodes
and avoid meddling with the vfs, and avoids this bug.

The error handling is not trivial in the tty code, so for this bugfix, I take
the simple approach of using __GFP_NOFAIL and don't worry about memory errors.
This is not a problem because our allocator doesn't fail small allocs as a rule
anyway. So proper error handling is left as an exercise for tty hackers.

[ Arguably filesystem's device inode would ideally be divorced from the
driver's pseudo inode when it is opened, but in practice it's not clear whether
that will ever be worth implementing. ]

Cc: linux-kernel@vger.kernel.org
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Nick Piggin <npiggin@kernel.dk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2010-08-18 08:35:47 -04:00
..
include SELinux: Move execmod to the common perms 2010-08-02 15:35:09 +10:00
ss selinux: convert the policy type_attr_map to flex_array 2010-08-02 15:38:39 +10:00
.gitignore SELinux: add .gitignore files for dynamic classes 2009-10-24 09:42:27 +08:00
avc.c SELinux: special dontaudit for access checks 2010-08-02 15:35:07 +10:00
exports.c Creds: creds->security can be NULL is selinux is disabled 2009-09-14 12:34:07 +10:00
hooks.c tty: fix fu_list abuse 2010-08-18 08:35:47 -04:00
Kconfig selinux: Deprecate and schedule the removal of the the compat_net functionality 2008-12-31 12:54:11 -05:00
Makefile SELINUX: Fix build error. 2010-08-06 18:11:39 -04:00
netif.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
netlabel.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netlink.c Merge branch 'master' into next 2010-05-06 10:56:07 +10:00
netnode.c selinux: remove all rcu head initializations 2010-08-02 15:33:35 +10:00
netport.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
nlmsgtab.c Selinux: Remove unused headers skbuff.h in selinux/nlmsgtab.c 2010-03-04 08:51:06 +11:00
selinuxfs.c selinux: use generic_file_llseek 2010-08-02 15:34:59 +10:00
xfrm.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00