diff options
| author | Kalesh Singh <kaleshsingh@google.com> | 2021-01-11 01:26:18 -0500 |
|---|---|---|
| committer | urevanth <urevanth@codeaurora.org> | 2021-03-04 14:46:17 +0530 |
| commit | 2b8fab40e5c99041902d9f8eb13d9c66670f08af (patch) | |
| tree | 50ea2c009a0a16655a6a01a63164d7b7e018435e | |
| parent | 66b4b5d53454291e6f81baf5d0d4f03d680d492e (diff) | |
ANDROID: xt_qtaguid: Remove tag_entry from process list on untag
A sock_tag_entry can only be part of one process's
pqd_entry->sock_tag_list. Retagging the socket only updates
sock_tag_entry->tag, and does not add the tag entry to the current
process's pqd_entry list, nor update sock_tag_entry->pid.
So the sock_tag_entry is only ever present in the
pqd_entry list of the process that initially tagged the socket.
A sock_tag_entry can also get created and not be added to any process's
pqd_entry list. This happens if the process that initially tags the
socket has not opened /dev/xt_qtaguid.
ctrl_cmd_untag() supports untagging from a context other than the
process that initially tagged the socket. Currently, the sock_tag_entry is
only removed from its containing pqd_entry->sock_tag_list if the
process that does the untagging has opened /dev/xt_qtaguid. However, the
tag entry should always be deleted from its pqd entry list (if present).
Bug: 176919394
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Change-Id: I5b6f0c36c0ebefd98cc6873a4057104c7d885ccc
Git-commit: c2ab93b45b5cdc426868fb8793ada2cac20568ef
Git-repo: https://android.googlesource.com/kernel/msm
Signed-off-by: urevanth <urevanth@codeaurora.org>
| -rw-r--r-- | net/netfilter/xt_qtaguid.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c index e82524b21d07..604f812c5e25 100644 --- a/net/netfilter/xt_qtaguid.c +++ b/net/netfilter/xt_qtaguid.c @@ -2412,15 +2412,20 @@ int qtaguid_untag(struct socket *el_socket, bool kernel) * At first, we want to catch user-space code that is not * opening the /dev/xt_qtaguid. */ - if (IS_ERR_OR_NULL(pqd_entry) || !sock_tag_entry->list.next) { + if (IS_ERR_OR_NULL(pqd_entry)) pr_warn_once("qtaguid: %s(): " "User space forgot to open /dev/xt_qtaguid? " "pid=%u tgid=%u sk_pid=%u, uid=%u\n", __func__, current->pid, current->tgid, sock_tag_entry->pid, from_kuid(&init_user_ns, current_fsuid())); - } else { + /* + * This check is needed because tagging from a process that + * didn’t open /dev/xt_qtaguid still adds the sock_tag_entry + * to sock_tag_tree. + */ + if (sock_tag_entry->list.next) list_del(&sock_tag_entry->list); - } + spin_unlock_bh(&uid_tag_data_tree_lock); /* * We don't free tag_ref from the utd_entry here, |