aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2010-10-25 14:41:32 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2010-10-26 14:37:18 -0400
commit497f32337073a2da102c49a53779097b5394711b (patch)
tree203cbcd3f9462737d872e24fb2c847ce9a69de45 /security/integrity
parentb575156dafef208415ff0842c392733d16d4ccf1 (diff)
IMA: use unsigned int instead of long for counters
Currently IMA uses 2 longs in struct inode. To save space (and as it seems impossible to overflow 32 bits) we switch these to unsigned int. The switch to unsigned does require slightly different checks for underflow, but it isn't complex. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/ima/ima.h4
-rw-r--r--security/integrity/ima/ima_iint.c4
-rw-r--r--security/integrity/ima/ima_main.c15
3 files changed, 14 insertions, 9 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3d701084eac6..000d13ab1a2d 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -106,8 +106,8 @@ struct ima_iint_cache {
106 unsigned long flags; 106 unsigned long flags;
107 u8 digest[IMA_DIGEST_SIZE]; 107 u8 digest[IMA_DIGEST_SIZE];
108 struct mutex mutex; /* protects: version, flags, digest */ 108 struct mutex mutex; /* protects: version, flags, digest */
109 long readcount; /* measured files readcount */ 109 unsigned int readcount; /* measured files readcount */
110 long writecount; /* measured files writecount */ 110 unsigned int writecount;/* measured files writecount */
111 struct kref refcount; /* ima_iint_cache reference count */ 111 struct kref refcount; /* ima_iint_cache reference count */
112}; 112};
113 113
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
index 8e64313ed182..db71a13f27fe 100644
--- a/security/integrity/ima/ima_iint.c
+++ b/security/integrity/ima/ima_iint.c
@@ -125,12 +125,12 @@ void iint_free(struct kref *kref)
125 iint->version = 0; 125 iint->version = 0;
126 iint->flags = 0UL; 126 iint->flags = 0UL;
127 if (iint->readcount != 0) { 127 if (iint->readcount != 0) {
128 printk(KERN_INFO "%s: readcount: %ld\n", __func__, 128 printk(KERN_INFO "%s: readcount: %u\n", __func__,
129 iint->readcount); 129 iint->readcount);
130 iint->readcount = 0; 130 iint->readcount = 0;
131 } 131 }
132 if (iint->writecount != 0) { 132 if (iint->writecount != 0) {
133 printk(KERN_INFO "%s: writecount: %ld\n", __func__, 133 printk(KERN_INFO "%s: writecount: %u\n", __func__,
134 iint->writecount); 134 iint->writecount);
135 iint->writecount = 0; 135 iint->writecount = 0;
136 } 136 }
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 995bd1b98fa8..5a1bf3df11f8 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -178,11 +178,18 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
178 struct file *file) 178 struct file *file)
179{ 179{
180 mode_t mode = file->f_mode; 180 mode_t mode = file->f_mode;
181 bool dump = false;
182
181 BUG_ON(!mutex_is_locked(&iint->mutex)); 183 BUG_ON(!mutex_is_locked(&iint->mutex));
182 184
183 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) 185 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
186 if (unlikely(iint->readcount == 0))
187 dump = true;
184 iint->readcount--; 188 iint->readcount--;
189 }
185 if (mode & FMODE_WRITE) { 190 if (mode & FMODE_WRITE) {
191 if (unlikely(iint->writecount == 0))
192 dump = true;
186 iint->writecount--; 193 iint->writecount--;
187 if (iint->writecount == 0) { 194 if (iint->writecount == 0) {
188 if (iint->version != inode->i_version) 195 if (iint->version != inode->i_version)
@@ -190,10 +197,8 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
190 } 197 }
191 } 198 }
192 199
193 if (((iint->readcount < 0) || 200 if (dump && !ima_limit_imbalance(file)) {
194 (iint->writecount < 0)) && 201 printk(KERN_INFO "%s: open/free imbalance (r:%u w:%u)\n",
195 !ima_limit_imbalance(file)) {
196 printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld)\n",
197 __func__, iint->readcount, iint->writecount); 202 __func__, iint->readcount, iint->writecount);
198 dump_stack(); 203 dump_stack();
199 } 204 }