diff options
author | Mickaël Salaün <mic@linux.microsoft.com> | 2021-04-22 17:41:16 +0200 |
---|---|---|
committer | James Morris <jamorris@linux.microsoft.com> | 2021-04-22 12:22:11 -0700 |
commit | 83e804f0bfee2247b1c0aa64845c81a38562da7a (patch) | |
tree | 18a47335116fa823fc6a29cb67c92e412064b583 /fs/super.c | |
parent | cb2c7d1a1776057c9a1f48ed1250d85e94d4850d (diff) |
fs,security: Add sb_delete hook
The sb_delete security hook is called when shutting down a superblock,
which may be useful to release kernel objects tied to the superblock's
lifetime (e.g. inodes).
This new hook is needed by Landlock to release (ephemerally) tagged
struct inodes. This comes from the unprivileged nature of Landlock
described in the next commit.
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: Jann Horn <jannh@google.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-7-mic@digikod.net
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Diffstat (limited to 'fs/super.c')
-rw-r--r-- | fs/super.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/super.c b/fs/super.c index 8c1baca35c16..11b7e7213fd1 100644 --- a/fs/super.c +++ b/fs/super.c @@ -454,6 +454,7 @@ void generic_shutdown_super(struct super_block *sb) evict_inodes(sb); /* only nonzero refcount inodes can have marks */ fsnotify_sb_delete(sb); + security_sb_delete(sb); if (sb->s_dio_done_wq) { destroy_workqueue(sb->s_dio_done_wq); |