namei: make may_follow_link() safe in RCU mode

We *can't* call that audit garbage in RCU mode - it's doing a weird
mix of allocations (GFP_NOFS, immediately followed by GFP_KERNEL)
and I'm not touching that... thing again.

So if this security sclero^Whardening feature gets triggered when
we are in RCU mode, tough - we'll fail with -ECHILD and have
everything restarted in non-RCU mode.  Only to hit the same test
and fail, this time with EACCES and with (oh, rapture) an audit spew
produced.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/fs/namei.c b/fs/namei.c
index 998c3c2c94886be16972c98a16c0afbf857ca6ea..20bf494307c991e41a4a799efe72bc06b2a2e503 100644 (file)
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -794,6 +794,9 @@ static inline int may_follow_link(struct nameidata *nd)
        if (uid_eq(parent->i_uid, inode->i_uid))
                return 0;
 
+       if (nd->flags & LOOKUP_RCU)
+               return -ECHILD;
+
        audit_log_link_denied("follow_link", &nd->stack[0].link);
        return -EACCES;
 }