diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2009-02-04 09:07:02 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-02-05 17:05:33 -0500 |
| commit | 1df9f0a73178718969ae47d813b8e7aab2cf073c (patch) | |
| tree | 6bd3d8838858f0e93acd8f7969b7d0e5ce2bfb08 /security/integrity/ima/ima_iint.c | |
| parent | f4bd857bc8ed997c25ec06b56ef8064aafa6d4f3 (diff) | |
Integrity: IMA file free imbalance
The number of calls to ima_path_check()/ima_file_free()
should be balanced. An extra call to fput(), indicates
the file could have been accessed without first being
measured.
Although f_count is incremented/decremented in places other
than fget/fput, like fget_light/fput_light and get_file, the
current task must already hold a file refcnt. The call to
__fput() is delayed until the refcnt becomes 0, resulting
in ima_file_free() flagging any changes.
- add hook to increment opencount for IPC shared memory(SYSV),
shmat files, and /dev/zero
- moved NULL iint test in opencount_get()
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity/ima/ima_iint.c')
| -rw-r--r-- | security/integrity/ima/ima_iint.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 750db3c993a7..1f035e8d29c7 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c | |||
| @@ -126,6 +126,7 @@ struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode) | |||
| 126 | 126 | ||
| 127 | return iint; | 127 | return iint; |
| 128 | } | 128 | } |
| 129 | EXPORT_SYMBOL_GPL(ima_iint_find_insert_get); | ||
| 129 | 130 | ||
| 130 | /* iint_free - called when the iint refcount goes to zero */ | 131 | /* iint_free - called when the iint refcount goes to zero */ |
| 131 | void iint_free(struct kref *kref) | 132 | void iint_free(struct kref *kref) |
| @@ -134,6 +135,21 @@ void iint_free(struct kref *kref) | |||
| 134 | refcount); | 135 | refcount); |
| 135 | iint->version = 0; | 136 | iint->version = 0; |
| 136 | iint->flags = 0UL; | 137 | iint->flags = 0UL; |
| 138 | if (iint->readcount != 0) { | ||
| 139 | printk(KERN_INFO "%s: readcount: %ld\n", __FUNCTION__, | ||
| 140 | iint->readcount); | ||
| 141 | iint->readcount = 0; | ||
| 142 | } | ||
| 143 | if (iint->writecount != 0) { | ||
| 144 | printk(KERN_INFO "%s: writecount: %ld\n", __FUNCTION__, | ||
| 145 | iint->writecount); | ||
| 146 | iint->writecount = 0; | ||
| 147 | } | ||
| 148 | if (iint->opencount != 0) { | ||
| 149 | printk(KERN_INFO "%s: opencount: %ld\n", __FUNCTION__, | ||
| 150 | iint->opencount); | ||
| 151 | iint->opencount = 0; | ||
| 152 | } | ||
| 137 | kref_set(&iint->refcount, 1); | 153 | kref_set(&iint->refcount, 1); |
| 138 | kmem_cache_free(iint_cache, iint); | 154 | kmem_cache_free(iint_cache, iint); |
| 139 | } | 155 | } |
| @@ -174,6 +190,7 @@ static void init_once(void *foo) | |||
| 174 | mutex_init(&iint->mutex); | 190 | mutex_init(&iint->mutex); |
| 175 | iint->readcount = 0; | 191 | iint->readcount = 0; |
| 176 | iint->writecount = 0; | 192 | iint->writecount = 0; |
| 193 | iint->opencount = 0; | ||
| 177 | kref_set(&iint->refcount, 1); | 194 | kref_set(&iint->refcount, 1); |
| 178 | } | 195 | } |
| 179 | 196 | ||