IMA: use inode->i_lock to protect read and write counters

Currently IMA used the iint->mutex to protect the i_readcount and i_writecount. This patch uses the inode->i_lock since we are going to start using in inode objects and that is the most appropriate lock. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Eric Paris <eparis@redhat.com> 2010-10-25 14:41:45 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2010-10-26 14:37:18 -0400
commit: ad16ad00c34d3f320a5876b3d711ef6bc81362e1 (patch)
tree: 7cf3b755567fde2850d2ea7f4a186a0dcea6b80f
parent: 15aac676778f206b42c4d7782b08f89246680485 (diff)
2 files changed, 24 insertions, 34 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index f7af0110bcde..80aca3d2cb71 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -106,6 +106,7 @@ struct ima_iint_cache {
        unsigned char flags;
        u8 digest[IMA_DIGEST_SIZE];
        struct mutex mutex;     /* protects: version, flags, digest */
+        /* protected by inode->i_lock */
        unsigned int readcount; /* measured files readcount */
        unsigned int writecount;/* measured files writecount */
        struct kref refcount;   /* ima_iint_cache reference count */
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 5a1bf3df11f8..2f9b5d50424e 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -85,42 +85,12 @@ out:
        return found;
 }
-/* ima_read_write_check - reflect possible reading/writing errors in the PCR.
- *
- * When opening a file for read, if the file is already open for write,
- * the file could change, resulting in a file measurement error.
- *
- * Opening a file for write, if the file is already open for read, results
- * in a time of measure, time of use (ToMToU) error.
- *
- * In either case invalidate the PCR.
- */
-enum iint_pcr_error { TOMTOU, OPEN_WRITERS };
-static void ima_read_write_check(enum iint_pcr_error error,
-                                 struct ima_iint_cache *iint,
-                                 struct inode *inode,
-                                 const unsigned char *filename)
-{
-        switch (error) {
-        case TOMTOU:
-                if (iint->readcount > 0)
-                        ima_add_violation(inode, filename, "invalid_pcr",
-                                          "ToMToU");
-                break;
-        case OPEN_WRITERS:
-                if (iint->writecount > 0)
-                        ima_add_violation(inode, filename, "invalid_pcr",
-                                          "open_writers");
-                break;
-        }
-}
 /*
 * Update the counts given an fmode_t
 */
 static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode)
 {
-        BUG_ON(!mutex_is_locked(&iint->mutex));
+        assert_spin_locked(&iint->inode->i_lock);
        if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
                iint->readcount++;
@@ -146,6 +116,7 @@ void ima_counts_get(struct file *file)
        fmode_t mode = file->f_mode;
        struct ima_iint_cache *iint;
        int rc;
+        bool send_tomtou = false, send_writers = false;
        if (!iint_initialized || !S_ISREG(inode->i_mode))
                return;
@@ -153,22 +124,35 @@ void ima_counts_get(struct file *file)
        if (!iint)
                return;
        mutex_lock(&iint->mutex);
+        spin_lock(&inode->i_lock);
        if (!ima_initialized)
                goto out;
        rc = ima_must_measure(iint, inode, MAY_READ, FILE_CHECK);
        if (rc < 0)
                goto out;
        if (mode & FMODE_WRITE) {
-                ima_read_write_check(TOMTOU, iint, inode, dentry->d_name.name);
+                if (iint->readcount)
+                        send_tomtou = true;
                goto out;
        }
-        ima_read_write_check(OPEN_WRITERS, iint, inode, dentry->d_name.name);
+        if (atomic_read(&inode->i_writecount) > 0)
+                send_writers = true;
 out:
        ima_inc_counts(iint, file->f_mode);
+        spin_unlock(&inode->i_lock);
        mutex_unlock(&iint->mutex);
        kref_put(&iint->refcount, iint_free);
+        if (send_tomtou)
+                ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
+                                  "ToMToU");
+        if (send_writers)
+                ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
+                                  "open_writers");
 }
 /*
@@ -181,6 +165,7 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
        bool dump = false;
        BUG_ON(!mutex_is_locked(&iint->mutex));
+        assert_spin_locked(&inode->i_lock);
        if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
                if (unlikely(iint->readcount == 0))
@@ -223,7 +208,11 @@ void ima_file_free(struct file *file)
                return;
        mutex_lock(&iint->mutex);
+        spin_lock(&inode->i_lock);
        ima_dec_counts(iint, inode, file);
+        spin_unlock(&inode->i_lock);
        mutex_unlock(&iint->mutex);
        kref_put(&iint->refcount, iint_free);
 }
author	Eric Paris <eparis@redhat.com>	2010-10-25 14:41:45 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2010-10-26 14:37:18 -0400
commit	ad16ad00c34d3f320a5876b3d711ef6bc81362e1 (patch)
tree	7cf3b755567fde2850d2ea7f4a186a0dcea6b80f
parent	15aac676778f206b42c4d7782b08f89246680485 (diff)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index f7af0110bcde..80aca3d2cb71 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h
@@ -106,6 +106,7 @@ struct ima_iint_cache {
106	unsigned char flags;	106	unsigned char flags;
107	u8 digest[IMA_DIGEST_SIZE];	107	u8 digest[IMA_DIGEST_SIZE];
108	struct mutex mutex; /* protects: version, flags, digest */	108	struct mutex mutex; /* protects: version, flags, digest */
		109	/* protected by inode->i_lock */
109	unsigned int readcount; /* measured files readcount */	110	unsigned int readcount; /* measured files readcount */
110	unsigned int writecount;/* measured files writecount */	111	unsigned int writecount;/* measured files writecount */
111	struct kref refcount; /* ima_iint_cache reference count */	112	struct kref refcount; /* ima_iint_cache reference count */


diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5a1bf3df11f8..2f9b5d50424e 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c
@@ -85,42 +85,12 @@ out:
85	return found;	85	return found;
86	}	86	}
87		87
88	/* ima_read_write_check - reflect possible reading/writing errors in the PCR.
89	*
90	* When opening a file for read, if the file is already open for write,
91	* the file could change, resulting in a file measurement error.
92	*
93	* Opening a file for write, if the file is already open for read, results
94	* in a time of measure, time of use (ToMToU) error.
95	*
96	* In either case invalidate the PCR.
97	*/
98	enum iint_pcr_error { TOMTOU, OPEN_WRITERS };
99	static void ima_read_write_check(enum iint_pcr_error error,
100	struct ima_iint_cache *iint,
101	struct inode *inode,
102	const unsigned char *filename)
103	{
104	switch (error) {
105	case TOMTOU:
106	if (iint->readcount > 0)
107	ima_add_violation(inode, filename, "invalid_pcr",
108	"ToMToU");
109	break;
110	case OPEN_WRITERS:
111	if (iint->writecount > 0)
112	ima_add_violation(inode, filename, "invalid_pcr",
113	"open_writers");
114	break;
115	}
116	}
117
118	/*	88	/*
119	* Update the counts given an fmode_t	89	* Update the counts given an fmode_t
120	*/	90	*/
121	static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode)	91	static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode)
122	{	92	{
123	BUG_ON(!mutex_is_locked(&iint->mutex));	93	assert_spin_locked(&iint->inode->i_lock);
124		94
125	if ((mode & (FMODE_READ \| FMODE_WRITE)) == FMODE_READ)	95	if ((mode & (FMODE_READ \| FMODE_WRITE)) == FMODE_READ)
126	iint->readcount++;	96	iint->readcount++;
@@ -146,6 +116,7 @@ void ima_counts_get(struct file *file)
146	fmode_t mode = file->f_mode;	116	fmode_t mode = file->f_mode;
147	struct ima_iint_cache *iint;	117	struct ima_iint_cache *iint;
148	int rc;	118	int rc;
		119	bool send_tomtou = false, send_writers = false;
149		120
150	if (!iint_initialized \|\| !S_ISREG(inode->i_mode))	121	if (!iint_initialized \|\| !S_ISREG(inode->i_mode))
151	return;	122	return;
@@ -153,22 +124,35 @@ void ima_counts_get(struct file *file)
153	if (!iint)	124	if (!iint)
154	return;	125	return;
155	mutex_lock(&iint->mutex);	126	mutex_lock(&iint->mutex);
		127	spin_lock(&inode->i_lock);
		128
156	if (!ima_initialized)	129	if (!ima_initialized)
157	goto out;	130	goto out;
		131
158	rc = ima_must_measure(iint, inode, MAY_READ, FILE_CHECK);	132	rc = ima_must_measure(iint, inode, MAY_READ, FILE_CHECK);
159	if (rc < 0)	133	if (rc < 0)
160	goto out;	134	goto out;
161		135
162	if (mode & FMODE_WRITE) {	136	if (mode & FMODE_WRITE) {
163	ima_read_write_check(TOMTOU, iint, inode, dentry->d_name.name);	137	if (iint->readcount)
		138	send_tomtou = true;
164	goto out;	139	goto out;
165	}	140	}
166	ima_read_write_check(OPEN_WRITERS, iint, inode, dentry->d_name.name);	141
		142	if (atomic_read(&inode->i_writecount) > 0)
		143	send_writers = true;
167	out:	144	out:
168	ima_inc_counts(iint, file->f_mode);	145	ima_inc_counts(iint, file->f_mode);
		146	spin_unlock(&inode->i_lock);
169	mutex_unlock(&iint->mutex);	147	mutex_unlock(&iint->mutex);
170
171	kref_put(&iint->refcount, iint_free);	148	kref_put(&iint->refcount, iint_free);
		149
		150	if (send_tomtou)
		151	ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
		152	"ToMToU");
		153	if (send_writers)
		154	ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
		155	"open_writers");
172	}	156	}
173		157
174	/*	158	/*
@@ -181,6 +165,7 @@ static void ima_dec_counts(struct ima_iint_cache iint, struct inode inode,
181	bool dump = false;	165	bool dump = false;
182		166
183	BUG_ON(!mutex_is_locked(&iint->mutex));	167	BUG_ON(!mutex_is_locked(&iint->mutex));
		168	assert_spin_locked(&inode->i_lock);
184		169
185	if ((mode & (FMODE_READ \| FMODE_WRITE)) == FMODE_READ) {	170	if ((mode & (FMODE_READ \| FMODE_WRITE)) == FMODE_READ) {
186	if (unlikely(iint->readcount == 0))	171	if (unlikely(iint->readcount == 0))
@@ -223,7 +208,11 @@ void ima_file_free(struct file *file)
223	return;	208	return;
224		209
225	mutex_lock(&iint->mutex);	210	mutex_lock(&iint->mutex);
		211	spin_lock(&inode->i_lock);
		212
226	ima_dec_counts(iint, inode, file);	213	ima_dec_counts(iint, inode, file);
		214
		215	spin_unlock(&inode->i_lock);
227	mutex_unlock(&iint->mutex);	216	mutex_unlock(&iint->mutex);
228	kref_put(&iint->refcount, iint_free);	217	kref_put(&iint->refcount, iint_free);
229	}	218	}