[PATCH] LSM file locking patch is bogus

- Remove third argument from file_lock security op. Whether the lock is blocking or not cannot make any difference to a security module! - Fix the call in sys_flock to pass the translated lock command, not the original. - Add a call in fcntl_setlease. If they're going to know about two types of lock, let's tell them about the third too.

[PATCH] LSM file locking patch is bogus
- Remove third argument from file_lock security op. Whether the lock is blocking or not cannot make any difference to a security module! - Fix the call in sys_flock to pass the translated lock command, not the original. - Add a call in fcntl_setlease. If they're going to know about two types of lock, let's tell them about the third too.
c997a03d · Matthew Wilcox · Russell King · cab49a97 · c997a03d · c997a03d
Commit c997a03d authored Jul 27, 2002 by Matthew Wilcox Committed by Russell King Jul 27, 2002
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 8 deletions

fs/locks.c fs/locks.c +6 -6

include/linux/security.h include/linux/security.h +1 -2

No files found.
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -1242,6 +1242,9 @@ int fcntl_setlease(unsigned int fd, struct file *filp, long arg)
 		return -EACCES;
 	if (!S_ISREG(inode->i_mode))
 		return -EINVAL;
+	error = security_ops->file_lock(filp, arg);
+	if (error)
+		return error;
 	lock_kernel();
@@ -1359,8 +1362,7 @@ asmlinkage long sys_flock(unsigned int fd, unsigned int cmd)
 	if (error < 0)
 		goto out_putf;
-	error = security_ops->file_lock(filp, cmd,
+	error = security_ops->file_lock(filp, lock->fl_type);
-					(cmd & LOCK_NB) ? 0 : 1);
 	if (error)
 		goto out_putf;
@@ -1494,8 +1496,7 @@ int fcntl_setlk(struct file *filp, unsigned int cmd, struct flock *l)
 		goto out;
 	}
-	error = security_ops->file_lock(filp, file_lock->fl_type,
+	error = security_ops->file_lock(filp, file_lock->fl_type);
-	                                cmd == F_SETLKW);
 	if (error)
 		goto out;
@@ -1618,8 +1619,7 @@ int fcntl_setlk64(struct file *filp, unsigned int cmd, struct flock64 *l)
 		goto out;
 	}
-	error = security_ops->file_lock(filp, file_lock->fl_type,
+	error = security_ops->file_lock(filp, file_lock->fl_type);
-					cmd == F_SETLKW64);
 	if (error)
 		goto out;

--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -407,7 +407,6 @@ struct swap_info_struct;
 *	@file contains the file structure.
 *	@cmd contains the posix-translated lock operation to perform
 *	(e.g. F_RDLCK, F_WRLCK).
- *	@blocking indicates if the request is for a blocking lock.
 *	Return 0 if permission is granted.
 * @file_fcntl:
 *	Check permission before allowing the file operation specified by @cmd
@@ -753,7 +752,7 @@ struct security_operations {
 	int (*file_mmap) (struct file * file,
 			  unsigned long prot, unsigned long flags);
 	int (*file_mprotect) (struct vm_area_struct * vma, unsigned long prot);
-	int (*file_lock) (struct file * file, unsigned int cmd, int blocking);
+	int (*file_lock) (struct file * file, unsigned int cmd);
 	int (*file_fcntl) (struct file * file, unsigned int cmd,
 			   unsigned long arg);
 	int (*file_set_fowner) (struct file * file);