namei: make may_follow_link() safe in RCU mode
We *can't* call that audit garbage in RCU mode - it's doing a weird mix of allocations (GFP_NOFS, immediately followed by GFP_KERNEL) and I'm not touching that... thing again. So if this security sclero^Whardening feature gets triggered when we are in RCU mode, tough - we'll fail with -ECHILD and have everything restarted in non-RCU mode. Only to hit the same test and fail, this time with EACCES and with (oh, rapture) an audit spew produced. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
6548fae2ec
commit
31956502dd
@ -794,6 +794,9 @@ static inline int may_follow_link(struct nameidata *nd)
|
||||
if (uid_eq(parent->i_uid, inode->i_uid))
|
||||
return 0;
|
||||
|
||||
if (nd->flags & LOOKUP_RCU)
|
||||
return -ECHILD;
|
||||
|
||||
audit_log_link_denied("follow_link", &nd->stack[0].link);
|
||||
return -EACCES;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user