X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=security%2Fdevice_cgroup.c;h=7bd296cca041aaa7e62a3f923182ff7ac2adf5ef;hb=b9a3b1102bc80b4044224494100f67de132d5448;hp=4237b19e8fb3c43a0dcb16572a02cea76e221e69;hpb=08ce5f16ee466ffc5bf243800deeecd77d9eaf50;p=safe%2Fjmp%2Flinux-2.6 diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 4237b19..7bd296c 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -9,6 +9,7 @@ #include #include #include +#include #define ACC_MKNOD 1 #define ACC_READ 2 @@ -40,6 +41,7 @@ struct dev_whitelist_item { short type; short access; struct list_head list; + struct rcu_head rcu; }; struct dev_cgroup { @@ -48,10 +50,19 @@ struct dev_cgroup { spinlock_t lock; }; +static inline struct dev_cgroup *css_to_devcgroup(struct cgroup_subsys_state *s) +{ + return container_of(s, struct dev_cgroup, css); +} + static inline struct dev_cgroup *cgroup_to_devcgroup(struct cgroup *cgroup) { - return container_of(cgroup_subsys_state(cgroup, devices_subsys_id), - struct dev_cgroup, css); + return css_to_devcgroup(cgroup_subsys_state(cgroup, devices_subsys_id)); +} + +static inline struct dev_cgroup *task_devcgroup(struct task_struct *task) +{ + return css_to_devcgroup(task_subsys_state(task, devices_subsys_id)); } struct cgroup_subsys devices_subsys; @@ -101,7 +112,7 @@ free_and_exit: static int dev_whitelist_add(struct dev_cgroup *dev_cgroup, struct dev_whitelist_item *wh) { - struct dev_whitelist_item *whcopy; + struct dev_whitelist_item *whcopy, *walk; whcopy = kmalloc(sizeof(*whcopy), GFP_KERNEL); if (!whcopy) @@ -109,11 +120,33 @@ static int dev_whitelist_add(struct dev_cgroup *dev_cgroup, memcpy(whcopy, wh, sizeof(*whcopy)); spin_lock(&dev_cgroup->lock); - list_add_tail(&whcopy->list, &dev_cgroup->whitelist); + list_for_each_entry(walk, &dev_cgroup->whitelist, list) { + if (walk->type != wh->type) + continue; + if (walk->major != wh->major) + continue; + if (walk->minor != wh->minor) + continue; + + walk->access |= wh->access; + kfree(whcopy); + whcopy = NULL; + } + + if (whcopy != NULL) + list_add_tail_rcu(&whcopy->list, &dev_cgroup->whitelist); spin_unlock(&dev_cgroup->lock); return 0; } +static void whitelist_item_free(struct rcu_head *rcu) +{ + struct dev_whitelist_item *item; + + item = container_of(rcu, struct dev_whitelist_item, rcu); + kfree(item); +} + /* * called under cgroup_lock() * since the list is visible to other tasks, we need the spinlock also @@ -137,8 +170,8 @@ static void dev_whitelist_rm(struct dev_cgroup *dev_cgroup, remove: walk->access &= ~wh->access; if (!walk->access) { - list_del(&walk->list); - kfree(walk); + list_del_rcu(&walk->list); + call_rcu(&walk->rcu, whitelist_item_free); } } spin_unlock(&dev_cgroup->lock); @@ -169,7 +202,7 @@ static struct cgroup_subsys_state *devcgroup_create(struct cgroup_subsys *ss, } wh->minor = wh->major = ~0; wh->type = DEV_ALL; - wh->access = ACC_MKNOD | ACC_READ | ACC_WRITE; + wh->access = ACC_MASK; list_add(&wh->list, &dev_cgroup->whitelist); } else { parent_dev_cgroup = cgroup_to_devcgroup(parent_cgroup); @@ -201,11 +234,15 @@ static void devcgroup_destroy(struct cgroup_subsys *ss, #define DEVCG_ALLOW 1 #define DEVCG_DENY 2 +#define DEVCG_LIST 3 + +#define MAJMINLEN 13 +#define ACCLEN 4 static void set_access(char *acc, short access) { int idx = 0; - memset(acc, 0, 4); + memset(acc, 0, ACCLEN); if (access & ACC_READ) acc[idx++] = 'r'; if (access & ACC_WRITE) @@ -225,70 +262,32 @@ static char type_to_char(short type) return 'X'; } -static void set_majmin(char *str, int len, unsigned m) +static void set_majmin(char *str, unsigned m) { - memset(str, 0, len); if (m == ~0) - sprintf(str, "*"); + strcpy(str, "*"); else - snprintf(str, len, "%d", m); + sprintf(str, "%u", m); } -static char *print_whitelist(struct dev_cgroup *devcgroup, int *len) +static int devcgroup_seq_read(struct cgroup *cgroup, struct cftype *cft, + struct seq_file *m) { - char *buf, *s, acc[4]; + struct dev_cgroup *devcgroup = cgroup_to_devcgroup(cgroup); struct dev_whitelist_item *wh; - int ret; - int count = 0; - char maj[10], min[10]; + char maj[MAJMINLEN], min[MAJMINLEN], acc[ACCLEN]; - buf = kmalloc(4096, GFP_KERNEL); - if (!buf) - return ERR_PTR(-ENOMEM); - s = buf; - *s = '\0'; - *len = 0; - - spin_lock(&devcgroup->lock); - list_for_each_entry(wh, &devcgroup->whitelist, list) { + rcu_read_lock(); + list_for_each_entry_rcu(wh, &devcgroup->whitelist, list) { set_access(acc, wh->access); - set_majmin(maj, 10, wh->major); - set_majmin(min, 10, wh->minor); - ret = snprintf(s, 4095-(s-buf), "%c %s:%s %s\n", - type_to_char(wh->type), maj, min, acc); - if (s+ret >= buf+4095) { - kfree(buf); - buf = ERR_PTR(-ENOMEM); - break; - } - s += ret; - *len += ret; - count++; + set_majmin(maj, wh->major); + set_majmin(min, wh->minor); + seq_printf(m, "%c %s:%s %s\n", type_to_char(wh->type), + maj, min, acc); } - spin_unlock(&devcgroup->lock); - - return buf; -} + rcu_read_unlock(); -static ssize_t devcgroup_access_read(struct cgroup *cgroup, - struct cftype *cft, struct file *file, - char __user *userbuf, size_t nbytes, loff_t *ppos) -{ - struct dev_cgroup *devcgroup = cgroup_to_devcgroup(cgroup); - int filetype = cft->private; - char *buffer; - int uninitialized_var(len); - int retval; - - if (filetype != DEVCG_ALLOW) - return -EINVAL; - buffer = print_whitelist(devcgroup, &len); - if (IS_ERR(buffer)) - return PTR_ERR(buffer); - - retval = simple_read_from_buffer(userbuf, nbytes, ppos, buffer, len); - kfree(buffer); - return retval; + return 0; } /* @@ -314,7 +313,7 @@ static int may_access_whitelist(struct dev_cgroup *c, continue; if (whitem->minor != ~0 && whitem->minor != refwh->minor) continue; - if (refwh->access & (~(whitem->access | ACC_MASK))) + if (refwh->access & (~whitem->access)) continue; return 1; } @@ -326,10 +325,10 @@ static int may_access_whitelist(struct dev_cgroup *c, * when adding a new allow rule to a device whitelist, the rule * must be allowed in the parent device */ -static int parent_has_perm(struct cgroup *childcg, +static int parent_has_perm(struct dev_cgroup *childcg, struct dev_whitelist_item *wh) { - struct cgroup *pcg = childcg->parent; + struct cgroup *pcg = childcg->css.cgroup->parent; struct dev_cgroup *parent; int ret; @@ -355,39 +354,19 @@ static int parent_has_perm(struct cgroup *childcg, * new access is only allowed if you're in the top-level cgroup, or your * parent cgroup has the access you're asking for. */ -static ssize_t devcgroup_access_write(struct cgroup *cgroup, struct cftype *cft, - struct file *file, const char __user *userbuf, - size_t nbytes, loff_t *ppos) +static int devcgroup_update_access(struct dev_cgroup *devcgroup, + int filetype, const char *buffer) { - struct cgroup *cur_cgroup; - struct dev_cgroup *devcgroup, *cur_devcgroup; - int filetype = cft->private; - char *buffer, *b; + struct dev_cgroup *cur_devcgroup; + const char *b; + char *endp; int retval = 0, count; struct dev_whitelist_item wh; if (!capable(CAP_SYS_ADMIN)) return -EPERM; - devcgroup = cgroup_to_devcgroup(cgroup); - cur_cgroup = task_cgroup(current, devices_subsys.subsys_id); - cur_devcgroup = cgroup_to_devcgroup(cur_cgroup); - - buffer = kmalloc(nbytes+1, GFP_KERNEL); - if (!buffer) - return -ENOMEM; - - if (copy_from_user(buffer, userbuf, nbytes)) { - retval = -EFAULT; - goto out1; - } - buffer[nbytes] = 0; /* nul-terminate */ - - cgroup_lock(); - if (cgroup_is_removed(cgroup)) { - retval = -ENODEV; - goto out2; - } + cur_devcgroup = task_devcgroup(current); memset(&wh, 0, sizeof(wh)); b = buffer; @@ -396,6 +375,8 @@ static ssize_t devcgroup_access_write(struct cgroup *cgroup, struct cftype *cft, case 'a': wh.type = DEV_ALL; wh.access = ACC_MASK; + wh.major = ~0; + wh.minor = ~0; goto handle; case 'b': wh.type = DEV_BLOCK; @@ -404,32 +385,23 @@ static ssize_t devcgroup_access_write(struct cgroup *cgroup, struct cftype *cft, wh.type = DEV_CHAR; break; default: - retval = -EINVAL; - goto out2; + return -EINVAL; } b++; - if (!isspace(*b)) { - retval = -EINVAL; - goto out2; - } + if (!isspace(*b)) + return -EINVAL; b++; if (*b == '*') { wh.major = ~0; b++; } else if (isdigit(*b)) { - wh.major = 0; - while (isdigit(*b)) { - wh.major = wh.major*10+(*b-'0'); - b++; - } + wh.major = simple_strtoul(b, &endp, 10); + b = endp; } else { - retval = -EINVAL; - goto out2; - } - if (*b != ':') { - retval = -EINVAL; - goto out2; + return -EINVAL; } + if (*b != ':') + return -EINVAL; b++; /* read minor */ @@ -437,19 +409,13 @@ static ssize_t devcgroup_access_write(struct cgroup *cgroup, struct cftype *cft, wh.minor = ~0; b++; } else if (isdigit(*b)) { - wh.minor = 0; - while (isdigit(*b)) { - wh.minor = wh.minor*10+(*b-'0'); - b++; - } + wh.minor = simple_strtoul(b, &endp, 10); + b = endp; } else { - retval = -EINVAL; - goto out2; - } - if (!isspace(*b)) { - retval = -EINVAL; - goto out2; + return -EINVAL; } + if (!isspace(*b)) + return -EINVAL; for (b++, count = 0; count < 3; count++, b++) { switch (*b) { case 'r': @@ -466,8 +432,7 @@ static ssize_t devcgroup_access_write(struct cgroup *cgroup, struct cftype *cft, count = 3; break; default: - retval = -EINVAL; - goto out2; + return -EINVAL; } } @@ -475,41 +440,46 @@ handle: retval = 0; switch (filetype) { case DEVCG_ALLOW: - if (!parent_has_perm(cgroup, &wh)) - retval = -EPERM; - else - retval = dev_whitelist_add(devcgroup, &wh); - break; + if (!parent_has_perm(devcgroup, &wh)) + return -EPERM; + return dev_whitelist_add(devcgroup, &wh); case DEVCG_DENY: dev_whitelist_rm(devcgroup, &wh); break; default: - retval = -EINVAL; - goto out2; + return -EINVAL; } + return 0; +} - if (retval == 0) - retval = nbytes; - -out2: +static int devcgroup_access_write(struct cgroup *cgrp, struct cftype *cft, + const char *buffer) +{ + int retval; + if (!cgroup_lock_live_group(cgrp)) + return -ENODEV; + retval = devcgroup_update_access(cgroup_to_devcgroup(cgrp), + cft->private, buffer); cgroup_unlock(); -out1: - kfree(buffer); return retval; } static struct cftype dev_cgroup_files[] = { { .name = "allow", - .read = devcgroup_access_read, - .write = devcgroup_access_write, + .write_string = devcgroup_access_write, .private = DEVCG_ALLOW, }, { .name = "deny", - .write = devcgroup_access_write, + .write_string = devcgroup_access_write, .private = DEVCG_DENY, }, + { + .name = "list", + .read_seq_string = devcgroup_seq_read, + .private = DEVCG_LIST, + }, }; static int devcgroup_populate(struct cgroup_subsys *ss, @@ -530,7 +500,6 @@ struct cgroup_subsys devices_subsys = { int devcgroup_inode_permission(struct inode *inode, int mask) { - struct cgroup *cgroup; struct dev_cgroup *dev_cgroup; struct dev_whitelist_item *wh; @@ -539,13 +508,13 @@ int devcgroup_inode_permission(struct inode *inode, int mask) return 0; if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode)) return 0; - cgroup = task_cgroup(current, devices_subsys.subsys_id); - dev_cgroup = cgroup_to_devcgroup(cgroup); + dev_cgroup = css_to_devcgroup(task_subsys_state(current, + devices_subsys_id)); if (!dev_cgroup) return 0; - spin_lock(&dev_cgroup->lock); - list_for_each_entry(wh, &dev_cgroup->whitelist, list) { + rcu_read_lock(); + list_for_each_entry_rcu(wh, &dev_cgroup->whitelist, list) { if (wh->type & DEV_ALL) goto acc_check; if ((wh->type & DEV_BLOCK) && !S_ISBLK(inode->i_mode)) @@ -561,26 +530,25 @@ acc_check: continue; if ((mask & MAY_READ) && !(wh->access & ACC_READ)) continue; - spin_unlock(&dev_cgroup->lock); + rcu_read_unlock(); return 0; } - spin_unlock(&dev_cgroup->lock); + rcu_read_unlock(); return -EPERM; } int devcgroup_inode_mknod(int mode, dev_t dev) { - struct cgroup *cgroup; struct dev_cgroup *dev_cgroup; struct dev_whitelist_item *wh; - cgroup = task_cgroup(current, devices_subsys.subsys_id); - dev_cgroup = cgroup_to_devcgroup(cgroup); + dev_cgroup = css_to_devcgroup(task_subsys_state(current, + devices_subsys_id)); if (!dev_cgroup) return 0; - spin_lock(&dev_cgroup->lock); + rcu_read_lock(); list_for_each_entry(wh, &dev_cgroup->whitelist, list) { if (wh->type & DEV_ALL) goto acc_check; @@ -595,9 +563,9 @@ int devcgroup_inode_mknod(int mode, dev_t dev) acc_check: if (!(wh->access & ACC_MKNOD)) continue; - spin_unlock(&dev_cgroup->lock); + rcu_read_unlock(); return 0; } - spin_unlock(&dev_cgroup->lock); + rcu_read_unlock(); return -EPERM; }