Commit 69204f6c authored by Konstantin Andreev's avatar Konstantin Andreev Committed by Casey Schaufler
Browse files

smack: always "instantiate" inode in smack_inode_init_security() 



If memory allocation for the SMACK64TRANSMUTE
xattr value fails in smack_inode_init_security(),
the SMK_INODE_INSTANT flag is not set in
(struct inode_smack *issp)->smk_flags,
leaving the inode as not "instantiated".

It does not matter if fs frees the inode
after failed smack_inode_init_security() call,
but there is no guarantee for this.

To be safe, mark the inode as "instantiated",
even if allocation of xattr values fails.

Signed-off-by: default avatarKonstantin Andreev <andreev@swemel.ru>
Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
parent 8e5d9f91

security/smack/smack_lsm.c

+7 −3
Original line number Diff line number Diff line
@@ -1015,6 +1015,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, 
	struct task_smack *tsp = smack_cred(current_cred());

	struct inode_smack * const issp = smack_inode(inode);

	struct smack_known *dsp = smk_of_inode(dir);

	int rc = 0;

	int transflag = 0;

	bool trans_cred;

	bool trans_rule;
@@ -1043,18 +1045,20 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, 
			issp->smk_inode = dsp;



		if (S_ISDIR(inode->i_mode)) {

			issp->smk_flags |= SMK_INODE_TRANSMUTE;

			transflag = SMK_INODE_TRANSMUTE;



			if (xattr_dupval(xattrs, xattr_count,

				XATTR_SMACK_TRANSMUTE,

				TRANS_TRUE,

				TRANS_TRUE_SIZE

			))

				return -ENOMEM;

				rc = -ENOMEM;

		}

	}



	issp->smk_flags |= SMK_INODE_INSTANT;

	issp->smk_flags |= (SMK_INODE_INSTANT | transflag);

	if (rc)

		return rc;



	return xattr_dupval(xattrs, xattr_count,

			    XATTR_SMACK_SUFFIX,