diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2010-03-23 06:36:54 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2010-05-21 18:31:17 -0400 |
commit | e8c26255992474a2161c63ce9d385827302e4530 (patch) | |
tree | 08d247a53eca56a6e161ca784a4536b3ea7662f7 | |
parent | 01a05b337a5b647909e1d6670f57e7202318a5fb (diff) |
switch selinux delayed superblock handling to iterate_supers()
... kill their private list, while we are at it
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | security/selinux/hooks.c | 55 | ||||
-rw-r--r-- | security/selinux/include/objsec.h | 1 |
2 files changed, 8 insertions, 48 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a03fd74602b4..5c9f25ba1c95 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -126,11 +126,6 @@ __setup("selinux=", selinux_enabled_setup); | |||
126 | int selinux_enabled = 1; | 126 | int selinux_enabled = 1; |
127 | #endif | 127 | #endif |
128 | 128 | ||
129 | /* Lists of inode and superblock security structures initialized | ||
130 | before the policy was loaded. */ | ||
131 | static LIST_HEAD(superblock_security_head); | ||
132 | static DEFINE_SPINLOCK(sb_security_lock); | ||
133 | |||
134 | static struct kmem_cache *sel_inode_cache; | 129 | static struct kmem_cache *sel_inode_cache; |
135 | 130 | ||
136 | /** | 131 | /** |
@@ -266,7 +261,6 @@ static int superblock_alloc_security(struct super_block *sb) | |||
266 | return -ENOMEM; | 261 | return -ENOMEM; |
267 | 262 | ||
268 | mutex_init(&sbsec->lock); | 263 | mutex_init(&sbsec->lock); |
269 | INIT_LIST_HEAD(&sbsec->list); | ||
270 | INIT_LIST_HEAD(&sbsec->isec_head); | 264 | INIT_LIST_HEAD(&sbsec->isec_head); |
271 | spin_lock_init(&sbsec->isec_lock); | 265 | spin_lock_init(&sbsec->isec_lock); |
272 | sbsec->sb = sb; | 266 | sbsec->sb = sb; |
@@ -281,12 +275,6 @@ static int superblock_alloc_security(struct super_block *sb) | |||
281 | static void superblock_free_security(struct super_block *sb) | 275 | static void superblock_free_security(struct super_block *sb) |
282 | { | 276 | { |
283 | struct superblock_security_struct *sbsec = sb->s_security; | 277 | struct superblock_security_struct *sbsec = sb->s_security; |
284 | |||
285 | spin_lock(&sb_security_lock); | ||
286 | if (!list_empty(&sbsec->list)) | ||
287 | list_del_init(&sbsec->list); | ||
288 | spin_unlock(&sb_security_lock); | ||
289 | |||
290 | sb->s_security = NULL; | 278 | sb->s_security = NULL; |
291 | kfree(sbsec); | 279 | kfree(sbsec); |
292 | } | 280 | } |
@@ -612,10 +600,6 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
612 | /* Defer initialization until selinux_complete_init, | 600 | /* Defer initialization until selinux_complete_init, |
613 | after the initial policy is loaded and the security | 601 | after the initial policy is loaded and the security |
614 | server is ready to handle calls. */ | 602 | server is ready to handle calls. */ |
615 | spin_lock(&sb_security_lock); | ||
616 | if (list_empty(&sbsec->list)) | ||
617 | list_add(&sbsec->list, &superblock_security_head); | ||
618 | spin_unlock(&sb_security_lock); | ||
619 | goto out; | 603 | goto out; |
620 | } | 604 | } |
621 | rc = -EINVAL; | 605 | rc = -EINVAL; |
@@ -806,16 +790,10 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, | |||
806 | 790 | ||
807 | /* | 791 | /* |
808 | * if the parent was able to be mounted it clearly had no special lsm | 792 | * if the parent was able to be mounted it clearly had no special lsm |
809 | * mount options. thus we can safely put this sb on the list and deal | 793 | * mount options. thus we can safely deal with this superblock later |
810 | * with it later | ||
811 | */ | 794 | */ |
812 | if (!ss_initialized) { | 795 | if (!ss_initialized) |
813 | spin_lock(&sb_security_lock); | ||
814 | if (list_empty(&newsbsec->list)) | ||
815 | list_add(&newsbsec->list, &superblock_security_head); | ||
816 | spin_unlock(&sb_security_lock); | ||
817 | return; | 796 | return; |
818 | } | ||
819 | 797 | ||
820 | /* how can we clone if the old one wasn't set up?? */ | 798 | /* how can we clone if the old one wasn't set up?? */ |
821 | BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); | 799 | BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); |
@@ -5680,35 +5658,18 @@ static __init int selinux_init(void) | |||
5680 | return 0; | 5658 | return 0; |
5681 | } | 5659 | } |
5682 | 5660 | ||
5661 | static void delayed_superblock_init(struct super_block *sb, void *unused) | ||
5662 | { | ||
5663 | superblock_doinit(sb, NULL); | ||
5664 | } | ||
5665 | |||
5683 | void selinux_complete_init(void) | 5666 | void selinux_complete_init(void) |
5684 | { | 5667 | { |
5685 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); | 5668 | printk(KERN_DEBUG "SELinux: Completing initialization.\n"); |
5686 | 5669 | ||
5687 | /* Set up any superblocks initialized prior to the policy load. */ | 5670 | /* Set up any superblocks initialized prior to the policy load. */ |
5688 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); | 5671 | printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n"); |
5689 | spin_lock(&sb_lock); | 5672 | iterate_supers(delayed_superblock_init, NULL); |
5690 | spin_lock(&sb_security_lock); | ||
5691 | next_sb: | ||
5692 | if (!list_empty(&superblock_security_head)) { | ||
5693 | struct superblock_security_struct *sbsec = | ||
5694 | list_entry(superblock_security_head.next, | ||
5695 | struct superblock_security_struct, | ||
5696 | list); | ||
5697 | struct super_block *sb = sbsec->sb; | ||
5698 | sb->s_count++; | ||
5699 | spin_unlock(&sb_security_lock); | ||
5700 | spin_unlock(&sb_lock); | ||
5701 | down_read(&sb->s_umount); | ||
5702 | if (sb->s_root) | ||
5703 | superblock_doinit(sb, NULL); | ||
5704 | drop_super(sb); | ||
5705 | spin_lock(&sb_lock); | ||
5706 | spin_lock(&sb_security_lock); | ||
5707 | list_del_init(&sbsec->list); | ||
5708 | goto next_sb; | ||
5709 | } | ||
5710 | spin_unlock(&sb_security_lock); | ||
5711 | spin_unlock(&sb_lock); | ||
5712 | } | 5673 | } |
5713 | 5674 | ||
5714 | /* SELinux requires early initialization in order to label | 5675 | /* SELinux requires early initialization in order to label |
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h index c4e062336ef3..26c7eee1c309 100644 --- a/security/selinux/include/objsec.h +++ b/security/selinux/include/objsec.h | |||
@@ -55,7 +55,6 @@ struct file_security_struct { | |||
55 | 55 | ||
56 | struct superblock_security_struct { | 56 | struct superblock_security_struct { |
57 | struct super_block *sb; /* back pointer to sb object */ | 57 | struct super_block *sb; /* back pointer to sb object */ |
58 | struct list_head list; /* list of superblock_security_struct */ | ||
59 | u32 sid; /* SID of file system superblock */ | 58 | u32 sid; /* SID of file system superblock */ |
60 | u32 def_sid; /* default SID for labeling */ | 59 | u32 def_sid; /* default SID for labeling */ |
61 | u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ | 60 | u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */ |