aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/ima_main.c
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-06-13 11:55:47 -0400
committerMimi Zohar <zohar@linux.vnet.ibm.com>2014-07-17 09:35:09 -0400
commit2c50b964823ebb7f0a098878c399ce859cd38e9e (patch)
tree19c98e19c5059c5c9fbf8d33960df729354395b3 /security/integrity/ima/ima_main.c
parentb6b8a371f5541c2b839caba84fede693f3fcc43d (diff)
ima: remove unnecessary i_mutex locking from ima_rdwr_violation_check()
Before 2.6.39 inode->i_readcount was maintained by IMA. It was not atomic and protected using spinlock. For 2.6.39, i_readcount was converted to atomic and maintaining was moved VFS layer. Spinlock for some unclear reason was replaced by i_mutex. After analyzing the code, we came to conclusion that i_mutex locking is unnecessary, especially when an IMA policy has not been defined. This patch removes i_mutex locking from ima_rdwr_violation_check(). Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
-rw-r--r--security/integrity/ima/ima_main.c4
1 files changed, 0 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 09baa335ebc7..cf1c3696c72e 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -88,8 +88,6 @@ static void ima_rdwr_violation_check(struct file *file)
88 if (!S_ISREG(inode->i_mode) || !ima_initialized) 88 if (!S_ISREG(inode->i_mode) || !ima_initialized)
89 return; 89 return;
90 90
91 mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */
92
93 if (mode & FMODE_WRITE) { 91 if (mode & FMODE_WRITE) {
94 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { 92 if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
95 struct integrity_iint_cache *iint; 93 struct integrity_iint_cache *iint;
@@ -104,8 +102,6 @@ static void ima_rdwr_violation_check(struct file *file)
104 send_writers = true; 102 send_writers = true;
105 } 103 }
106 104
107 mutex_unlock(&inode->i_mutex);
108
109 if (!send_tomtou && !send_writers) 105 if (!send_tomtou && !send_writers)
110 return; 106 return;
111 107