aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel/netlabel_domainhash.c
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2008-10-10 10:16:31 -0400
committerPaul Moore <paul.moore@hp.com>2008-10-10 10:16:31 -0400
commitb1edeb102397546438ab4624489c6ccd7b410d97 (patch)
treece7033f678ffe46ec3f517bb2771b9cbb04d62bb /net/netlabel/netlabel_domainhash.c
parenta8134296ba9940b5b271d908666e532d34430a3c (diff)
netlabel: Replace protocol/NetLabel linking with refrerence counts
NetLabel has always had a list of backpointers in the CIPSO DOI definition structure which pointed to the NetLabel LSM domain mapping structures which referenced the CIPSO DOI struct. The rationale for this was that when an administrator removed a CIPSO DOI from the system all of the associated NetLabel LSM domain mappings should be removed as well; a list of backpointers made this a simple operation. Unfortunately, while the backpointers did make the removal easier they were a bit of a mess from an implementation point of view which was making further development difficult. Since the removal of a CIPSO DOI is a realtively rare event it seems to make sense to remove this backpointer list as the optimization was hurting us more then it was helping. However, we still need to be able to track when a CIPSO DOI definition is being used so replace the backpointer list with a reference count. In order to preserve the current functionality of removing the associated LSM domain mappings when a CIPSO DOI is removed we walk the LSM domain mapping table, removing the relevant entries. Signed-off-by: Paul Moore <paul.moore@hp.com> Reviewed-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/netlabel/netlabel_domainhash.c')
-rw-r--r--net/netlabel/netlabel_domainhash.c95
1 files changed, 47 insertions, 48 deletions
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index dc42206c431..0243f0c57b4 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -217,20 +217,6 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
217 u32 bkt; 217 u32 bkt;
218 struct audit_buffer *audit_buf; 218 struct audit_buffer *audit_buf;
219 219
220 switch (entry->type) {
221 case NETLBL_NLTYPE_UNLABELED:
222 ret_val = 0;
223 break;
224 case NETLBL_NLTYPE_CIPSOV4:
225 ret_val = cipso_v4_doi_domhsh_add(entry->type_def.cipsov4,
226 entry->domain);
227 break;
228 default:
229 return -EINVAL;
230 }
231 if (ret_val != 0)
232 return ret_val;
233
234 entry->valid = 1; 220 entry->valid = 1;
235 INIT_RCU_HEAD(&entry->rcu); 221 INIT_RCU_HEAD(&entry->rcu);
236 222
@@ -271,16 +257,6 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
271 } 257 }
272 rcu_read_unlock(); 258 rcu_read_unlock();
273 259
274 if (ret_val != 0) {
275 switch (entry->type) {
276 case NETLBL_NLTYPE_CIPSOV4:
277 if (cipso_v4_doi_domhsh_remove(entry->type_def.cipsov4,
278 entry->domain) != 0)
279 BUG();
280 break;
281 }
282 }
283
284 return ret_val; 260 return ret_val;
285} 261}
286 262
@@ -302,35 +278,26 @@ int netlbl_domhsh_add_default(struct netlbl_dom_map *entry,
302} 278}
303 279
304/** 280/**
305 * netlbl_domhsh_remove - Removes an entry from the domain hash table 281 * netlbl_domhsh_remove_entry - Removes a given entry from the domain table
306 * @domain: the domain to remove 282 * @entry: the entry to remove
307 * @audit_info: NetLabel audit information 283 * @audit_info: NetLabel audit information
308 * 284 *
309 * Description: 285 * Description:
310 * Removes an entry from the domain hash table and handles any updates to the 286 * Removes an entry from the domain hash table and handles any updates to the
311 * lower level protocol handler (i.e. CIPSO). Returns zero on success, 287 * lower level protocol handler (i.e. CIPSO). Caller is responsible for
312 * negative on failure. 288 * ensuring that the RCU read lock is held. Returns zero on success, negative
289 * on failure.
313 * 290 *
314 */ 291 */
315int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info) 292int netlbl_domhsh_remove_entry(struct netlbl_dom_map *entry,
293 struct netlbl_audit *audit_info)
316{ 294{
317 int ret_val = -ENOENT; 295 int ret_val = 0;
318 struct netlbl_dom_map *entry;
319 struct audit_buffer *audit_buf; 296 struct audit_buffer *audit_buf;
320 297
321 rcu_read_lock();
322 if (domain)
323 entry = netlbl_domhsh_search(domain);
324 else
325 entry = netlbl_domhsh_search_def(domain);
326 if (entry == NULL) 298 if (entry == NULL)
327 goto remove_return; 299 return -ENOENT;
328 switch (entry->type) { 300
329 case NETLBL_NLTYPE_CIPSOV4:
330 cipso_v4_doi_domhsh_remove(entry->type_def.cipsov4,
331 entry->domain);
332 break;
333 }
334 spin_lock(&netlbl_domhsh_lock); 301 spin_lock(&netlbl_domhsh_lock);
335 if (entry->valid) { 302 if (entry->valid) {
336 entry->valid = 0; 303 entry->valid = 0;
@@ -338,8 +305,8 @@ int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
338 list_del_rcu(&entry->list); 305 list_del_rcu(&entry->list);
339 else 306 else
340 rcu_assign_pointer(netlbl_domhsh_def, NULL); 307 rcu_assign_pointer(netlbl_domhsh_def, NULL);
341 ret_val = 0; 308 } else
342 } 309 ret_val = -ENOENT;
343 spin_unlock(&netlbl_domhsh_lock); 310 spin_unlock(&netlbl_domhsh_lock);
344 311
345 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info); 312 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
@@ -351,10 +318,42 @@ int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
351 audit_log_end(audit_buf); 318 audit_log_end(audit_buf);
352 } 319 }
353 320
354remove_return: 321 if (ret_val == 0) {
355 rcu_read_unlock(); 322 switch (entry->type) {
356 if (ret_val == 0) 323 case NETLBL_NLTYPE_CIPSOV4:
324 cipso_v4_doi_putdef(entry->type_def.cipsov4);
325 break;
326 }
357 call_rcu(&entry->rcu, netlbl_domhsh_free_entry); 327 call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
328 }
329
330 return ret_val;
331}
332
333/**
334 * netlbl_domhsh_remove - Removes an entry from the domain hash table
335 * @domain: the domain to remove
336 * @audit_info: NetLabel audit information
337 *
338 * Description:
339 * Removes an entry from the domain hash table and handles any updates to the
340 * lower level protocol handler (i.e. CIPSO). Returns zero on success,
341 * negative on failure.
342 *
343 */
344int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
345{
346 int ret_val;
347 struct netlbl_dom_map *entry;
348
349 rcu_read_lock();
350 if (domain)
351 entry = netlbl_domhsh_search(domain);
352 else
353 entry = netlbl_domhsh_search_def(domain);
354 ret_val = netlbl_domhsh_remove_entry(entry, audit_info);
355 rcu_read_unlock();
356
358 return ret_val; 357 return ret_val;
359} 358}
360 359