static int parse_security_options(char *orig_opts,
struct security_mnt_opts *sec_opts)
{
- char *secdata = NULL;
- int ret = 0;
-
- secdata = alloc_secdata();
- if (!secdata)
- return -ENOMEM;
- ret = security_sb_copy_data(orig_opts, secdata);
- if (ret) {
- free_secdata(secdata);
- return ret;
- }
- ret = security_sb_parse_opts_str(secdata, sec_opts);
- free_secdata(secdata);
- return ret;
+ return security_sb_eat_lsm_opts(orig_opts, sec_opts);
}
static int setup_security_options(struct btrfs_fs_info *fs_info,
security_init_mnt_opts(&opts);
if (data && !(sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)) {
- char *secdata = alloc_secdata();
- if (!secdata)
- return -ENOMEM;
- err = security_sb_copy_data(data, secdata);
- if (err) {
- free_secdata(secdata);
- return err;
- }
- err = security_sb_parse_opts_str(secdata, &opts);
- free_secdata(secdata);
+ err = security_sb_eat_lsm_opts(data, &opts);
if (err)
return err;
}
static int nfs_parse_mount_options(char *raw,
struct nfs_parsed_mount_data *mnt)
{
- char *p, *string, *secdata;
+ char *p, *string;
int rc, sloppy = 0, invalid_option = 0;
unsigned short protofamily = AF_UNSPEC;
unsigned short mountfamily = AF_UNSPEC;
}
dfprintk(MOUNT, "NFS: nfs mount opts='%s'\n", raw);
- secdata = alloc_secdata();
- if (!secdata)
- goto out_nomem;
-
- rc = security_sb_copy_data(raw, secdata);
- if (rc)
- goto out_security_failure;
-
- rc = security_sb_parse_opts_str(secdata, &mnt->lsm_opts);
+ rc = security_sb_eat_lsm_opts(raw, &mnt->lsm_opts);
if (rc)
goto out_security_failure;
- free_secdata(secdata);
-
while ((p = strsep(&raw, ",")) != NULL) {
substring_t args[MAX_OPT_ARGS];
unsigned long option;
printk(KERN_INFO "NFS: not enough memory to parse option\n");
return 0;
out_security_failure:
- free_secdata(secdata);
printk(KERN_INFO "NFS: security options invalid: %d\n", rc);
return 0;
}
security_init_mnt_opts(&opts);
if (data && !(type->fs_flags & FS_BINARY_MOUNTDATA)) {
- char *secdata = alloc_secdata();
- if (!secdata)
- return ERR_PTR(-ENOMEM);
-
- error = security_sb_copy_data(data, secdata);
- if (error) {
- free_secdata(secdata);
- return ERR_PTR(error);
- }
-
- error = security_sb_parse_opts_str(secdata, &opts);
- free_secdata(secdata);
+ error = security_sb_eat_lsm_opts(data, &opts);
if (error)
return ERR_PTR(error);
}
void security_bprm_committed_creds(struct linux_binprm *bprm);
int security_sb_alloc(struct super_block *sb);
void security_sb_free(struct super_block *sb);
-int security_sb_copy_data(char *orig, char *copy);
+int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts);
int security_sb_remount(struct super_block *sb, struct security_mnt_opts *opts);
int security_sb_kern_mount(struct super_block *sb, int flags,
struct security_mnt_opts *opts);
static inline void security_sb_free(struct super_block *sb)
{ }
-static inline int security_sb_copy_data(char *orig, char *copy)
+static inline int security_sb_eat_lsm_opts(char *options,
+ struct security_mnt_opts *opts)
{
return 0;
}
#endif /* CONFIG_SECURITY */
#endif /* CONFIG_BPF_SYSCALL */
-#ifdef CONFIG_SECURITY
-
-static inline char *alloc_secdata(void)
-{
- return (char *)get_zeroed_page(GFP_KERNEL);
-}
-
-static inline void free_secdata(void *secdata)
-{
- free_page((unsigned long)secdata);
-}
-
-#else
-
-static inline char *alloc_secdata(void)
-{
- return (char *)1;
-}
-
-static inline void free_secdata(void *secdata)
-{ }
-#endif /* CONFIG_SECURITY */
-
#endif /* ! __LINUX_SECURITY_H */
call_void_hook(sb_free_security, sb);
}
-int security_sb_copy_data(char *orig, char *copy)
+int security_sb_eat_lsm_opts(char *options, struct security_mnt_opts *opts)
{
- return call_int_hook(sb_copy_data, 0, orig, copy);
+ char *s = (char *)get_zeroed_page(GFP_KERNEL);
+ int err;
+
+ if (!s)
+ return -ENOMEM;
+ err = call_int_hook(sb_copy_data, 0, options, s);
+ if (!err)
+ err = call_int_hook(sb_parse_opts_str, 0, s, opts);
+ free_page((unsigned long)s);
+ return err;
}
-EXPORT_SYMBOL(security_sb_copy_data);
+EXPORT_SYMBOL(security_sb_eat_lsm_opts);
int security_sb_remount(struct super_block *sb,
struct security_mnt_opts *opts)