As requested, this patch checks the existing LSM hooks task_getscheduler/task_setscheduler when reading or modifying the task's timerslack value.
Previous versions added new get/settimerslack LSM hooks, but since they checked the same PROCESS__SET/GETSCHED values as existing hooks, it was suggested we just use the existing ones. Cc: Kees Cook <[email protected]> Cc: "Serge E. Hallyn" <[email protected]> Cc: Andrew Morton <[email protected]> Cc: Thomas Gleixner <[email protected]> CC: Arjan van de Ven <[email protected]> Cc: Oren Laadan <[email protected]> Cc: Ruchi Kandoi <[email protected]> Cc: Rom Lemarchand <[email protected]> Cc: Todd Kjos <[email protected]> Cc: Colin Cross <[email protected]> Cc: Nick Kralevich <[email protected]> Cc: Dmitry Shmidt <[email protected]> Cc: Elliott Hughes <[email protected]> Cc: James Morris <[email protected]> Cc: Android Kernel Team <[email protected]> Cc: [email protected] Cc: [email protected] Signed-off-by: John Stultz <[email protected]> --- v2: * Initial swing at adding settimerslack LSM hook v3: * Fix current/p switchup bug noted by NickK * Add gettimerslack hook suggested by NickK v4: * Dropped adding get/settimerslack LSM hooks, and just reuse the get/setscheduler ones. fs/proc/base.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/proc/base.c b/fs/proc/base.c index c94abae..02f8389 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2286,6 +2286,12 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf, goto out; } + err = security_task_setscheduler(p); + if (err) { + count = err; + goto out; + } + task_lock(p); if (slack_ns == 0) p->timer_slack_ns = p->default_timer_slack_ns; @@ -2314,6 +2320,10 @@ static int timerslack_ns_show(struct seq_file *m, void *v) goto out; } + err = security_task_getscheduler(p); + if (err) + goto out; + task_lock(p); seq_printf(m, "%llu\n", p->timer_slack_ns); task_unlock(p); -- 1.9.1
