diff options
author | Eric Paris <eparis@redhat.com> | 2009-12-09 15:29:01 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2010-02-07 03:06:22 -0500 |
commit | 54bb6552bd9405dc7685653157a4ec260c77a71c (patch) | |
tree | 7baad9e6cfacd055fd8076d52748a2d3f71d7551 /security/integrity/ima/ima_iint.c | |
parent | 8eb988c70e7709b7bd1a69f0ec53d19ac20dea84 (diff) |
ima: initialize ima before inodes can be allocated
ima wants to create an inode information struct (iint) when inodes are
allocated. This means that at least the part of ima which does this
allocation (the allocation is filled with information later) should
before any inodes are created. To accomplish this we split the ima
initialization routine placing the kmem cache allocator inside a
security_initcall() function. Since this makes use of radix trees we also
need to make sure that is initialized before security_initcall().
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security/integrity/ima/ima_iint.c')
-rw-r--r-- | security/integrity/ima/ima_iint.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index fa592ff1ac1c..0d83edcfc402 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c | |||
@@ -52,9 +52,6 @@ int ima_inode_alloc(struct inode *inode) | |||
52 | struct ima_iint_cache *iint = NULL; | 52 | struct ima_iint_cache *iint = NULL; |
53 | int rc = 0; | 53 | int rc = 0; |
54 | 54 | ||
55 | if (!ima_initialized) | ||
56 | return 0; | ||
57 | |||
58 | iint = kmem_cache_alloc(iint_cache, GFP_NOFS); | 55 | iint = kmem_cache_alloc(iint_cache, GFP_NOFS); |
59 | if (!iint) | 56 | if (!iint) |
60 | return -ENOMEM; | 57 | return -ENOMEM; |
@@ -118,8 +115,6 @@ void ima_inode_free(struct inode *inode) | |||
118 | { | 115 | { |
119 | struct ima_iint_cache *iint; | 116 | struct ima_iint_cache *iint; |
120 | 117 | ||
121 | if (!ima_initialized) | ||
122 | return; | ||
123 | spin_lock(&ima_iint_lock); | 118 | spin_lock(&ima_iint_lock); |
124 | iint = radix_tree_delete(&ima_iint_store, (unsigned long)inode); | 119 | iint = radix_tree_delete(&ima_iint_store, (unsigned long)inode); |
125 | spin_unlock(&ima_iint_lock); | 120 | spin_unlock(&ima_iint_lock); |
@@ -141,9 +136,11 @@ static void init_once(void *foo) | |||
141 | kref_set(&iint->refcount, 1); | 136 | kref_set(&iint->refcount, 1); |
142 | } | 137 | } |
143 | 138 | ||
144 | void __init ima_iintcache_init(void) | 139 | static int __init ima_iintcache_init(void) |
145 | { | 140 | { |
146 | iint_cache = | 141 | iint_cache = |
147 | kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0, | 142 | kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0, |
148 | SLAB_PANIC, init_once); | 143 | SLAB_PANIC, init_once); |
144 | return 0; | ||
149 | } | 145 | } |
146 | security_initcall(ima_iintcache_init); | ||