tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

lsm: add new securityfs delete function

When deleting a directory in the security file system, the existing
securityfs_remove requires the directory to be empty, otherwise
it will do nothing. This leads to a potential risk that the security
file system might be in an unclean state when the intended deletion
did not happen.

This commit introduces a new function securityfs_recursive_remove
to recursively delete a directory without leaving an unclean state.

Co-developed-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Fan Wu <wufan@linux.microsoft.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Fan Wu and committed by
Paul Moore 7138679f a8a74df1

+26
+1
include/linux/security.h
··· 2090 2090 const char *target, 2091 2091 const struct inode_operations *iops); 2092 2092 extern void securityfs_remove(struct dentry *dentry); 2093 + extern void securityfs_recursive_remove(struct dentry *dentry); 2093 2094 2094 2095 #else /* CONFIG_SECURITYFS */ 2095 2096
+25
security/inode.c
··· 313 313 } 314 314 EXPORT_SYMBOL_GPL(securityfs_remove); 315 315 316 + static void remove_one(struct dentry *victim) 317 + { 318 + simple_release_fs(&mount, &mount_count); 319 + } 320 + 321 + /** 322 + * securityfs_recursive_remove - recursively removes a file or directory 323 + * 324 + * @dentry: a pointer to a the dentry of the file or directory to be removed. 325 + * 326 + * This function recursively removes a file or directory in securityfs that was 327 + * previously created with a call to another securityfs function (like 328 + * securityfs_create_file() or variants thereof.) 329 + */ 330 + void securityfs_recursive_remove(struct dentry *dentry) 331 + { 332 + if (IS_ERR_OR_NULL(dentry)) 333 + return; 334 + 335 + simple_pin_fs(&fs_type, &mount, &mount_count); 336 + simple_recursive_removal(dentry, remove_one); 337 + simple_release_fs(&mount, &mount_count); 338 + } 339 + EXPORT_SYMBOL_GPL(securityfs_recursive_remove); 340 + 316 341 #ifdef CONFIG_SECURITY 317 342 static struct dentry *lsm_dentry; 318 343 static ssize_t lsm_read(struct file *filp, char __user *buf, size_t count,