aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2010-03-23 06:36:54 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2010-05-21 18:31:17 -0400
commite8c26255992474a2161c63ce9d385827302e4530 (patch)
tree08d247a53eca56a6e161ca784a4536b3ea7662f7 /security
parent01a05b337a5b647909e1d6670f57e7202318a5fb (diff)
switch selinux delayed superblock handling to iterate_supers()
... kill their private list, while we are at it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c55
-rw-r--r--security/selinux/include/objsec.h1
2 files changed, 8 insertions, 48 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a03fd74602b..5c9f25ba1c9 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -126,11 +126,6 @@ __setup("selinux=", selinux_enabled_setup);
126int selinux_enabled = 1; 126int selinux_enabled = 1;
127#endif 127#endif
128 128
129/* Lists of inode and superblock security structures initialized
130 before the policy was loaded. */
131static LIST_HEAD(superblock_security_head);
132static DEFINE_SPINLOCK(sb_security_lock);
133
134static struct kmem_cache *sel_inode_cache; 129static struct kmem_cache *sel_inode_cache;
135 130
136/** 131/**
@@ -266,7 +261,6 @@ static int superblock_alloc_security(struct super_block *sb)
266 return -ENOMEM; 261 return -ENOMEM;
267 262
268 mutex_init(&sbsec->lock); 263 mutex_init(&sbsec->lock);
269 INIT_LIST_HEAD(&sbsec->list);
270 INIT_LIST_HEAD(&sbsec->isec_head); 264 INIT_LIST_HEAD(&sbsec->isec_head);
271 spin_lock_init(&sbsec->isec_lock); 265 spin_lock_init(&sbsec->isec_lock);
272 sbsec->sb = sb; 266 sbsec->sb = sb;
@@ -281,12 +275,6 @@ static int superblock_alloc_security(struct super_block *sb)
281static void superblock_free_security(struct super_block *sb) 275static void superblock_free_security(struct super_block *sb)
282{ 276{
283 struct superblock_security_struct *sbsec = sb->s_security; 277 struct superblock_security_struct *sbsec = sb->s_security;
284
285 spin_lock(&sb_security_lock);
286 if (!list_empty(&sbsec->list))
287 list_del_init(&sbsec->list);
288 spin_unlock(&sb_security_lock);
289
290 sb->s_security = NULL; 278 sb->s_security = NULL;
291 kfree(sbsec); 279 kfree(sbsec);
292} 280}
@@ -612,10 +600,6 @@ static int selinux_set_mnt_opts(struct super_block *sb,
612 /* Defer initialization until selinux_complete_init, 600 /* Defer initialization until selinux_complete_init,
613 after the initial policy is loaded and the security 601 after the initial policy is loaded and the security
614 server is ready to handle calls. */ 602 server is ready to handle calls. */
615 spin_lock(&sb_security_lock);
616 if (list_empty(&sbsec->list))
617 list_add(&sbsec->list, &superblock_security_head);
618 spin_unlock(&sb_security_lock);
619 goto out; 603 goto out;
620 } 604 }
621 rc = -EINVAL; 605 rc = -EINVAL;
@@ -806,16 +790,10 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
806 790
807 /* 791 /*
808 * if the parent was able to be mounted it clearly had no special lsm 792 * if the parent was able to be mounted it clearly had no special lsm
809 * mount options. thus we can safely put this sb on the list and deal 793 * mount options. thus we can safely deal with this superblock later
810 * with it later
811 */ 794 */
812 if (!ss_initialized) { 795 if (!ss_initialized)
813 spin_lock(&sb_security_lock);
814 if (list_empty(&newsbsec->list))
815 list_add(&newsbsec->list, &superblock_security_head);
816 spin_unlock(&sb_security_lock);
817 return; 796 return;
818 }
819 797
820 /* how can we clone if the old one wasn't set up?? */ 798 /* how can we clone if the old one wasn't set up?? */
821 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); 799 BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
@@ -5680,35 +5658,18 @@ static __init int selinux_init(void)
5680 return 0; 5658 return 0;
5681} 5659}
5682 5660
5661static void delayed_superblock_init(struct super_block *sb, void *unused)
5662{
5663 superblock_doinit(sb, NULL);
5664}
5665
5683void selinux_complete_init(void) 5666void selinux_complete_init(void)
5684{ 5667{
5685 printk(KERN_DEBUG "SELinux: Completing initialization.\n"); 5668 printk(KERN_DEBUG "SELinux: Completing initialization.\n");
5686 5669
5687 /* Set up any superblocks initialized prior to the policy load. */ 5670 /* Set up any superblocks initialized prior to the policy load. */
5688 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); 5671 printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
5689 spin_lock(&sb_lock); 5672 iterate_supers(delayed_superblock_init, NULL);
5690 spin_lock(&sb_security_lock);
5691next_sb:
5692 if (!list_empty(&superblock_security_head)) {
5693 struct superblock_security_struct *sbsec =
5694 list_entry(superblock_security_head.next,
5695 struct superblock_security_struct,
5696 list);
5697 struct super_block *sb = sbsec->sb;
5698 sb->s_count++;
5699 spin_unlock(&sb_security_lock);
5700 spin_unlock(&sb_lock);
5701 down_read(&sb->s_umount);
5702 if (sb->s_root)
5703 superblock_doinit(sb, NULL);
5704 drop_super(sb);
5705 spin_lock(&sb_lock);
5706 spin_lock(&sb_security_lock);
5707 list_del_init(&sbsec->list);
5708 goto next_sb;
5709 }
5710 spin_unlock(&sb_security_lock);
5711 spin_unlock(&sb_lock);
5712} 5673}
5713 5674
5714/* SELinux requires early initialization in order to label 5675/* SELinux requires early initialization in order to label
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index c4e062336ef..26c7eee1c30 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -55,7 +55,6 @@ struct file_security_struct {
55 55
56struct superblock_security_struct { 56struct superblock_security_struct {
57 struct super_block *sb; /* back pointer to sb object */ 57 struct super_block *sb; /* back pointer to sb object */
58 struct list_head list; /* list of superblock_security_struct */
59 u32 sid; /* SID of file system superblock */ 58 u32 sid; /* SID of file system superblock */
60 u32 def_sid; /* default SID for labeling */ 59 u32 def_sid; /* default SID for labeling */
61 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ 60 u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */