From c6f493d631c4d40cea5c36055f9148f547b200af Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 17 Mar 2015 22:26:22 +0000 Subject: VFS: security/: d_backing_inode() annotations most of the ->d_inode uses there refer to the same inode IO would go to, i.e. d_backing_inode() Signed-off-by: David Howells Signed-off-by: Al Viro --- security/apparmor/file.c | 6 ++--- security/apparmor/lsm.c | 18 ++++++------- security/commoncap.c | 6 ++--- security/integrity/evm/evm_crypto.c | 4 +-- security/integrity/evm/evm_main.c | 18 ++++++------- security/integrity/ima/ima_appraise.c | 10 +++---- security/lsm_audit.c | 4 +-- security/security.c | 50 +++++++++++++++++------------------ security/selinux/hooks.c | 36 ++++++++++++------------- security/smack/smack_lsm.c | 46 ++++++++++++++++---------------- security/tomoyo/condition.c | 2 +- security/tomoyo/realpath.c | 10 +++---- 12 files changed, 105 insertions(+), 105 deletions(-) (limited to 'security') diff --git a/security/apparmor/file.c b/security/apparmor/file.c index fdaa50cb1876..913f377a038a 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -259,7 +259,7 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, */ static inline bool is_deleted(struct dentry *dentry) { - if (d_unlinked(dentry) && dentry->d_inode->i_nlink == 0) + if (d_unlinked(dentry) && d_backing_inode(dentry)->i_nlink == 0) return 1; return 0; } @@ -351,8 +351,8 @@ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, struct path link = { new_dir->mnt, new_dentry }; struct path target = { new_dir->mnt, old_dentry }; struct path_cond cond = { - old_dentry->d_inode->i_uid, - old_dentry->d_inode->i_mode + d_backing_inode(old_dentry)->i_uid, + d_backing_inode(old_dentry)->i_mode }; char *buffer = NULL, *buffer2 = NULL; const char *lname, *tname = NULL, *info = NULL; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dd56bffd6500..e5f1561439db 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -204,8 +204,8 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, struct dentry *dentry, u32 mask) { struct path path = { mnt, dentry }; - struct path_cond cond = { dentry->d_inode->i_uid, - dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(dentry)->i_uid, + d_backing_inode(dentry)->i_mode }; return common_perm(op, &path, mask, &cond); @@ -223,7 +223,7 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, static int common_perm_rm(int op, struct path *dir, struct dentry *dentry, u32 mask) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct path_cond cond = { }; if (!inode || !dir->mnt || !mediated_filesystem(dentry)) @@ -281,8 +281,8 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, static int apparmor_path_truncate(struct path *path) { - struct path_cond cond = { path->dentry->d_inode->i_uid, - path->dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; if (!path->mnt || !mediated_filesystem(path->dentry)) @@ -327,8 +327,8 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, if (!unconfined(profile)) { struct path old_path = { old_dir->mnt, old_dentry }; struct path new_path = { new_dir->mnt, new_dentry }; - struct path_cond cond = { old_dentry->d_inode->i_uid, - old_dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(old_dentry)->i_uid, + d_backing_inode(old_dentry)->i_mode }; error = aa_path_perm(OP_RENAME_SRC, profile, &old_path, 0, @@ -354,8 +354,8 @@ static int apparmor_path_chmod(struct path *path, umode_t mode) static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) { - struct path_cond cond = { path->dentry->d_inode->i_uid, - path->dentry->d_inode->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; if (!mediated_filesystem(path->dentry)) diff --git a/security/commoncap.c b/security/commoncap.c index f66713bd7450..f2875cd9f677 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -297,7 +297,7 @@ static inline void bprm_clear_caps(struct linux_binprm *bprm) */ int cap_inode_need_killpriv(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); int error; if (!inode->i_op->getxattr) @@ -319,7 +319,7 @@ int cap_inode_need_killpriv(struct dentry *dentry) */ int cap_inode_killpriv(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!inode->i_op->removexattr) return 0; @@ -375,7 +375,7 @@ static inline int bprm_caps_from_vfs_caps(struct cpu_vfs_cap_data *caps, */ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); __u32 magic_etc; unsigned tocopy, i; int size; diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index 5e9687f02e1b..159ef3ea4130 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -131,7 +131,7 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, size_t req_xattr_value_len, char type, char *digest) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct shash_desc *desc; char **xattrname; size_t xattr_size = 0; @@ -199,7 +199,7 @@ int evm_calc_hash(struct dentry *dentry, const char *req_xattr_name, int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, const char *xattr_value, size_t xattr_value_len) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct evm_ima_xattr_data xattr_data; int rc = 0; diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index f589c9a05da2..10f994307a04 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -72,7 +72,7 @@ static void __init evm_init_config(void) static int evm_find_protected_xattrs(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); char **xattr; int error; int count = 0; @@ -165,8 +165,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, /* Replace RSA with HMAC if not mounted readonly and * not immutable */ - if (!IS_RDONLY(dentry->d_inode) && - !IS_IMMUTABLE(dentry->d_inode)) + if (!IS_RDONLY(d_backing_inode(dentry)) && + !IS_IMMUTABLE(d_backing_inode(dentry))) evm_update_evmxattr(dentry, xattr_name, xattr_value, xattr_value_len); @@ -235,7 +235,7 @@ enum integrity_status evm_verifyxattr(struct dentry *dentry, return INTEGRITY_UNKNOWN; if (!iint) { - iint = integrity_iint_find(dentry->d_inode); + iint = integrity_iint_find(d_backing_inode(dentry)); if (!iint) return INTEGRITY_UNKNOWN; } @@ -253,7 +253,7 @@ EXPORT_SYMBOL_GPL(evm_verifyxattr); */ static enum integrity_status evm_verify_current_integrity(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!evm_initialized || !S_ISREG(inode->i_mode) || evm_fixmode) return 0; @@ -293,13 +293,13 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, if (evm_status == INTEGRITY_NOXATTRS) { struct integrity_iint_cache *iint; - iint = integrity_iint_find(dentry->d_inode); + iint = integrity_iint_find(d_backing_inode(dentry)); if (iint && (iint->flags & IMA_NEW_FILE)) return 0; } out: if (evm_status != INTEGRITY_PASS) - integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode, + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry), dentry->d_name.name, "appraise_metadata", integrity_status_msg[evm_status], -EPERM, 0); @@ -379,7 +379,7 @@ void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name, */ void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!evm_initialized || !evm_protected_xattr(xattr_name)) return; @@ -404,7 +404,7 @@ int evm_inode_setattr(struct dentry *dentry, struct iattr *attr) if ((evm_status == INTEGRITY_PASS) || (evm_status == INTEGRITY_NOXATTRS)) return 0; - integrity_audit_msg(AUDIT_INTEGRITY_METADATA, dentry->d_inode, + integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry), dentry->d_name.name, "appraise_metadata", integrity_status_msg[evm_status], -EPERM, 0); return -EPERM; diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index fffcdb0b31f0..4df493e4b3c9 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -165,7 +165,7 @@ void ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, int xattr_len, int ima_read_xattr(struct dentry *dentry, struct evm_ima_xattr_data **xattr_value) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (!inode->i_op->getxattr) return 0; @@ -190,7 +190,7 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, static const char op[] = "appraise_data"; char *cause = "unknown"; struct dentry *dentry = file->f_path.dentry; - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); enum integrity_status status = INTEGRITY_UNKNOWN; int rc = xattr_len, hash_start = 0; @@ -314,7 +314,7 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file) */ void ima_inode_post_setattr(struct dentry *dentry) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct integrity_iint_cache *iint; int must_appraise, rc; @@ -380,7 +380,7 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, if (result == 1) { if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) return -EINVAL; - ima_reset_appraise_flags(dentry->d_inode, + ima_reset_appraise_flags(d_backing_inode(dentry), (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0); result = 0; } @@ -393,7 +393,7 @@ int ima_inode_removexattr(struct dentry *dentry, const char *xattr_name) result = ima_protect_xattr(dentry, xattr_name, NULL, 0); if (result == 1) { - ima_reset_appraise_flags(dentry->d_inode, 0); + ima_reset_appraise_flags(d_backing_inode(dentry), 0); result = 0; } return result; diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 69fdf3bc765b..3b27e9928238 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -237,7 +237,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, audit_log_d_path(ab, " path=", &a->u.path); - inode = a->u.path.dentry->d_inode; + inode = d_backing_inode(a->u.path.dentry); if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); @@ -251,7 +251,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, audit_log_format(ab, " name="); audit_log_untrustedstring(ab, a->u.dentry->d_name.name); - inode = a->u.dentry->d_inode; + inode = d_backing_inode(a->u.dentry); if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); diff --git a/security/security.c b/security/security.c index 730ac65a5737..8e9b1f4b9b45 100644 --- a/security/security.c +++ b/security/security.c @@ -410,7 +410,7 @@ EXPORT_SYMBOL(security_old_inode_init_security); int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_mknod(dir, dentry, mode, dev); } @@ -418,7 +418,7 @@ EXPORT_SYMBOL(security_path_mknod); int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_mkdir(dir, dentry, mode); } @@ -426,14 +426,14 @@ EXPORT_SYMBOL(security_path_mkdir); int security_path_rmdir(struct path *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_rmdir(dir, dentry); } int security_path_unlink(struct path *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_unlink(dir, dentry); } @@ -442,7 +442,7 @@ EXPORT_SYMBOL(security_path_unlink); int security_path_symlink(struct path *dir, struct dentry *dentry, const char *old_name) { - if (unlikely(IS_PRIVATE(dir->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return security_ops->path_symlink(dir, dentry, old_name); } @@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, int security_path_link(struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) return 0; return security_ops->path_link(old_dentry, new_dir, new_dentry); } @@ -459,8 +459,8 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry, unsigned int flags) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode) || - (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || + (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) return 0; if (flags & RENAME_EXCHANGE) { @@ -477,21 +477,21 @@ EXPORT_SYMBOL(security_path_rename); int security_path_truncate(struct path *path) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->path_truncate(path); } int security_path_chmod(struct path *path, umode_t mode) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->path_chmod(path, mode); } int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->path_chown(path, uid, gid); } @@ -513,14 +513,14 @@ EXPORT_SYMBOL_GPL(security_inode_create); int security_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) return 0; return security_ops->inode_link(old_dentry, dir, new_dentry); } int security_inode_unlink(struct inode *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_unlink(dir, dentry); } @@ -543,7 +543,7 @@ EXPORT_SYMBOL_GPL(security_inode_mkdir); int security_inode_rmdir(struct inode *dir, struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_rmdir(dir, dentry); } @@ -559,8 +559,8 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags) { - if (unlikely(IS_PRIVATE(old_dentry->d_inode) || - (new_dentry->d_inode && IS_PRIVATE(new_dentry->d_inode)))) + if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || + (d_is_positive(new_dentry) && IS_PRIVATE(d_backing_inode(new_dentry))))) return 0; if (flags & RENAME_EXCHANGE) { @@ -576,14 +576,14 @@ int security_inode_rename(struct inode *old_dir, struct dentry *old_dentry, int security_inode_readlink(struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_readlink(dentry); } int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_follow_link(dentry, nd); } @@ -599,7 +599,7 @@ int security_inode_setattr(struct dentry *dentry, struct iattr *attr) { int ret; - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; ret = security_ops->inode_setattr(dentry, attr); if (ret) @@ -610,7 +610,7 @@ EXPORT_SYMBOL_GPL(security_inode_setattr); int security_inode_getattr(const struct path *path) { - if (unlikely(IS_PRIVATE(path->dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return security_ops->inode_getattr(path); } @@ -620,7 +620,7 @@ int security_inode_setxattr(struct dentry *dentry, const char *name, { int ret; - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; ret = security_ops->inode_setxattr(dentry, name, value, size, flags); if (ret) @@ -634,7 +634,7 @@ int security_inode_setxattr(struct dentry *dentry, const char *name, void security_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return; security_ops->inode_post_setxattr(dentry, name, value, size, flags); evm_inode_post_setxattr(dentry, name, value, size); @@ -642,14 +642,14 @@ void security_inode_post_setxattr(struct dentry *dentry, const char *name, int security_inode_getxattr(struct dentry *dentry, const char *name) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_getxattr(dentry, name); } int security_inode_listxattr(struct dentry *dentry) { - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; return security_ops->inode_listxattr(dentry); } @@ -658,7 +658,7 @@ int security_inode_removexattr(struct dentry *dentry, const char *name) { int ret; - if (unlikely(IS_PRIVATE(dentry->d_inode))) + if (unlikely(IS_PRIVATE(d_backing_inode(dentry)))) return 0; ret = security_ops->inode_removexattr(dentry, name); if (ret) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c318b304ee2f..7dade28affba 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -414,7 +414,7 @@ static int sb_finish_set_opts(struct super_block *sb) { struct superblock_security_struct *sbsec = sb->s_security; struct dentry *root = sb->s_root; - struct inode *root_inode = root->d_inode; + struct inode *root_inode = d_backing_inode(root); int rc = 0; if (sbsec->behavior == SECURITY_FS_USE_XATTR) { @@ -552,7 +552,7 @@ static int selinux_get_mnt_opts(const struct super_block *sb, opts->mnt_opts_flags[i++] = DEFCONTEXT_MNT; } if (sbsec->flags & ROOTCONTEXT_MNT) { - struct inode *root = sbsec->sb->s_root->d_inode; + struct inode *root = d_backing_inode(sbsec->sb->s_root); struct inode_security_struct *isec = root->i_security; rc = security_sid_to_context(isec->sid, &context, &len); @@ -608,7 +608,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, int rc = 0, i; struct superblock_security_struct *sbsec = sb->s_security; const char *name = sb->s_type->name; - struct inode *inode = sbsec->sb->s_root->d_inode; + struct inode *inode = d_backing_inode(sbsec->sb->s_root); struct inode_security_struct *root_isec = inode->i_security; u32 fscontext_sid = 0, context_sid = 0, rootcontext_sid = 0; u32 defcontext_sid = 0; @@ -835,8 +835,8 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb, if ((oldflags & DEFCONTEXT_MNT) && old->def_sid != new->def_sid) goto mismatch; if (oldflags & ROOTCONTEXT_MNT) { - struct inode_security_struct *oldroot = oldsb->s_root->d_inode->i_security; - struct inode_security_struct *newroot = newsb->s_root->d_inode->i_security; + struct inode_security_struct *oldroot = d_backing_inode(oldsb->s_root)->i_security; + struct inode_security_struct *newroot = d_backing_inode(newsb->s_root)->i_security; if (oldroot->sid != newroot->sid) goto mismatch; } @@ -886,16 +886,16 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, if (!set_fscontext) newsbsec->sid = sid; if (!set_rootcontext) { - struct inode *newinode = newsb->s_root->d_inode; + struct inode *newinode = d_backing_inode(newsb->s_root); struct inode_security_struct *newisec = newinode->i_security; newisec->sid = sid; } newsbsec->mntpoint_sid = sid; } if (set_rootcontext) { - const struct inode *oldinode = oldsb->s_root->d_inode; + const struct inode *oldinode = d_backing_inode(oldsb->s_root); const struct inode_security_struct *oldisec = oldinode->i_security; - struct inode *newinode = newsb->s_root->d_inode; + struct inode *newinode = d_backing_inode(newsb->s_root); struct inode_security_struct *newisec = newinode->i_security; newisec->sid = oldisec->sid; @@ -1610,7 +1610,7 @@ static inline int dentry_has_perm(const struct cred *cred, struct dentry *dentry, u32 av) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct common_audit_data ad; ad.type = LSM_AUDIT_DATA_DENTRY; @@ -1625,7 +1625,7 @@ static inline int path_has_perm(const struct cred *cred, const struct path *path, u32 av) { - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); struct common_audit_data ad; ad.type = LSM_AUDIT_DATA_PATH; @@ -1753,7 +1753,7 @@ static int may_link(struct inode *dir, int rc; dsec = dir->i_security; - isec = dentry->d_inode->i_security; + isec = d_backing_inode(dentry)->i_security; ad.type = LSM_AUDIT_DATA_DENTRY; ad.u.dentry = dentry; @@ -1797,7 +1797,7 @@ static inline int may_rename(struct inode *old_dir, int rc; old_dsec = old_dir->i_security; - old_isec = old_dentry->d_inode->i_security; + old_isec = d_backing_inode(old_dentry)->i_security; old_is_dir = d_is_dir(old_dentry); new_dsec = new_dir->i_security; @@ -1827,7 +1827,7 @@ static inline int may_rename(struct inode *old_dir, if (rc) return rc; if (d_is_positive(new_dentry)) { - new_isec = new_dentry->d_inode->i_security; + new_isec = d_backing_inode(new_dentry)->i_security; new_is_dir = d_is_dir(new_dentry); rc = avc_has_perm(sid, new_isec->sid, new_isec->sclass, @@ -1963,7 +1963,7 @@ static int selinux_binder_transfer_file(struct task_struct *from, { u32 sid = task_sid(to); struct file_security_struct *fsec = file->f_security; - struct inode *inode = file->f_path.dentry->d_inode; + struct inode *inode = d_backing_inode(file->f_path.dentry); struct inode_security_struct *isec = inode->i_security; struct common_audit_data ad; int rc; @@ -2627,7 +2627,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data) break; case ROOTCONTEXT_MNT: { struct inode_security_struct *root_isec; - root_isec = sb->s_root->d_inode->i_security; + root_isec = d_backing_inode(sb->s_root)->i_security; if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) goto out_bad_option; @@ -2727,7 +2727,7 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, struct task_security_struct *tsec; struct inode_security_struct *dsec; struct superblock_security_struct *sbsec; - struct inode *dir = dentry->d_parent->d_inode; + struct inode *dir = d_backing_inode(dentry->d_parent); u32 newsid; int rc; @@ -2982,7 +2982,7 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) static int selinux_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct inode_security_struct *isec = inode->i_security; struct superblock_security_struct *sbsec; struct common_audit_data ad; @@ -3059,7 +3059,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); struct inode_security_struct *isec = inode->i_security; u32 newsid; int rc; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1511965549b8..14b316f60fc5 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -555,7 +555,7 @@ static int smack_sb_copy_data(char *orig, char *smackopts) static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) { struct dentry *root = sb->s_root; - struct inode *inode = root->d_inode; + struct inode *inode = d_backing_inode(root); struct superblock_smack *sp = sb->s_security; struct inode_smack *isp; struct smack_known *skp; @@ -851,15 +851,15 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); - isp = smk_of_inode(old_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(old_dentry)); rc = smk_curacc(isp, MAY_WRITE, &ad); - rc = smk_bu_inode(old_dentry->d_inode, MAY_WRITE, rc); + rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc); if (rc == 0 && d_is_positive(new_dentry)) { - isp = smk_of_inode(new_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(new_dentry)); smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); rc = smk_curacc(isp, MAY_WRITE, &ad); - rc = smk_bu_inode(new_dentry->d_inode, MAY_WRITE, rc); + rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc); } return rc; @@ -875,7 +875,7 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, */ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) { - struct inode *ip = dentry->d_inode; + struct inode *ip = d_backing_inode(dentry); struct smk_audit_info ad; int rc; @@ -918,8 +918,8 @@ static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) /* * You need write access to the thing you're removing */ - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); if (rc == 0) { /* * You also need write access to the containing directory @@ -957,15 +957,15 @@ static int smack_inode_rename(struct inode *old_inode, smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); - isp = smk_of_inode(old_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(old_dentry)); rc = smk_curacc(isp, MAY_READWRITE, &ad); - rc = smk_bu_inode(old_dentry->d_inode, MAY_READWRITE, rc); + rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc); if (rc == 0 && d_is_positive(new_dentry)) { - isp = smk_of_inode(new_dentry->d_inode); + isp = smk_of_inode(d_backing_inode(new_dentry)); smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); rc = smk_curacc(isp, MAY_READWRITE, &ad); - rc = smk_bu_inode(new_dentry->d_inode, MAY_READWRITE, rc); + rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc); } return rc; } @@ -1022,8 +1022,8 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, dentry); - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); return rc; } @@ -1037,7 +1037,7 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) static int smack_inode_getattr(const struct path *path) { struct smk_audit_info ad; - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); int rc; smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH); @@ -1104,8 +1104,8 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, smk_ad_setfield_u_fs_path_dentry(&ad, dentry); if (rc == 0) { - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); } return rc; @@ -1126,7 +1126,7 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { struct smack_known *skp; - struct inode_smack *isp = dentry->d_inode->i_security; + struct inode_smack *isp = d_backing_inode(dentry)->i_security; if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) { isp->smk_flags |= SMK_INODE_TRANSMUTE; @@ -1171,8 +1171,8 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, dentry); - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_READ, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc); return rc; } @@ -1208,12 +1208,12 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY); smk_ad_setfield_u_fs_path_dentry(&ad, dentry); - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); - rc = smk_bu_inode(dentry->d_inode, MAY_WRITE, rc); + rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad); + rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc); if (rc != 0) return rc; - isp = dentry->d_inode->i_security; + isp = d_backing_inode(dentry)->i_security; /* * Don't do anything special for these. * XATTR_NAME_SMACKIPIN diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c index 63681e8be628..6c4528d4b48f 100644 --- a/security/tomoyo/condition.c +++ b/security/tomoyo/condition.c @@ -714,7 +714,7 @@ void tomoyo_get_attributes(struct tomoyo_obj_info *obj) dentry = dget_parent(dentry); break; } - inode = dentry->d_inode; + inode = d_backing_inode(dentry); if (inode) { struct tomoyo_mini_stat *stat = &obj->stat[i]; stat->uid = inode->i_uid; diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 1e0d480ff6a6..5077f1968841 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -97,7 +97,7 @@ static char *tomoyo_get_absolute_path(const struct path *path, char * const buff /* go to whatever namespace root we are under */ pos = d_absolute_path(path, buffer, buflen - 1); if (!IS_ERR(pos) && *pos == '/' && pos[1]) { - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); if (inode && S_ISDIR(inode->i_mode)) { buffer[buflen - 2] = '/'; buffer[buflen - 1] = '\0'; @@ -125,7 +125,7 @@ static char *tomoyo_get_dentry_path(struct dentry *dentry, char * const buffer, if (buflen >= 256) { pos = dentry_path_raw(dentry, buffer, buflen - 1); if (!IS_ERR(pos) && *pos == '/' && pos[1]) { - struct inode *inode = dentry->d_inode; + struct inode *inode = d_backing_inode(dentry); if (inode && S_ISDIR(inode->i_mode)) { buffer[buflen - 2] = '/'; buffer[buflen - 1] = '\0'; @@ -168,7 +168,7 @@ static char *tomoyo_get_local_path(struct dentry *dentry, char * const buffer, if (!MAJOR(sb->s_dev)) goto prepend_filesystem_name; { - struct inode *inode = sb->s_root->d_inode; + struct inode *inode = d_backing_inode(sb->s_root); /* * Use filesystem name if filesystem does not support rename() * operation. @@ -219,7 +219,7 @@ out: static char *tomoyo_get_socket_name(const struct path *path, char * const buffer, const int buflen) { - struct inode *inode = path->dentry->d_inode; + struct inode *inode = d_backing_inode(path->dentry); struct socket *sock = inode ? SOCKET_I(inode) : NULL; struct sock *sk = sock ? sock->sk : NULL; if (sk) { @@ -277,7 +277,7 @@ char *tomoyo_realpath_from_path(const struct path *path) pos = dentry->d_op->d_dname(dentry, buf, buf_len - 1); goto encode; } - inode = sb->s_root->d_inode; + inode = d_backing_inode(sb->s_root); /* * Get local name for filesystems without rename() operation * or dentry without vfsmount. -- cgit v1.2.3-58-ga151 From ce0b16ddf18df35026164fda4a642ef10c01f442 Mon Sep 17 00:00:00 2001 From: David Howells Date: Thu, 19 Feb 2015 10:47:02 +0000 Subject: VFS: security/: d_inode() annotations ... except where that code acts as a filesystem driver, rather than working with dentries given to it. Signed-off-by: David Howells Signed-off-by: Al Viro --- security/apparmor/apparmorfs.c | 2 +- security/inode.c | 18 +++++++++--------- security/selinux/selinuxfs.c | 2 +- security/smack/smackfs.c | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) (limited to 'security') diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 7db9954f1af2..ad4fa49ad1db 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c @@ -365,7 +365,7 @@ void __aa_fs_profile_rmdir(struct aa_profile *profile) if (!profile->dents[i]) continue; - r = profile->dents[i]->d_inode->i_private; + r = d_inode(profile->dents[i])->i_private; securityfs_remove(profile->dents[i]); aa_put_replacedby(r); profile->dents[i] = NULL; diff --git a/security/inode.c b/security/inode.c index 131a3c49f766..91503b79c5f8 100644 --- a/security/inode.c +++ b/security/inode.c @@ -27,7 +27,7 @@ static int mount_count; static inline int positive(struct dentry *dentry) { - return dentry->d_inode && !d_unhashed(dentry); + return d_really_is_positive(dentry) && !d_unhashed(dentry); } static int fill_super(struct super_block *sb, void *data, int silent) @@ -102,14 +102,14 @@ struct dentry *securityfs_create_file(const char *name, umode_t mode, if (!parent) parent = mount->mnt_root; - dir = parent->d_inode; + dir = d_inode(parent); mutex_lock(&dir->i_mutex); dentry = lookup_one_len(name, parent, strlen(name)); if (IS_ERR(dentry)) goto out; - if (dentry->d_inode) { + if (d_really_is_positive(dentry)) { error = -EEXIST; goto out1; } @@ -197,20 +197,20 @@ void securityfs_remove(struct dentry *dentry) return; parent = dentry->d_parent; - if (!parent || !parent->d_inode) + if (!parent || d_really_is_negative(parent)) return; - mutex_lock(&parent->d_inode->i_mutex); + mutex_lock(&d_inode(parent)->i_mutex); if (positive(dentry)) { - if (dentry->d_inode) { + if (d_really_is_positive(dentry)) { if (d_is_dir(dentry)) - simple_rmdir(parent->d_inode, dentry); + simple_rmdir(d_inode(parent), dentry); else - simple_unlink(parent->d_inode, dentry); + simple_unlink(d_inode(parent), dentry); dput(dentry); } } - mutex_unlock(&parent->d_inode->i_mutex); + mutex_unlock(&d_inode(parent)->i_mutex); simple_release_fs(&mount, &mount_count); } EXPORT_SYMBOL_GPL(securityfs_remove); diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 5fde34326dcf..d2787cca1fcb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1737,7 +1737,7 @@ static struct dentry *sel_make_dir(struct dentry *dir, const char *name, inc_nlink(inode); d_add(dentry, inode); /* bump link count on parent directory, too */ - inc_nlink(dir->d_inode); + inc_nlink(d_inode(dir)); return dentry; } diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index bce4e8f1b267..2611a651c344 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -2395,7 +2395,7 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) return rc; } - root_inode = sb->s_root->d_inode; + root_inode = d_inode(sb->s_root); return 0; } -- cgit v1.2.3-58-ga151