malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
msm-4.14/security/selinux/ibpkey.c
Greg Kroah-Hartman 76cc1c09f4 This is the 4.14.207 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+1WhoACgkQONu9yGCS
 aT7xTA/+Nec9KMVmw+In7CAgj4p6uwshPaBGVjlfrcCriuT33QlWT5aaCCm52YJt
 uQCCQKD1g+Lkd4P1bWCnRDi791dh1L7hwhPWWmKTLJitte1i/aaAUtPQRtUCeZQT
 8fNzuqBZpg5QMEnEeY8duEVfh0q/f1Gm39uB7Dvt6Z8UXbJstTgvz6XQ0AL6I+ap
 L9alHzQxOtD5c5SQoIf+qyr/zE/XPZVBxFDGsGszG/QKAtwh0vf0/R4dSKbL3Bel
 aja5xD+QS7xgyEppW8Ta/2M0oPV/1bjJj/JgkDnB4xSq1kAuHb1WAemfkhUfchW/
 LKPtjo2UzamPLjUZmd9D4WklNRiJTkoE9WdLbCUBDjFPpTSmYTlsAYs8iBczJAwX
 NO/inyOYSShg//TPpv924DVkS4blwOiNV1uRYbhxeCOlrj0VZ2BIMvKymm3k6wUY
 tVOlV7CLmdOO9tliJTs/HDZBy8qdLTxJQsKwb2MvidxX1a9VDRt2Zx5gFUJmLKMj
 GN3a77fZkBsUUrPe/tENzW9n70trS5UDJiDAIcgNvQj3N2FeBCDSojhfiQOc3gG0
 SXba1VTUX8pPzfa/4X0gJR1dN/2zM7RNDEIE29mS27j9PJFPYAsCcMTs4+iltror
 mO3gMh4jhCTvcC69gITNW1o+5RBe0NN3jq7GlVmsWmZ4MsmwfwA=
 =/Wvr
 -----END PGP SIGNATURE-----

Merge 4.14.207 into android-4.14-stable

Changes in 4.14.207
	regulator: defer probe when trying to get voltage from unresolved supply
	ring-buffer: Fix recursion protection transitions between interrupt context
	mm: mempolicy: fix potential pte_unmap_unlock pte error
	time: Prevent undefined behaviour in timespec64_to_ns()
	nbd: don't update block size after device is started
	btrfs: sysfs: init devices outside of the chunk_mutex
	btrfs: reschedule when cloning lots of extents
	genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
	hv_balloon: disable warning when floor reached
	net: xfrm: fix a race condition during allocing spi
	perf tools: Add missing swap for ino_generation
	ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
	can: rx-offload: don't call kfree_skb() from IRQ context
	can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
	can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
	can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
	can: peak_usb: add range checking in decode operations
	can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
	can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
	xfs: flush new eof page on truncate to avoid post-eof corruption
	Btrfs: fix missing error return if writeback for extent buffer never started
	ath9k_htc: Use appropriate rs_datalen type
	usb: gadget: goku_udc: fix potential crashes in probe
	gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
	gfs2: Add missing truncate_inode_pages_final for sd_aspace
	gfs2: check for live vs. read-only file system in gfs2_fitrim
	scsi: hpsa: Fix memory leak in hpsa_init_one()
	drm/amdgpu: perform srbm soft reset always on SDMA resume
	mac80211: fix use of skb payload instead of header
	cfg80211: regulatory: Fix inconsistent format argument
	scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
	iommu/amd: Increase interrupt remapping table limit to 512 entries
	pinctrl: intel: Set default bias in case no particular value given
	ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
	pinctrl: aspeed: Fix GPI only function problem.
	nbd: fix a block_device refcount leak in nbd_release
	xfs: fix flags argument to rmap lookup when converting shared file rmaps
	xfs: fix rmap key and record comparison functions
	xfs: fix a missing unlock on error in xfs_fs_map_blocks
	of/address: Fix of_node memory leak in of_dma_is_coherent
	cosa: Add missing kfree in error path of cosa_write
	perf: Fix get_recursion_context()
	ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
	ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
	thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
	uio: Fix use-after-free in uio_unregister_device()
	usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
	mei: protect mei_cl_mtu from null dereference
	futex: Don't enable IRQs unconditionally in put_pi_state()
	ocfs2: initialize ip_next_orphan
	selinux: Fix error return code in sel_ib_pkey_sid_slow()
	don't dump the threads that had been already exiting when zapped.
	drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
	pinctrl: amd: use higher precision for 512 RtcClk
	pinctrl: amd: fix incorrect way to disable debounce filter
	swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
	IPv6: Set SIT tunnel hard_header_len to zero
	net/af_iucv: fix null pointer dereference on shutdown
	net/x25: Fix null-ptr-deref in x25_connect
	vrf: Fix fast path output packet handling with async Netfilter rules
	r8169: fix potential skb double free in an error path
	net: Update window_clamp if SOCK_RCVBUF is set
	random32: make prandom_u32() output unpredictable
	x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
	perf/core: Fix bad use of igrab()
	perf/core: Fix crash when using HW tracing kernel filters
	perf/core: Fix a memory leak in perf_event_parse_addr_filter()
	xen/events: avoid removing an event channel while handling it
	xen/events: add a proper barrier to 2-level uevent unmasking
	xen/events: fix race in evtchn_fifo_unmask()
	xen/events: add a new "late EOI" evtchn framework
	xen/blkback: use lateeoi irq binding
	xen/netback: use lateeoi irq binding
	xen/scsiback: use lateeoi irq binding
	xen/pvcallsback: use lateeoi irq binding
	xen/pciback: use lateeoi irq binding
	xen/events: switch user event channels to lateeoi model
	xen/events: use a common cpu hotplug hook for event channels
	xen/events: defer eoi in case of excessive number of events
	xen/events: block rogue events for some time
	perf/core: Fix race in the perf_mmap_close() function
	Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
	reboot: fix overflow parsing reboot cpu number
	Convert trailing spaces and periods in path components
	mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
	Linux 4.14.207

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id9671f12372dd8919395ce4f175ce1a5a06ef68f
2020-11-19 09:53:10 +01:00

249 lines
6.0 KiB
C
Raw Blame History

/*
* Pkey table
*
* SELinux must keep a mapping of Infinband PKEYs to labels/SIDs. This
* mapping is maintained as part of the normal policy but a fast cache is
* needed to reduce the lookup overhead.
*
* This code is heavily based on the "netif" and "netport" concept originally
* developed by
* James Morris <jmorris@redhat.com> and
* Paul Moore <paul@paul-moore.com>
* (see security/selinux/netif.c and security/selinux/netport.c for more
* information)
*
*/
/*
* (c) Mellanox Technologies, 2016
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*/
#include <linux/types.h>
#include <linux/rcupdate.h>
#include <linux/list.h>
#include <linux/spinlock.h>
#include "ibpkey.h"
#include "objsec.h"
#define SEL_PKEY_HASH_SIZE 256
#define SEL_PKEY_HASH_BKT_LIMIT 16
struct sel_ib_pkey_bkt {
int size;
struct list_head list;
};
struct sel_ib_pkey {
struct pkey_security_struct psec;
struct list_head list;
struct rcu_head rcu;
};
static LIST_HEAD(sel_ib_pkey_list);
static DEFINE_SPINLOCK(sel_ib_pkey_lock);
static struct sel_ib_pkey_bkt sel_ib_pkey_hash[SEL_PKEY_HASH_SIZE];
/**
* sel_ib_pkey_hashfn - Hashing function for the pkey table
* @pkey: pkey number
*
* Description:
* This is the hashing function for the pkey table, it returns the bucket
* number for the given pkey.
*
*/
static unsigned int sel_ib_pkey_hashfn(u16 pkey)
{
return (pkey & (SEL_PKEY_HASH_SIZE - 1));
}
/**
* sel_ib_pkey_find - Search for a pkey record
* @subnet_prefix: subnet_prefix
* @pkey_num: pkey_num
*
* Description:
* Search the pkey table and return the matching record. If an entry
* can not be found in the table return NULL.
*
*/
static struct sel_ib_pkey *sel_ib_pkey_find(u64 subnet_prefix, u16 pkey_num)
{
unsigned int idx;
struct sel_ib_pkey *pkey;
idx = sel_ib_pkey_hashfn(pkey_num);
list_for_each_entry_rcu(pkey, &sel_ib_pkey_hash[idx].list, list) {
if (pkey->psec.pkey == pkey_num &&
pkey->psec.subnet_prefix == subnet_prefix)
return pkey;
}
return NULL;
}
/**
* sel_ib_pkey_insert - Insert a new pkey into the table
* @pkey: the new pkey record
*
* Description:
* Add a new pkey record to the hash table.
*
*/
static void sel_ib_pkey_insert(struct sel_ib_pkey *pkey)
{
unsigned int idx;
/* we need to impose a limit on the growth of the hash table so check
* this bucket to make sure it is within the specified bounds
*/
idx = sel_ib_pkey_hashfn(pkey->psec.pkey);
list_add_rcu(&pkey->list, &sel_ib_pkey_hash[idx].list);
if (sel_ib_pkey_hash[idx].size == SEL_PKEY_HASH_BKT_LIMIT) {
struct sel_ib_pkey *tail;
tail = list_entry(
rcu_dereference_protected(
sel_ib_pkey_hash[idx].list.prev,
lockdep_is_held(&sel_ib_pkey_lock)),
struct sel_ib_pkey, list);
list_del_rcu(&tail->list);
kfree_rcu(tail, rcu);
} else {
sel_ib_pkey_hash[idx].size++;
}
}
/**
* sel_ib_pkey_sid_slow - Lookup the SID of a pkey using the policy
* @subnet_prefix: subnet prefix
* @pkey_num: pkey number
* @sid: pkey SID
*
* Description:
* This function determines the SID of a pkey by querying the security
* policy. The result is added to the pkey table to speedup future
* queries. Returns zero on success, negative values on failure.
*
*/
static int sel_ib_pkey_sid_slow(u64 subnet_prefix, u16 pkey_num, u32 *sid)
{
int ret;
struct sel_ib_pkey *pkey;
struct sel_ib_pkey *new = NULL;
unsigned long flags;
spin_lock_irqsave(&sel_ib_pkey_lock, flags);
pkey = sel_ib_pkey_find(subnet_prefix, pkey_num);
if (pkey) {
*sid = pkey->psec.sid;
spin_unlock_irqrestore(&sel_ib_pkey_lock, flags);
return 0;
}
ret = security_ib_pkey_sid(&selinux_state, subnet_prefix, pkey_num,
sid);
if (ret)
goto out;
/* If this memory allocation fails still return 0. The SID
* is valid, it just won't be added to the cache.
*/
new = kzalloc(sizeof(*new), GFP_ATOMIC);
if (!new) {
ret = -ENOMEM;
goto out;
}
new->psec.subnet_prefix = subnet_prefix;
new->psec.pkey = pkey_num;
new->psec.sid = *sid;
sel_ib_pkey_insert(new);
out:
spin_unlock_irqrestore(&sel_ib_pkey_lock, flags);
return ret;
}
/**
* sel_ib_pkey_sid - Lookup the SID of a PKEY
* @subnet_prefix: subnet_prefix
* @pkey_num: pkey number
* @sid: pkey SID
*
* Description:
* This function determines the SID of a PKEY using the fastest method
* possible. First the pkey table is queried, but if an entry can't be found
* then the policy is queried and the result is added to the table to speedup
* future queries. Returns zero on success, negative values on failure.
*
*/
int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey_num, u32 *sid)
{
struct sel_ib_pkey *pkey;
rcu_read_lock();
pkey = sel_ib_pkey_find(subnet_prefix, pkey_num);
if (pkey) {
*sid = pkey->psec.sid;
rcu_read_unlock();
return 0;
}
rcu_read_unlock();
return sel_ib_pkey_sid_slow(subnet_prefix, pkey_num, sid);
}
/**
* sel_ib_pkey_flush - Flush the entire pkey table
*
* Description:
* Remove all entries from the pkey table
*
*/
void sel_ib_pkey_flush(void)
{
unsigned int idx;
struct sel_ib_pkey *pkey, *pkey_tmp;
unsigned long flags;
spin_lock_irqsave(&sel_ib_pkey_lock, flags);
for (idx = 0; idx < SEL_PKEY_HASH_SIZE; idx++) {
list_for_each_entry_safe(pkey, pkey_tmp,
&sel_ib_pkey_hash[idx].list, list) {
list_del_rcu(&pkey->list);
kfree_rcu(pkey, rcu);
}
sel_ib_pkey_hash[idx].size = 0;
}
spin_unlock_irqrestore(&sel_ib_pkey_lock, flags);
}
static __init int sel_ib_pkey_init(void)
{
int iter;
if (!selinux_enabled)
return 0;
for (iter = 0; iter < SEL_PKEY_HASH_SIZE; iter++) {
INIT_LIST_HEAD(&sel_ib_pkey_hash[iter].list);
sel_ib_pkey_hash[iter].size = 0;
}
return 0;
}
subsys_initcall(sel_ib_pkey_init);
Reference in New Issue View Git Blame Copy Permalink