On 4/24/2013 5:10 AM, Mimi Zohar wrote: > (Reposting with expanded 'cc' list.) > > Included in the EVM hmac calculation is the i_mode. Any changes to > the i_mode need to be reflected in the hmac. shmem_mknod() currently > calls posix_acl_init(), which modifies the i_mode, after calling > security_inode_init_security(). This patch reverses the order in > which they are called.
I haven't tried this with Smack, but I don't anticipate any issues. > Reported-by: Sven Vermeulen <[email protected]> > Signed-off-by: Mimi Zohar <[email protected]> > --- > mm/shmem.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/mm/shmem.c b/mm/shmem.c > index 1c44af7..398c195 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -1937,6 +1937,13 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, > umode_t mode, dev_t dev) > > inode = shmem_get_inode(dir->i_sb, dir, mode, dev, VM_NORESERVE); > if (inode) { > +#ifdef CONFIG_TMPFS_POSIX_ACL > + error = generic_acl_init(inode, dir); > + if (error) { > + iput(inode); > + return error; > + } > +#endif > error = security_inode_init_security(inode, dir, > &dentry->d_name, > shmem_initxattrs, NULL); > @@ -1946,15 +1953,8 @@ shmem_mknod(struct inode *dir, struct dentry *dentry, > umode_t mode, dev_t dev) > return error; > } > } > -#ifdef CONFIG_TMPFS_POSIX_ACL > - error = generic_acl_init(inode, dir); > - if (error) { > - iput(inode); > - return error; > - } > -#else > + > error = 0; > -#endif > dir->i_size += BOGO_DIRENT_SIZE; > dir->i_ctime = dir->i_mtime = CURRENT_TIME; > d_instantiate(dentry, inode); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
