diff options
| author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-24 15:29:49 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-03-24 22:22:19 -0400 |
| commit | cb622bbb69e41f2746aadf5d7d527e77597abe2e (patch) | |
| tree | 537a1ce6f76bd915bf9acd197d6bf4d042063998 /security/smack | |
| parent | 58336114af4d2cce830201aae49e50b93ede6c5c (diff) | |
smackfs: remove redundant lock, fix open(,O_RDWR)
Older smackfs was parsing MAC rules by characters, thus a need of locking
write sessions on open() was needed. This lock is no longer useful now since
each rule is handled by a single write() call.
This is also a bugfix since seq_open() was not called if an open() O_RDWR flag
was given, leading to a seq_read() without an initialized seq_file, thus an
Oops.
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Reported-by: Jonathan Corbet <corbet@lwn.net>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/smack')
| -rw-r--r-- | security/smack/smackfs.c | 35 |
1 files changed, 2 insertions, 33 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index afe7c9b0732a..cfae8afcc262 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c | |||
| @@ -74,11 +74,6 @@ struct smk_list_entry *smack_list; | |||
| 74 | #define SEQ_READ_FINISHED 1 | 74 | #define SEQ_READ_FINISHED 1 |
| 75 | 75 | ||
| 76 | /* | 76 | /* |
| 77 | * Disable concurrent writing open() operations | ||
| 78 | */ | ||
| 79 | static struct semaphore smack_write_sem; | ||
| 80 | |||
| 81 | /* | ||
| 82 | * Values for parsing cipso rules | 77 | * Values for parsing cipso rules |
| 83 | * SMK_DIGITLEN: Length of a digit field in a rule. | 78 | * SMK_DIGITLEN: Length of a digit field in a rule. |
| 84 | * SMK_CIPSOMIN: Minimum possible cipso rule length. | 79 | * SMK_CIPSOMIN: Minimum possible cipso rule length. |
| @@ -168,32 +163,7 @@ static struct seq_operations load_seq_ops = { | |||
| 168 | */ | 163 | */ |
| 169 | static int smk_open_load(struct inode *inode, struct file *file) | 164 | static int smk_open_load(struct inode *inode, struct file *file) |
| 170 | { | 165 | { |
| 171 | if ((file->f_flags & O_ACCMODE) == O_RDONLY) | 166 | return seq_open(file, &load_seq_ops); |
| 172 | return seq_open(file, &load_seq_ops); | ||
| 173 | |||
| 174 | if (down_interruptible(&smack_write_sem)) | ||
| 175 | return -ERESTARTSYS; | ||
| 176 | |||
| 177 | return 0; | ||
| 178 | } | ||
| 179 | |||
| 180 | /** | ||
| 181 | * smk_release_load - release() for /smack/load | ||
| 182 | * @inode: inode structure representing file | ||
| 183 | * @file: "load" file pointer | ||
| 184 | * | ||
| 185 | * For a reading session, use the seq_file release | ||
| 186 | * implementation. | ||
| 187 | * Otherwise, we are at the end of a writing session so | ||
| 188 | * clean everything up. | ||
| 189 | */ | ||
| 190 | static int smk_release_load(struct inode *inode, struct file *file) | ||
| 191 | { | ||
| 192 | if ((file->f_flags & O_ACCMODE) == O_RDONLY) | ||
| 193 | return seq_release(inode, file); | ||
| 194 | |||
| 195 | up(&smack_write_sem); | ||
| 196 | return 0; | ||
| 197 | } | 167 | } |
| 198 | 168 | ||
| 199 | /** | 169 | /** |
| @@ -341,7 +311,7 @@ static const struct file_operations smk_load_ops = { | |||
| 341 | .read = seq_read, | 311 | .read = seq_read, |
| 342 | .llseek = seq_lseek, | 312 | .llseek = seq_lseek, |
| 343 | .write = smk_write_load, | 313 | .write = smk_write_load, |
| 344 | .release = smk_release_load, | 314 | .release = seq_release, |
| 345 | }; | 315 | }; |
| 346 | 316 | ||
| 347 | /** | 317 | /** |
| @@ -1011,7 +981,6 @@ static int __init init_smk_fs(void) | |||
| 1011 | } | 981 | } |
| 1012 | } | 982 | } |
| 1013 | 983 | ||
| 1014 | sema_init(&smack_write_sem, 1); | ||
| 1015 | smk_cipso_doi(); | 984 | smk_cipso_doi(); |
| 1016 | smk_unlbl_ambient(NULL); | 985 | smk_unlbl_ambient(NULL); |
| 1017 | 986 | ||