aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2009-12-16 06:27:40 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2009-12-16 12:16:47 -0500
commitb65a9cfc2c38eebc33533280b8ad5841caee8b6e (patch)
treed6e5b713615cc5e65c900162ab09235ae4847909
parent0552f879d45cecc35d8e372a591fc5ed863bca58 (diff)
Untangling ima mess, part 2: deal with counters
* do ima_get_count() in __dentry_open() * stop doing that in followups * move ima_path_check() to right after nameidata_to_filp() * don't bump counters on it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat
-rw-r--r--fs/cachefiles/rdwr.c2
-rw-r--r--fs/ecryptfs/main.c7
-rw-r--r--fs/namei.c56
-rw-r--r--fs/nfsd/vfs.c2
-rw-r--r--fs/open.c2
-rw-r--r--ipc/mqueue.c2
6 files changed, 28 insertions, 43 deletions
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
index a6c8c6fe8df9..1d8332563863 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
@@ -11,7 +11,6 @@
11 11
12#include <linux/mount.h> 12#include <linux/mount.h>
13#include <linux/file.h> 13#include <linux/file.h>
14#include <linux/ima.h>
15#include "internal.h" 14#include "internal.h"
16 15
17/* 16/*
@@ -923,7 +922,6 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
923 if (IS_ERR(file)) { 922 if (IS_ERR(file)) {
924 ret = PTR_ERR(file); 923 ret = PTR_ERR(file);
925 } else { 924 } else {
926 ima_counts_get(file);
927 ret = -EIO; 925 ret = -EIO;
928 if (file->f_op->write) { 926 if (file->f_op->write) {
929 pos = (loff_t) page->index << PAGE_SHIFT; 927 pos = (loff_t) page->index << PAGE_SHIFT;
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
index c6ac85d6c701..101fe4c7b1ee 100644
--- a/fs/ecryptfs/main.c
+++ b/fs/ecryptfs/main.c
@@ -35,7 +35,6 @@
35#include <linux/key.h> 35#include <linux/key.h>
36#include <linux/parser.h> 36#include <linux/parser.h>
37#include <linux/fs_stack.h> 37#include <linux/fs_stack.h>
38#include <linux/ima.h>
39#include "ecryptfs_kernel.h" 38#include "ecryptfs_kernel.h"
40 39
41/** 40/**
@@ -119,7 +118,6 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
119 const struct cred *cred = current_cred(); 118 const struct cred *cred = current_cred();
120 struct ecryptfs_inode_info *inode_info = 119 struct ecryptfs_inode_info *inode_info =
121 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); 120 ecryptfs_inode_to_private(ecryptfs_dentry->d_inode);
122 int opened_lower_file = 0;
123 int rc = 0; 121 int rc = 0;
124 122
125 mutex_lock(&inode_info->lower_file_mutex); 123 mutex_lock(&inode_info->lower_file_mutex);
@@ -136,12 +134,9 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry)
136 "for lower_dentry [0x%p] and lower_mnt [0x%p]; " 134 "for lower_dentry [0x%p] and lower_mnt [0x%p]; "
137 "rc = [%d]\n", lower_dentry, lower_mnt, rc); 135 "rc = [%d]\n", lower_dentry, lower_mnt, rc);
138 inode_info->lower_file = NULL; 136 inode_info->lower_file = NULL;
139 } else 137 }
140 opened_lower_file = 1;
141 } 138 }
142 mutex_unlock(&inode_info->lower_file_mutex); 139 mutex_unlock(&inode_info->lower_file_mutex);
143 if (opened_lower_file)
144 ima_counts_get(inode_info->lower_file);
145 return rc; 140 return rc;
146} 141}
147 142
diff --git a/fs/namei.c b/fs/namei.c
index 0f0fcccab19f..c530e5d32f12 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1461,14 +1461,7 @@ int may_open(struct path *path, int acc_mode, int flag)
1461 /* 1461 /*
1462 * Ensure there are no outstanding leases on the file. 1462 * Ensure there are no outstanding leases on the file.
1463 */ 1463 */
1464 error = break_lease(inode, flag); 1464 return break_lease(inode, flag);
1465 if (error)
1466 return error;
1467
1468 return ima_path_check(path, acc_mode ?
1469 acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
1470 ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
1471 IMA_COUNT_UPDATE);
1472} 1465}
1473 1466
1474static int handle_truncate(struct path *path) 1467static int handle_truncate(struct path *path)
@@ -1688,13 +1681,17 @@ do_last:
1688 goto exit; 1681 goto exit;
1689 } 1682 }
1690 filp = nameidata_to_filp(&nd, open_flag); 1683 filp = nameidata_to_filp(&nd, open_flag);
1691 if (IS_ERR(filp))
1692 ima_counts_put(&nd.path,
1693 acc_mode & (MAY_READ | MAY_WRITE |
1694 MAY_EXEC));
1695 mnt_drop_write(nd.path.mnt); 1684 mnt_drop_write(nd.path.mnt);
1696 if (nd.root.mnt) 1685 if (nd.root.mnt)
1697 path_put(&nd.root); 1686 path_put(&nd.root);
1687 if (!IS_ERR(filp)) {
1688 error = ima_path_check(&filp->f_path, filp->f_mode &
1689 (MAY_READ | MAY_WRITE | MAY_EXEC), 0);
1690 if (error) {
1691 fput(filp);
1692 filp = ERR_PTR(error);
1693 }
1694 }
1698 return filp; 1695 return filp;
1699 } 1696 }
1700 1697
@@ -1748,27 +1745,24 @@ ok:
1748 goto exit; 1745 goto exit;
1749 } 1746 }
1750 filp = nameidata_to_filp(&nd, open_flag); 1747 filp = nameidata_to_filp(&nd, open_flag);
1751 if (IS_ERR(filp)) { 1748 if (!IS_ERR(filp)) {
1752 ima_counts_put(&nd.path, 1749 error = ima_path_check(&filp->f_path, filp->f_mode &
1753 acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC)); 1750 (MAY_READ | MAY_WRITE | MAY_EXEC), 0);
1754 if (will_truncate)
1755 mnt_drop_write(nd.path.mnt);
1756 if (nd.root.mnt)
1757 path_put(&nd.root);
1758 return filp;
1759 }
1760
1761 if (acc_mode & MAY_WRITE)
1762 vfs_dq_init(nd.path.dentry->d_inode);
1763
1764 if (will_truncate) {
1765 error = handle_truncate(&nd.path);
1766 if (error) { 1751 if (error) {
1767 mnt_drop_write(nd.path.mnt);
1768 fput(filp); 1752 fput(filp);
1769 if (nd.root.mnt) 1753 filp = ERR_PTR(error);
1770 path_put(&nd.root); 1754 }
1771 return ERR_PTR(error); 1755 }
1756 if (!IS_ERR(filp)) {
1757 if (acc_mode & MAY_WRITE)
1758 vfs_dq_init(nd.path.dentry->d_inode);
1759
1760 if (will_truncate) {
1761 error = handle_truncate(&nd.path);
1762 if (error) {
1763 fput(filp);
1764 filp = ERR_PTR(error);
1765 }
1772 } 1766 }
1773 } 1767 }
1774 /* 1768 /*
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index a293f0273263..c9942b39654e 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -744,8 +744,6 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
744 flags, current_cred()); 744 flags, current_cred());
745 if (IS_ERR(*filp)) 745 if (IS_ERR(*filp))
746 host_err = PTR_ERR(*filp); 746 host_err = PTR_ERR(*filp);
747 else
748 ima_counts_get(*filp);
749out_nfserr: 747out_nfserr:
750 err = nfserrno(host_err); 748 err = nfserrno(host_err);
751out: 749out:
diff --git a/fs/open.c b/fs/open.c
index d95651e8be9e..ca69241796bd 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -30,6 +30,7 @@
30#include <linux/audit.h> 30#include <linux/audit.h>
31#include <linux/falloc.h> 31#include <linux/falloc.h>
32#include <linux/fs_struct.h> 32#include <linux/fs_struct.h>
33#include <linux/ima.h>
33 34
34#include "internal.h" 35#include "internal.h"
35 36
@@ -857,6 +858,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
857 if (error) 858 if (error)
858 goto cleanup_all; 859 goto cleanup_all;
859 } 860 }
861 ima_counts_get(f);
860 862
861 f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); 863 f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
862 864
diff --git a/ipc/mqueue.c b/ipc/mqueue.c
index ee9d69707c0a..c79bd57353e7 100644
--- a/ipc/mqueue.c
+++ b/ipc/mqueue.c
@@ -32,7 +32,6 @@
32#include <linux/nsproxy.h> 32#include <linux/nsproxy.h>
33#include <linux/pid.h> 33#include <linux/pid.h>
34#include <linux/ipc_namespace.h> 34#include <linux/ipc_namespace.h>
35#include <linux/ima.h>
36 35
37#include <net/sock.h> 36#include <net/sock.h>
38#include "util.h" 37#include "util.h"
@@ -734,7 +733,6 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, mode_t, mode,
734 error = PTR_ERR(filp); 733 error = PTR_ERR(filp);
735 goto out_putfd; 734 goto out_putfd;
736 } 735 }
737 ima_counts_get(filp);
738 736
739 fd_install(fd, filp); 737 fd_install(fd, filp);
740 goto out_upsem; 738 goto out_upsem;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-17 18:55:05 -0500