[PATCH] [RFC] security: add hook inode_post_removexattr
Add hook inode_post_removexattr for updating inode security field after
successful removexattr operation.
Signed-off-by: Hawk Xu <[EMAIL PROTECTED]>
---
fs/xattr.c |7 +--
include/linux/security.h | 19 +++
security/dummy.c |6 ++
3 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 4523aca..22c2438 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -180,10 +180,13 @@ vfs_removexattr(struct dentry *dentry, char *name)
mutex_lock(>i_mutex);
error = inode->i_op->removexattr(dentry, name);
+ if (!error) {
+ fsnotify_xattr(dentry);
+ security_inode_post_removexattr(dentry, name, value,
+ size, flags);
+ }
mutex_unlock(>i_mutex);
- if (!error)
- fsnotify_xattr(dentry);
return error;
}
EXPORT_SYMBOL_GPL(vfs_removexattr);
diff --git a/include/linux/security.h b/include/linux/security.h
index 1a362c8..5100b23 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -393,6 +393,9 @@ struct request_sock;
* Check permission before removing the extended attribute
* identified by @name for @dentry.
* Return 0 if permission is granted.
+ * @inode_post_removexattr:
+ * Update inode security field after successful removexattr operation.
+ * @value identified by @name for @dentry.
* @inode_getsecurity:
* Copy the extended attribute representation of the security label
* associated with @name for @inode into @buffer. @buffer may be
@@ -1234,6 +1237,8 @@ struct security_operations {
int (*inode_getxattr) (struct dentry *dentry, char *name);
int (*inode_listxattr) (struct dentry *dentry);
int (*inode_removexattr) (struct dentry *dentry, char *name);
+ void (*inode_post_removexattr) (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags);
const char *(*inode_xattr_getsuffix) (void);
int (*inode_getsecurity)(const struct inode *inode, const char *name,
void *buffer, size_t size, int err);
int (*inode_setsecurity)(struct inode *inode, const char *name, const
void *value, size_t size, int flags);
@@ -1769,6 +1774,15 @@ static inline int security_inode_removexattr (struct
dentry *dentry, char *name)
return security_ops->inode_removexattr (dentry, name);
}
+static inline void security_inode_post_removexattr (struct dentry *dentry,
+ char *name, void *value,
+ size_t size, int flags)
+{
+ if (unlikely (IS_PRIVATE (dentry->d_inode)))
+ return;
+ security_ops->inode_post_removexattr (dentry, name, value, size, flags);
+}
+
static inline const char *security_inode_xattr_getsuffix(void)
{
return security_ops->inode_xattr_getsuffix();
@@ -2452,6 +2466,11 @@ static inline int security_inode_removexattr (struct
dentry *dentry, char *name)
return cap_inode_removexattr(dentry, name);
}
+static inline void security_inode_post_removexattr (struct dentry *dentry,
+ char *name, void *value,
+ size_t size, int flags)
+{ }
+
static inline const char *security_inode_xattr_getsuffix (void)
{
return NULL ;
diff --git a/security/dummy.c b/security/dummy.c
index bdd0d70..4953f06 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -377,6 +377,11 @@ static int dummy_inode_removexattr (struct dentry *dentry,
char *name)
return 0;
}
+static void dummy_inode_post_removexattr (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags)
+{
+}
+
static int dummy_inode_getsecurity(const struct inode *inode, const char
*name, void *buffer, size_t size, int err)
{
return -EOPNOTSUPP;
@@ -1014,6 +1019,7 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, inode_getxattr);
set_to_dummy_if_null(ops, inode_listxattr);
set_to_dummy_if_null(ops, inode_removexattr);
+ set_to_dummy_if_null(ops, inode_post_removexattr);
set_to_dummy_if_null(ops, inode_xattr_getsuffix);
set_to_dummy_if_null(ops, inode_getsecurity);
set_to_dummy_if_null(ops, inode_setsecurity);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] [RFC] security: add hook inode_post_removexattr
Add hook inode_post_removexattr for updating inode security field after
successful removexattr operation.
Signed-off-by: Hawk Xu [EMAIL PROTECTED]
---
fs/xattr.c |7 +--
include/linux/security.h | 19 +++
security/dummy.c |6 ++
3 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 4523aca..22c2438 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -180,10 +180,13 @@ vfs_removexattr(struct dentry *dentry, char *name)
mutex_lock(inode-i_mutex);
error = inode-i_op-removexattr(dentry, name);
+ if (!error) {
+ fsnotify_xattr(dentry);
+ security_inode_post_removexattr(dentry, name, value,
+ size, flags);
+ }
mutex_unlock(inode-i_mutex);
- if (!error)
- fsnotify_xattr(dentry);
return error;
}
EXPORT_SYMBOL_GPL(vfs_removexattr);
diff --git a/include/linux/security.h b/include/linux/security.h
index 1a362c8..5100b23 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -393,6 +393,9 @@ struct request_sock;
* Check permission before removing the extended attribute
* identified by @name for @dentry.
* Return 0 if permission is granted.
+ * @inode_post_removexattr:
+ * Update inode security field after successful removexattr operation.
+ * @value identified by @name for @dentry.
* @inode_getsecurity:
* Copy the extended attribute representation of the security label
* associated with @name for @inode into @buffer. @buffer may be
@@ -1234,6 +1237,8 @@ struct security_operations {
int (*inode_getxattr) (struct dentry *dentry, char *name);
int (*inode_listxattr) (struct dentry *dentry);
int (*inode_removexattr) (struct dentry *dentry, char *name);
+ void (*inode_post_removexattr) (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags);
const char *(*inode_xattr_getsuffix) (void);
int (*inode_getsecurity)(const struct inode *inode, const char *name,
void *buffer, size_t size, int err);
int (*inode_setsecurity)(struct inode *inode, const char *name, const
void *value, size_t size, int flags);
@@ -1769,6 +1774,15 @@ static inline int security_inode_removexattr (struct
dentry *dentry, char *name)
return security_ops-inode_removexattr (dentry, name);
}
+static inline void security_inode_post_removexattr (struct dentry *dentry,
+ char *name, void *value,
+ size_t size, int flags)
+{
+ if (unlikely (IS_PRIVATE (dentry-d_inode)))
+ return;
+ security_ops-inode_post_removexattr (dentry, name, value, size, flags);
+}
+
static inline const char *security_inode_xattr_getsuffix(void)
{
return security_ops-inode_xattr_getsuffix();
@@ -2452,6 +2466,11 @@ static inline int security_inode_removexattr (struct
dentry *dentry, char *name)
return cap_inode_removexattr(dentry, name);
}
+static inline void security_inode_post_removexattr (struct dentry *dentry,
+ char *name, void *value,
+ size_t size, int flags)
+{ }
+
static inline const char *security_inode_xattr_getsuffix (void)
{
return NULL ;
diff --git a/security/dummy.c b/security/dummy.c
index bdd0d70..4953f06 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -377,6 +377,11 @@ static int dummy_inode_removexattr (struct dentry *dentry,
char *name)
return 0;
}
+static void dummy_inode_post_removexattr (struct dentry *dentry, char *name,
+ void *value, size_t size, int flags)
+{
+}
+
static int dummy_inode_getsecurity(const struct inode *inode, const char
*name, void *buffer, size_t size, int err)
{
return -EOPNOTSUPP;
@@ -1014,6 +1019,7 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, inode_getxattr);
set_to_dummy_if_null(ops, inode_listxattr);
set_to_dummy_if_null(ops, inode_removexattr);
+ set_to_dummy_if_null(ops, inode_post_removexattr);
set_to_dummy_if_null(ops, inode_xattr_getsuffix);
set_to_dummy_if_null(ops, inode_getsecurity);
set_to_dummy_if_null(ops, inode_setsecurity);
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: Aiee, killing interrupt handler!
Chuck Ebbert wrote: Our server(running Oracle 10g) is having a kernel panic problem: <> Process swapper (pid: 0, threadinfo 80582000, task 80464300) Stack: 0296 8013f325 81007f7f54d0 0100 0001 000e 8053e098 8013f3a5 81007f7f54d0 810002c10a20 You need to post the entire oops message, not just the last part. It should start with "BUG". And using a more recent kernel would be a good idea. I'm sorry, but that's all we have now. Our customer just sent us a photo of the kernel panic screen. Our customer is running Oracle10g(64bit) and an 32-bit daemon application on our server. Our client also sent the /var/log/kernel file to us. According to the log file, everytime before kernel panic, there are some error messages. The server encountered kernel panic three times, below are the error messages before each time: 1) Dec 14 14:00:39 kf85-1 kernel: set_local_var[1886]: segfault at fffc rip 55f41d69 rsp b358 error 6 2) Dec 15 10:03:17 kf85-1 kernel: set_local_var[2459]: segfault at fffc rip 55f41d69 rsp c2e8 error 6 Dec 15 10:36:27 kf85-1 kernel: modeling[12173] trap bounds rip:806aec8 rsp:9820 error:0 Dec 15 10:51:49 kf85-1 kernel: modeling[14405]: segfault at 0008 rip 56b97e8c rsp aa78 error 6 Dec 15 11:09:14 kf85-1 kernel: set_local_var[20817]: segfault at fffc rip 55f41d69 rsp c928 error 6 Dec 15 11:16:29 kf85-1 kernel: set_local_var[21760]: segfault at fffc rip 55f41d69 rsp bd98 error 6 Dec 15 15:10:52 kf85-1 kernel: rtdb_server[17604] trap bounds rip:80f5247 rsp:5b9f9040 error:0 Dec 15 15:11:01 kf85-1 kernel: rtdb_server[18631] trap bounds rip:80f5247 rsp:58905040 error:0 Dec 15 15:11:16 kf85-1 kernel: rtdb_server[18718] trap bounds rip:80f5247 rsp:59300040 error:0 Dec 15 15:11:23 kf85-1 kernel: rtdb_server[18762] trap bounds rip:80f5247 rsp:59106040 error:0 Dec 15 15:14:17 kf85-1 kernel: rtdb_server[18869] trap bounds rip:80f5247 rsp:5b10a040 error:0 Dec 15 15:14:22 kf85-1 kernel: rtdb_server[19567] trap bounds rip:80f5247 rsp:59106040 error:0 Dec 15 15:14:32 kf85-1 kernel: rtdb_server[19586] trap bounds rip:80f5247 rsp:57903040 error:0 3) Dec 15 15:48:30 kf85-1 kernel: set_local_var[2430]: segfault at fffc rip 55f41d69 rsp c7f8 error 6 Dec 15 16:16:17 kf85-1 kernel: GFileManager[10453]: segfault at 3135 rip 574d5f99 rsp 597b3158 error 6 And I didn't figure out why the kernel panic was not in the kernel log file. Thanks! hxu - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Aiee, killing interrupt handler!
Chuck Ebbert wrote: Our server(running Oracle 10g) is having a kernel panic problem: Process swapper (pid: 0, threadinfo 80582000, task 80464300) Stack: 0296 8013f325 81007f7f54d0 0100 0001 000e 8053e098 8013f3a5 81007f7f54d0 810002c10a20 You need to post the entire oops message, not just the last part. It should start with BUG. And using a more recent kernel would be a good idea. I'm sorry, but that's all we have now. Our customer just sent us a photo of the kernel panic screen. Our customer is running Oracle10g(64bit) and an 32-bit daemon application on our server. Our client also sent the /var/log/kernel file to us. According to the log file, everytime before kernel panic, there are some error messages. The server encountered kernel panic three times, below are the error messages before each time: 1) Dec 14 14:00:39 kf85-1 kernel: set_local_var[1886]: segfault at fffc rip 55f41d69 rsp b358 error 6 2) Dec 15 10:03:17 kf85-1 kernel: set_local_var[2459]: segfault at fffc rip 55f41d69 rsp c2e8 error 6 Dec 15 10:36:27 kf85-1 kernel: modeling[12173] trap bounds rip:806aec8 rsp:9820 error:0 Dec 15 10:51:49 kf85-1 kernel: modeling[14405]: segfault at 0008 rip 56b97e8c rsp aa78 error 6 Dec 15 11:09:14 kf85-1 kernel: set_local_var[20817]: segfault at fffc rip 55f41d69 rsp c928 error 6 Dec 15 11:16:29 kf85-1 kernel: set_local_var[21760]: segfault at fffc rip 55f41d69 rsp bd98 error 6 Dec 15 15:10:52 kf85-1 kernel: rtdb_server[17604] trap bounds rip:80f5247 rsp:5b9f9040 error:0 Dec 15 15:11:01 kf85-1 kernel: rtdb_server[18631] trap bounds rip:80f5247 rsp:58905040 error:0 Dec 15 15:11:16 kf85-1 kernel: rtdb_server[18718] trap bounds rip:80f5247 rsp:59300040 error:0 Dec 15 15:11:23 kf85-1 kernel: rtdb_server[18762] trap bounds rip:80f5247 rsp:59106040 error:0 Dec 15 15:14:17 kf85-1 kernel: rtdb_server[18869] trap bounds rip:80f5247 rsp:5b10a040 error:0 Dec 15 15:14:22 kf85-1 kernel: rtdb_server[19567] trap bounds rip:80f5247 rsp:59106040 error:0 Dec 15 15:14:32 kf85-1 kernel: rtdb_server[19586] trap bounds rip:80f5247 rsp:57903040 error:0 3) Dec 15 15:48:30 kf85-1 kernel: set_local_var[2430]: segfault at fffc rip 55f41d69 rsp c7f8 error 6 Dec 15 16:16:17 kf85-1 kernel: GFileManager[10453]: segfault at 3135 rip 574d5f99 rsp 597b3158 error 6 And I didn't figure out why the kernel panic was not in the kernel log file. Thanks! hxu - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Aiee, killing interrupt handler!
Hi!
Our server(running Oracle 10g) is having a kernel panic problem:
Process swapper (pid: 0, threadinfo 80582000, task 80464300)
Stack: 0296 8013f325 81007f7f54d0 0100
0001 000e 8053e098 8013f3a5
81007f7f54d0 810002c10a20
Call Trace: {group_send_sig_info+85}
{send_group_sig_info+53}
{it_real_fn+0} {it_real_fn+22}
{run_timer_softirq+383}
{profile_pc+32}
{__do_softirq+113}
{do_softirq+53}
{apic_timer_interrupt+99}
{kernel_thread+130}
{default_idle+0}
{default_idle+32}
{cpu_idle+74} {start_kernel+469}
{_sinittext+579}
Code: 80 3f 00 7e f9 e9 4a fd ff ff e8 b0 25 ec ff e9 74 fd ff ff
console shuts up ...
<0>Kernel panic - not syncing: Aiee, killing interrupt handler!
And, we have these error messages in the /var/log/kernel file:
Dec 7 17:19:09 kf85-1 kernel: set_local_var[9683]: segfault at
fffc rip 55f41d69 rsp c4e8 error 6
Dec 7 17:27:44 kf85-1 kernel: set_local_var[12020]: segfault at
fffc rip 55f41d69 rsp b978 error 6
Dec 7 17:29:39 kf85-1 kernel: dbi[12608]: segfault at
rip 080ecea8 rsp a0b0 error 4
Dec 14 14:00:39 kf85-1 kernel: set_local_var[1886]: segfault at
fffc rip 55f41d69 rsp b358 error 6
Dec 15 10:03:17 kf85-1 kernel: set_local_var[2459]: segfault at
fffc rip 55f41d69 rsp c2e8 error 6
Dec 15 10:36:27 kf85-1 kernel: modeling[12173] trap bounds rip:806aec8
rsp:9820 error:0
Dec 15 10:51:49 kf85-1 kernel: modeling[14405]: segfault at
0008 rip 56b97e8c rsp aa78 error 6
Dec 15 11:09:14 kf85-1 kernel: set_local_var[20817]: segfault at
fffc rip 55f41d69 rsp c928 error 6
Dec 15 11:16:29 kf85-1 kernel: set_local_var[21760]: segfault at
fffc rip 55f41d69 rsp bd98 error 6
Dec 15 15:10:52 kf85-1 kernel: rtdb_server[17604] trap bounds
rip:80f5247 rsp:5b9f9040 error:0
Dec 15 15:11:01 kf85-1 kernel: rtdb_server[18631] trap bounds
rip:80f5247 rsp:58905040 error:0
Dec 15 15:11:16 kf85-1 kernel: rtdb_server[18718] trap bounds
rip:80f5247 rsp:59300040 error:0
Dec 15 15:11:23 kf85-1 kernel: rtdb_server[18762] trap bounds
rip:80f5247 rsp:59106040 error:0
Dec 15 15:14:17 kf85-1 kernel: rtdb_server[18869] trap bounds
rip:80f5247 rsp:5b10a040 error:0
Dec 15 15:14:22 kf85-1 kernel: rtdb_server[19567] trap bounds
rip:80f5247 rsp:59106040 error:0
Dec 15 15:14:32 kf85-1 kernel: rtdb_server[19586] trap bounds
rip:80f5247 rsp:57903040 error:0
Dec 15 15:48:30 kf85-1 kernel: set_local_var[2430]: segfault at
fffc rip 55f41d69 rsp c7f8 error 6
Dec 15 16:16:17 kf85-1 kernel: GFileManager[10453]: segfault at
3135 rip 574d5f99 rsp 597b3158 error 6
The kernel version is 2.6.12.5. The kernel panic problem happened 3
times last week, and we don't know whether there are some relationships
between the kernel panic and the error messages in the kernel log file.
That's all we know now, the server is in Nanjing, which is 1000
kilometers south of us, and we are not allowed to access the server.
Any help would be great!
Best regards,
hxu
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Aiee, killing interrupt handler!
Hi!
Our server(running Oracle 10g) is having a kernel panic problem:
Process swapper (pid: 0, threadinfo 80582000, task 80464300)
Stack: 0296 8013f325 81007f7f54d0 0100
0001 000e 8053e098 8013f3a5
81007f7f54d0 810002c10a20
Call Trace: IRQ 8013f325{group_send_sig_info+85}
8013f3a5{send_group_sig_info+53}
80137a50{it_real_fn+0} 80137a66{it_real_fn+22}
8013c9bf{run_timer_softirq+383}
80111660{profile_pc+32}
80138921{__do_softirq+113}
801389d5{do_softirq+53}
8010e3d3{apic_timer_interrupt+99} EOI
8010e676{kernel_thread+130}
8010bc40{default_idle+0}
8010bc60{default_idle+32}
8010be9a{cpu_idle+74} 805847b5{start_kernel+469}
80584243{_sinittext+579}
Code: 80 3f 00 7e f9 e9 4a fd ff ff e8 b0 25 ec ff e9 74 fd ff ff
console shuts up ...
0Kernel panic - not syncing: Aiee, killing interrupt handler!
And, we have these error messages in the /var/log/kernel file:
Dec 7 17:19:09 kf85-1 kernel: set_local_var[9683]: segfault at
fffc rip 55f41d69 rsp c4e8 error 6
Dec 7 17:27:44 kf85-1 kernel: set_local_var[12020]: segfault at
fffc rip 55f41d69 rsp b978 error 6
Dec 7 17:29:39 kf85-1 kernel: dbi[12608]: segfault at
rip 080ecea8 rsp a0b0 error 4
Dec 14 14:00:39 kf85-1 kernel: set_local_var[1886]: segfault at
fffc rip 55f41d69 rsp b358 error 6
Dec 15 10:03:17 kf85-1 kernel: set_local_var[2459]: segfault at
fffc rip 55f41d69 rsp c2e8 error 6
Dec 15 10:36:27 kf85-1 kernel: modeling[12173] trap bounds rip:806aec8
rsp:9820 error:0
Dec 15 10:51:49 kf85-1 kernel: modeling[14405]: segfault at
0008 rip 56b97e8c rsp aa78 error 6
Dec 15 11:09:14 kf85-1 kernel: set_local_var[20817]: segfault at
fffc rip 55f41d69 rsp c928 error 6
Dec 15 11:16:29 kf85-1 kernel: set_local_var[21760]: segfault at
fffc rip 55f41d69 rsp bd98 error 6
Dec 15 15:10:52 kf85-1 kernel: rtdb_server[17604] trap bounds
rip:80f5247 rsp:5b9f9040 error:0
Dec 15 15:11:01 kf85-1 kernel: rtdb_server[18631] trap bounds
rip:80f5247 rsp:58905040 error:0
Dec 15 15:11:16 kf85-1 kernel: rtdb_server[18718] trap bounds
rip:80f5247 rsp:59300040 error:0
Dec 15 15:11:23 kf85-1 kernel: rtdb_server[18762] trap bounds
rip:80f5247 rsp:59106040 error:0
Dec 15 15:14:17 kf85-1 kernel: rtdb_server[18869] trap bounds
rip:80f5247 rsp:5b10a040 error:0
Dec 15 15:14:22 kf85-1 kernel: rtdb_server[19567] trap bounds
rip:80f5247 rsp:59106040 error:0
Dec 15 15:14:32 kf85-1 kernel: rtdb_server[19586] trap bounds
rip:80f5247 rsp:57903040 error:0
Dec 15 15:48:30 kf85-1 kernel: set_local_var[2430]: segfault at
fffc rip 55f41d69 rsp c7f8 error 6
Dec 15 16:16:17 kf85-1 kernel: GFileManager[10453]: segfault at
3135 rip 574d5f99 rsp 597b3158 error 6
The kernel version is 2.6.12.5. The kernel panic problem happened 3
times last week, and we don't know whether there are some relationships
between the kernel panic and the error messages in the kernel log file.
That's all we know now, the server is in Nanjing, which is 1000
kilometers south of us, and we are not allowed to access the server.
Any help would be great!
Best regards,
hxu
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
