Merge branch 'wip-2.6.34' into old-private-masterarchived-private-master

author: Andrea Bastoni <bastoni@cs.unc.edu> 2010-05-30 19:16:45 -0400
committer: Andrea Bastoni <bastoni@cs.unc.edu> 2010-05-30 19:16:45 -0400
commit: ada47b5fe13d89735805b566185f4885f5a3f750 (patch)
tree: 644b88f8a71896307d71438e9b3af49126ffb22b /security/tomoyo/realpath.c
parent: 43e98717ad40a4ae64545b5ba047c7b86aa44f4f (diff)
parent: 3280f21d43ee541f97f8cda5792150d2dbec20d5 (diff)
1 files changed, 88 insertions, 215 deletions
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 5f2e33263371..c225c65ce426 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -13,8 +13,10 @@
 #include <linux/mount.h>
 #include <linux/mnt_namespace.h>
 #include <linux/fs_struct.h>
+#include <linux/hash.h>
+#include <linux/magic.h>
+#include <linux/slab.h>
 #include "common.h"
-#include "realpath.h"
 /**
 * tomoyo_encode: Convert binary string to ascii string.
@@ -87,27 +89,21 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
                sp = dentry->d_op->d_dname(dentry, newname + offset,
                                           newname_len - offset);
        } else {
-                /* Taken from d_namespace_path(). */
+                struct path ns_root = {.mnt = NULL, .dentry = NULL};
-                struct path root;
-                struct path ns_root = { };
-                struct path tmp;
-                read_lock(&current->fs->lock);
-                root = current->fs->root;
-                path_get(&root);
-                read_unlock(&current->fs->lock);
-                spin_lock(&vfsmount_lock);
-                if (root.mnt && root.mnt->mnt_ns)
-                        ns_root.mnt = mntget(root.mnt->mnt_ns->root);
-                if (ns_root.mnt)
-                        ns_root.dentry = dget(ns_root.mnt->mnt_root);
-                spin_unlock(&vfsmount_lock);
                spin_lock(&dcache_lock);
-                tmp = ns_root;
+                /* go to whatever namespace root we are under */
-                sp = __d_path(path, &tmp, newname, newname_len);
+                sp = __d_path(path, &ns_root, newname, newname_len);
                spin_unlock(&dcache_lock);
-                path_put(&root);
+                /* Prepend "/proc" prefix if using internal proc vfs mount. */
-                path_put(&ns_root);
+                if (!IS_ERR(sp) && (path->mnt->mnt_flags & MNT_INTERNAL) &&
+                    (path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC)) {
+                        sp -= 5;
+                        if (sp >= newname)
+                                memcpy(sp, "/proc", 5);
+                        else
+                                sp = ERR_PTR(-ENOMEM);
+                }
        }
        if (IS_ERR(sp))
                error = PTR_ERR(sp);
@@ -138,12 +134,12 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
 *
 * Returns the realpath of the given @path on success, NULL otherwise.
 *
- * These functions use tomoyo_alloc(), so the caller must call tomoyo_free()
+ * These functions use kzalloc(), so the caller must call kfree()
 * if these functions didn't return NULL.
 */
 char *tomoyo_realpath_from_path(struct path *path)
 {
-        char *buf = tomoyo_alloc(sizeof(struct tomoyo_page_buffer));
+        char *buf = kzalloc(sizeof(struct tomoyo_page_buffer), GFP_KERNEL);
        BUILD_BUG_ON(sizeof(struct tomoyo_page_buffer)
                     <= TOMOYO_MAX_PATHNAME_LEN - 1);
@@ -152,7 +148,7 @@ char *tomoyo_realpath_from_path(struct path *path)
        if (tomoyo_realpath_from_path2(path, buf,
                                       TOMOYO_MAX_PATHNAME_LEN - 1) == 0)
                return buf;
-        tomoyo_free(buf);
+        kfree(buf);
        return NULL;
 }
@@ -195,97 +191,47 @@ char *tomoyo_realpath_nofollow(const char *pathname)
 }
 /* Memory allocated for non-string data. */
-static unsigned int tomoyo_allocated_memory_for_elements;
+static atomic_t tomoyo_policy_memory_size;
-/* Quota for holding non-string data. */
+/* Quota for holding policy. */
-static unsigned int tomoyo_quota_for_elements;
+static unsigned int tomoyo_quota_for_policy;
 /**
- * tomoyo_alloc_element - Allocate permanent memory for structures.
+ * tomoyo_memory_ok - Check memory quota.
 *
- * @size: Size in bytes.
+ * @ptr: Pointer to allocated memory.
 *
- * Returns pointer to allocated memory on success, NULL otherwise.
+ * Returns true on success, false otherwise.
 *
- * Memory has to be zeroed.
+ * Caller holds tomoyo_policy_lock.
- * The RAM is chunked, so NEVER try to kfree() the returned pointer.
+ * Memory pointed by @ptr will be zeroed on success.
 */
-void *tomoyo_alloc_element(const unsigned int size)
+bool tomoyo_memory_ok(void *ptr)
 {
-        static char *buf;
+        int allocated_len = ptr ? ksize(ptr) : 0;
-        static DEFINE_MUTEX(lock);
+        atomic_add(allocated_len, &tomoyo_policy_memory_size);
-        static unsigned int buf_used_len = PATH_MAX;
+        if (ptr && (!tomoyo_quota_for_policy ||
-        char *ptr = NULL;
+                    atomic_read(&tomoyo_policy_memory_size)
-        /*Assumes sizeof(void *) >= sizeof(long) is true. */
+                    <= tomoyo_quota_for_policy)) {
-        const unsigned int word_aligned_size
+                memset(ptr, 0, allocated_len);
-                = roundup(size, max(sizeof(void *), sizeof(long)));
+                return true;
-        if (word_aligned_size > PATH_MAX)
-                return NULL;
-        mutex_lock(&lock);
-        if (buf_used_len + word_aligned_size > PATH_MAX) {
-                if (!tomoyo_quota_for_elements ||
-                    tomoyo_allocated_memory_for_elements
-                    + PATH_MAX <= tomoyo_quota_for_elements)
-                        ptr = kzalloc(PATH_MAX, GFP_KERNEL);
-                if (!ptr) {
-                        printk(KERN_WARNING "ERROR: Out of memory "
-                               "for tomoyo_alloc_element().\n");
-                        if (!tomoyo_policy_loaded)
-                                panic("MAC Initialization failed.\n");
-                } else {
-                        buf = ptr;
-                        tomoyo_allocated_memory_for_elements += PATH_MAX;
-                        buf_used_len = word_aligned_size;
-                        ptr = buf;
-                }
-        } else if (word_aligned_size) {
-                int i;
-                ptr = buf + buf_used_len;
-                buf_used_len += word_aligned_size;
-                for (i = 0; i < word_aligned_size; i++) {
-                        if (!ptr[i])
-                                continue;
-                        printk(KERN_ERR "WARNING: Reserved memory was tainted! "
-                               "The system might go wrong.\n");
-                        ptr[i] = '\0';
-                }
        }
-        mutex_unlock(&lock);
+        printk(KERN_WARNING "ERROR: Out of memory "
-        return ptr;
+               "for tomoyo_alloc_element().\n");
+        if (!tomoyo_policy_loaded)
+                panic("MAC Initialization failed.\n");
+        return false;
 }
-/* Memory allocated for string data in bytes. */
+/**
-static unsigned int tomoyo_allocated_memory_for_savename;
+ * tomoyo_memory_free - Free memory for elements.
-/* Quota for holding string data in bytes. */
-static unsigned int tomoyo_quota_for_savename;
-/*
- * TOMOYO uses this hash only when appending a string into the string
- * table. Frequency of appending strings is very low. So we don't need
- * large (e.g. 64k) hash size. 256 will be sufficient.
- */
-#define TOMOYO_MAX_HASH 256
-/*
- * tomoyo_name_entry is a structure which is used for linking
- * "struct tomoyo_path_info" into tomoyo_name_list .
 *
- * Since tomoyo_name_list manages a list of strings which are shared by
+ * @ptr:  Pointer to allocated memory.
- * multiple processes (whereas "struct tomoyo_path_info" inside
- * "struct tomoyo_path_info_with_data" is not shared), a reference counter will
- * be added to "struct tomoyo_name_entry" rather than "struct tomoyo_path_info"
- * when TOMOYO starts supporting garbage collector.
 */
-struct tomoyo_name_entry {
+void tomoyo_memory_free(void *ptr)
-        struct list_head list;
+{
-        struct tomoyo_path_info entry;
+        atomic_sub(ksize(ptr), &tomoyo_policy_memory_size);
-};
+        kfree(ptr);
+}
-/* Structure for available memory region. */
-struct tomoyo_free_memory_block_list {
-        struct list_head list;
-        char *ptr;             /* Pointer to a free area. */
-        int len;               /* Length of the area.     */
-};
 /*
 * tomoyo_name_list is used for holding string data used by TOMOYO.
@@ -293,85 +239,58 @@ struct tomoyo_free_memory_block_list {
 * "/lib/libc-2.5.so"), TOMOYO shares string data in the form of
 * "const struct tomoyo_path_info *".
 */
-static struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
+struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
+/* Lock for protecting tomoyo_name_list . */
+DEFINE_MUTEX(tomoyo_name_list_lock);
 /**
- * tomoyo_save_name - Allocate permanent memory for string data.
+ * tomoyo_get_name - Allocate permanent memory for string data.
 *
 * @name: The string to store into the permernent memory.
 *
 * Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
- *
- * The RAM is shared, so NEVER try to modify or kfree() the returned name.
 */
-const struct tomoyo_path_info *tomoyo_save_name(const char *name)
+const struct tomoyo_path_info *tomoyo_get_name(const char *name)
 {
-        static LIST_HEAD(fmb_list);
-        static DEFINE_MUTEX(lock);
        struct tomoyo_name_entry *ptr;
        unsigned int hash;
-        /* fmb contains available size in bytes.
-           fmb is removed from the fmb_list when fmb->len becomes 0. */
-        struct tomoyo_free_memory_block_list *fmb;
        int len;
-        char *cp;
+        int allocated_len;
+        struct list_head *head;
        if (!name)
                return NULL;
        len = strlen(name) + 1;
-        if (len > TOMOYO_MAX_PATHNAME_LEN) {
-                printk(KERN_WARNING "ERROR: Name too long "
-                       "for tomoyo_save_name().\n");
-                return NULL;
-        }
        hash = full_name_hash((const unsigned char *) name, len - 1);
-        mutex_lock(&lock);
+        head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)];
-        list_for_each_entry(ptr, &tomoyo_name_list[hash % TOMOYO_MAX_HASH],
+        mutex_lock(&tomoyo_name_list_lock);
-                             list) {
+        list_for_each_entry(ptr, head, list) {
-                if (hash == ptr->entry.hash && !strcmp(name, ptr->entry.name))
+                if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name))
-                        goto out;
+                        continue;
-        }
+                atomic_inc(&ptr->users);
-        list_for_each_entry(fmb, &fmb_list, list) {
+                goto out;
-                if (len <= fmb->len)
-                        goto ready;
        }
-        if (!tomoyo_quota_for_savename ||
+        ptr = kzalloc(sizeof(*ptr) + len, GFP_KERNEL);
-            tomoyo_allocated_memory_for_savename + PATH_MAX
+        allocated_len = ptr ? ksize(ptr) : 0;
-            <= tomoyo_quota_for_savename)
+        if (!ptr || (tomoyo_quota_for_policy &&
-                cp = kzalloc(PATH_MAX, GFP_KERNEL);
+                     atomic_read(&tomoyo_policy_memory_size) + allocated_len
-        else
+                     > tomoyo_quota_for_policy)) {
-                cp = NULL;
+                kfree(ptr);
-        fmb = kzalloc(sizeof(*fmb), GFP_KERNEL);
-        if (!cp || !fmb) {
-                kfree(cp);
-                kfree(fmb);
                printk(KERN_WARNING "ERROR: Out of memory "
-                       "for tomoyo_save_name().\n");
+                       "for tomoyo_get_name().\n");
                if (!tomoyo_policy_loaded)
                        panic("MAC Initialization failed.\n");
                ptr = NULL;
                goto out;
        }
-        tomoyo_allocated_memory_for_savename += PATH_MAX;
+        atomic_add(allocated_len, &tomoyo_policy_memory_size);
-        list_add(&fmb->list, &fmb_list);
+        ptr->entry.name = ((char *) ptr) + sizeof(*ptr);
-        fmb->ptr = cp;
+        memmove((char *) ptr->entry.name, name, len);
-        fmb->len = PATH_MAX;
+        atomic_set(&ptr->users, 1);
- ready:
-        ptr = tomoyo_alloc_element(sizeof(*ptr));
-        if (!ptr)
-                goto out;
-        ptr->entry.name = fmb->ptr;
-        memmove(fmb->ptr, name, len);
        tomoyo_fill_path_info(&ptr->entry);
-        fmb->ptr += len;
+        list_add_tail(&ptr->list, head);
-        fmb->len -= len;
-        list_add_tail(&ptr->list, &tomoyo_name_list[hash % TOMOYO_MAX_HASH]);
-        if (fmb->len == 0) {
-                list_del(&fmb->list);
-                kfree(fmb);
-        }
 out:
-        mutex_unlock(&lock);
+        mutex_unlock(&tomoyo_name_list_lock);
        return ptr ? &ptr->entry : NULL;
 }
@@ -386,45 +305,14 @@ void __init tomoyo_realpath_init(void)
        for (i = 0; i < TOMOYO_MAX_HASH; i++)
                INIT_LIST_HEAD(&tomoyo_name_list[i]);
        INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);
-        tomoyo_kernel_domain.domainname = tomoyo_save_name(TOMOYO_ROOT_NAME);
+        tomoyo_kernel_domain.domainname = tomoyo_get_name(TOMOYO_ROOT_NAME);
-        list_add_tail(&tomoyo_kernel_domain.list, &tomoyo_domain_list);
+        /*
-        down_read(&tomoyo_domain_list_lock);
+         * tomoyo_read_lock() is not needed because this function is
+         * called before the first "delete" request.
+         */
+        list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list);
        if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain)
                panic("Can't register tomoyo_kernel_domain");
-        up_read(&tomoyo_domain_list_lock);
-}
-/* Memory allocated for temporary purpose. */
-static atomic_t tomoyo_dynamic_memory_size;
-/**
- * tomoyo_alloc - Allocate memory for temporary purpose.
- *
- * @size: Size in bytes.
- *
- * Returns pointer to allocated memory on success, NULL otherwise.
- */
-void *tomoyo_alloc(const size_t size)
-{
-        void *p = kzalloc(size, GFP_KERNEL);
-        if (p)
-                atomic_add(ksize(p), &tomoyo_dynamic_memory_size);
-        return p;
-}
-/**
- * tomoyo_free - Release memory allocated by tomoyo_alloc().
- *
- * @p: Pointer returned by tomoyo_alloc(). May be NULL.
- *
- * Returns nothing.
- */
-void tomoyo_free(const void *p)
-{
-        if (p) {
-                atomic_sub(ksize(p), &tomoyo_dynamic_memory_size);
-                kfree(p);
-        }
 }
 /**
@@ -437,32 +325,19 @@ void tomoyo_free(const void *p)
 int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
 {
        if (!head->read_eof) {
-                const unsigned int shared
+                const unsigned int policy
-                        = tomoyo_allocated_memory_for_savename;
+                        = atomic_read(&tomoyo_policy_memory_size);
-                const unsigned int private
-                        = tomoyo_allocated_memory_for_elements;
-                const unsigned int dynamic
-                        = atomic_read(&tomoyo_dynamic_memory_size);
                char buffer[64];
                memset(buffer, 0, sizeof(buffer));
-                if (tomoyo_quota_for_savename)
+                if (tomoyo_quota_for_policy)
-                        snprintf(buffer, sizeof(buffer) - 1,
-                                 "   (Quota: %10u)",
-                                 tomoyo_quota_for_savename);
-                else
-                        buffer[0] = '\0';
-                tomoyo_io_printf(head, "Shared:  %10u%s\n", shared, buffer);
-                if (tomoyo_quota_for_elements)
                        snprintf(buffer, sizeof(buffer) - 1,
                                 "   (Quota: %10u)",
-                                 tomoyo_quota_for_elements);
+                                 tomoyo_quota_for_policy);
                else
                        buffer[0] = '\0';
-                tomoyo_io_printf(head, "Private: %10u%s\n", private, buffer);
+                tomoyo_io_printf(head, "Policy:  %10u%s\n", policy, buffer);
-                tomoyo_io_printf(head, "Dynamic: %10u\n", dynamic);
+                tomoyo_io_printf(head, "Total:   %10u\n", policy);
-                tomoyo_io_printf(head, "Total:   %10u\n",
-                                 shared + private + dynamic);
                head->read_eof = true;
        }
        return 0;
@@ -480,9 +355,7 @@ int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head)
        char *data = head->write_buf;
        unsigned int size;
-        if (sscanf(data, "Shared: %u", &size) == 1)
+        if (sscanf(data, "Policy: %u", &size) == 1)
-                tomoyo_quota_for_savename = size;
+                tomoyo_quota_for_policy = size;
-        else if (sscanf(data, "Private: %u", &size) == 1)
-                tomoyo_quota_for_elements = size;
        return 0;
 }
author	Andrea Bastoni <bastoni@cs.unc.edu>	2010-05-30 19:16:45 -0400
committer	Andrea Bastoni <bastoni@cs.unc.edu>	2010-05-30 19:16:45 -0400
commit	ada47b5fe13d89735805b566185f4885f5a3f750 (patch)
tree	644b88f8a71896307d71438e9b3af49126ffb22b /security/tomoyo/realpath.c
parent	43e98717ad40a4ae64545b5ba047c7b86aa44f4f (diff)
parent	3280f21d43ee541f97f8cda5792150d2dbec20d5 (diff)

diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 5f2e33263371..c225c65ce426 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c
@@ -13,8 +13,10 @@
13	#include <linux/mount.h>	13	#include <linux/mount.h>
14	#include <linux/mnt_namespace.h>	14	#include <linux/mnt_namespace.h>
15	#include <linux/fs_struct.h>	15	#include <linux/fs_struct.h>
		16	#include <linux/hash.h>
		17	#include <linux/magic.h>
		18	#include <linux/slab.h>
16	#include "common.h"	19	#include "common.h"
17	#include "realpath.h"
18		20
19	/**	21	/**
20	* tomoyo_encode: Convert binary string to ascii string.	22	* tomoyo_encode: Convert binary string to ascii string.
@@ -87,27 +89,21 @@ int tomoyo_realpath_from_path2(struct path path, char newname,
87	sp = dentry->d_op->d_dname(dentry, newname + offset,	89	sp = dentry->d_op->d_dname(dentry, newname + offset,
88	newname_len - offset);	90	newname_len - offset);
89	} else {	91	} else {
90	/* Taken from d_namespace_path(). */	92	struct path ns_root = {.mnt = NULL, .dentry = NULL};
91	struct path root;
92	struct path ns_root = { };
93	struct path tmp;
94		93
95	read_lock(&current->fs->lock);
96	root = current->fs->root;
97	path_get(&root);
98	read_unlock(&current->fs->lock);
99	spin_lock(&vfsmount_lock);
100	if (root.mnt && root.mnt->mnt_ns)
101	ns_root.mnt = mntget(root.mnt->mnt_ns->root);
102	if (ns_root.mnt)
103	ns_root.dentry = dget(ns_root.mnt->mnt_root);
104	spin_unlock(&vfsmount_lock);
105	spin_lock(&dcache_lock);	94	spin_lock(&dcache_lock);
106	tmp = ns_root;	95	/* go to whatever namespace root we are under */
107	sp = __d_path(path, &tmp, newname, newname_len);	96	sp = __d_path(path, &ns_root, newname, newname_len);
108	spin_unlock(&dcache_lock);	97	spin_unlock(&dcache_lock);
109	path_put(&root);	98	/* Prepend "/proc" prefix if using internal proc vfs mount. */
110	path_put(&ns_root);	99	if (!IS_ERR(sp) && (path->mnt->mnt_flags & MNT_INTERNAL) &&
		100	(path->mnt->mnt_sb->s_magic == PROC_SUPER_MAGIC)) {
		101	sp -= 5;
		102	if (sp >= newname)
		103	memcpy(sp, "/proc", 5);
		104	else
		105	sp = ERR_PTR(-ENOMEM);
		106	}
111	}	107	}
112	if (IS_ERR(sp))	108	if (IS_ERR(sp))
113	error = PTR_ERR(sp);	109	error = PTR_ERR(sp);
@@ -138,12 +134,12 @@ int tomoyo_realpath_from_path2(struct path path, char newname,
138	*	134	*
139	* Returns the realpath of the given @path on success, NULL otherwise.	135	* Returns the realpath of the given @path on success, NULL otherwise.
140	*	136	*
141	* These functions use tomoyo_alloc(), so the caller must call tomoyo_free()	137	* These functions use kzalloc(), so the caller must call kfree()
142	* if these functions didn't return NULL.	138	* if these functions didn't return NULL.
143	*/	139	*/
144	char tomoyo_realpath_from_path(struct path path)	140	char tomoyo_realpath_from_path(struct path path)
145	{	141	{
146	char *buf = tomoyo_alloc(sizeof(struct tomoyo_page_buffer));	142	char *buf = kzalloc(sizeof(struct tomoyo_page_buffer), GFP_KERNEL);
147		143
148	BUILD_BUG_ON(sizeof(struct tomoyo_page_buffer)	144	BUILD_BUG_ON(sizeof(struct tomoyo_page_buffer)
149	<= TOMOYO_MAX_PATHNAME_LEN - 1);	145	<= TOMOYO_MAX_PATHNAME_LEN - 1);
@@ -152,7 +148,7 @@ char tomoyo_realpath_from_path(struct path path)
152	if (tomoyo_realpath_from_path2(path, buf,	148	if (tomoyo_realpath_from_path2(path, buf,
153	TOMOYO_MAX_PATHNAME_LEN - 1) == 0)	149	TOMOYO_MAX_PATHNAME_LEN - 1) == 0)
154	return buf;	150	return buf;
155	tomoyo_free(buf);	151	kfree(buf);
156	return NULL;	152	return NULL;
157	}	153	}
158		154
@@ -195,97 +191,47 @@ char tomoyo_realpath_nofollow(const char pathname)
195	}	191	}
196		192
197	/* Memory allocated for non-string data. */	193	/* Memory allocated for non-string data. */
198	static unsigned int tomoyo_allocated_memory_for_elements;	194	static atomic_t tomoyo_policy_memory_size;
199	/* Quota for holding non-string data. */	195	/* Quota for holding policy. */
200	static unsigned int tomoyo_quota_for_elements;	196	static unsigned int tomoyo_quota_for_policy;
201		197
202	/**	198	/**
203	* tomoyo_alloc_element - Allocate permanent memory for structures.	199	* tomoyo_memory_ok - Check memory quota.
204	*	200	*
205	* @size: Size in bytes.	201	* @ptr: Pointer to allocated memory.
206	*	202	*
207	* Returns pointer to allocated memory on success, NULL otherwise.	203	* Returns true on success, false otherwise.
208	*	204	*
209	* Memory has to be zeroed.	205	* Caller holds tomoyo_policy_lock.
210	* The RAM is chunked, so NEVER try to kfree() the returned pointer.	206	* Memory pointed by @ptr will be zeroed on success.
211	*/	207	*/
212	void *tomoyo_alloc_element(const unsigned int size)	208	bool tomoyo_memory_ok(void *ptr)
213	{	209	{
214	static char *buf;	210	int allocated_len = ptr ? ksize(ptr) : 0;
215	static DEFINE_MUTEX(lock);	211	atomic_add(allocated_len, &tomoyo_policy_memory_size);
216	static unsigned int buf_used_len = PATH_MAX;	212	if (ptr && (!tomoyo_quota_for_policy \|\|
217	char *ptr = NULL;	213	atomic_read(&tomoyo_policy_memory_size)
218	/Assumes sizeof(void ) >= sizeof(long) is true. */	214	<= tomoyo_quota_for_policy)) {
219	const unsigned int word_aligned_size	215	memset(ptr, 0, allocated_len);
220	= roundup(size, max(sizeof(void *), sizeof(long)));	216	return true;
221	if (word_aligned_size > PATH_MAX)
222	return NULL;
223	mutex_lock(&lock);
224	if (buf_used_len + word_aligned_size > PATH_MAX) {
225	if (!tomoyo_quota_for_elements \|\|
226	tomoyo_allocated_memory_for_elements
227	+ PATH_MAX <= tomoyo_quota_for_elements)
228	ptr = kzalloc(PATH_MAX, GFP_KERNEL);
229	if (!ptr) {
230	printk(KERN_WARNING "ERROR: Out of memory "
231	"for tomoyo_alloc_element().\n");
232	if (!tomoyo_policy_loaded)
233	panic("MAC Initialization failed.\n");
234	} else {
235	buf = ptr;
236	tomoyo_allocated_memory_for_elements += PATH_MAX;
237	buf_used_len = word_aligned_size;
238	ptr = buf;
239	}
240	} else if (word_aligned_size) {
241	int i;
242	ptr = buf + buf_used_len;
243	buf_used_len += word_aligned_size;
244	for (i = 0; i < word_aligned_size; i++) {
245	if (!ptr[i])
246	continue;
247	printk(KERN_ERR "WARNING: Reserved memory was tainted! "
248	"The system might go wrong.\n");
249	ptr[i] = '\0';
250	}
251	}	217	}
252	mutex_unlock(&lock);	218	printk(KERN_WARNING "ERROR: Out of memory "
253	return ptr;	219	"for tomoyo_alloc_element().\n");
		220	if (!tomoyo_policy_loaded)
		221	panic("MAC Initialization failed.\n");
		222	return false;
254	}	223	}
255		224
256	/* Memory allocated for string data in bytes. */	225	/**
257	static unsigned int tomoyo_allocated_memory_for_savename;	226	* tomoyo_memory_free - Free memory for elements.
258	/* Quota for holding string data in bytes. */
259	static unsigned int tomoyo_quota_for_savename;
260
261	/*
262	* TOMOYO uses this hash only when appending a string into the string
263	* table. Frequency of appending strings is very low. So we don't need
264	* large (e.g. 64k) hash size. 256 will be sufficient.
265	*/
266	#define TOMOYO_MAX_HASH 256
267
268	/*
269	* tomoyo_name_entry is a structure which is used for linking
270	* "struct tomoyo_path_info" into tomoyo_name_list .
271	*	227	*
272	* Since tomoyo_name_list manages a list of strings which are shared by	228	* @ptr: Pointer to allocated memory.
273	* multiple processes (whereas "struct tomoyo_path_info" inside
274	* "struct tomoyo_path_info_with_data" is not shared), a reference counter will
275	* be added to "struct tomoyo_name_entry" rather than "struct tomoyo_path_info"
276	* when TOMOYO starts supporting garbage collector.
277	*/	229	*/
278	struct tomoyo_name_entry {	230	void tomoyo_memory_free(void *ptr)
279	struct list_head list;	231	{
280	struct tomoyo_path_info entry;	232	atomic_sub(ksize(ptr), &tomoyo_policy_memory_size);
281	};	233	kfree(ptr);
282		234	}
283	/* Structure for available memory region. */
284	struct tomoyo_free_memory_block_list {
285	struct list_head list;
286	char ptr; / Pointer to a free area. */
287	int len; /* Length of the area. */
288	};
289		235
290	/*	236	/*
291	* tomoyo_name_list is used for holding string data used by TOMOYO.	237	* tomoyo_name_list is used for holding string data used by TOMOYO.
@@ -293,85 +239,58 @@ struct tomoyo_free_memory_block_list {
293	* "/lib/libc-2.5.so"), TOMOYO shares string data in the form of	239	* "/lib/libc-2.5.so"), TOMOYO shares string data in the form of
294	* "const struct tomoyo_path_info *".	240	* "const struct tomoyo_path_info *".
295	*/	241	*/
296	static struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];	242	struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
		243	/* Lock for protecting tomoyo_name_list . */
		244	DEFINE_MUTEX(tomoyo_name_list_lock);
297		245
298	/**	246	/**
299	* tomoyo_save_name - Allocate permanent memory for string data.	247	* tomoyo_get_name - Allocate permanent memory for string data.
300	*	248	*
301	* @name: The string to store into the permernent memory.	249	* @name: The string to store into the permernent memory.
302	*	250	*
303	* Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.	251	* Returns pointer to "struct tomoyo_path_info" on success, NULL otherwise.
304	*
305	* The RAM is shared, so NEVER try to modify or kfree() the returned name.
306	*/	252	*/
307	const struct tomoyo_path_info tomoyo_save_name(const char name)	253	const struct tomoyo_path_info tomoyo_get_name(const char name)
308	{	254	{
309	static LIST_HEAD(fmb_list);
310	static DEFINE_MUTEX(lock);
311	struct tomoyo_name_entry *ptr;	255	struct tomoyo_name_entry *ptr;
312	unsigned int hash;	256	unsigned int hash;
313	/* fmb contains available size in bytes.
314	fmb is removed from the fmb_list when fmb->len becomes 0. */
315	struct tomoyo_free_memory_block_list *fmb;
316	int len;	257	int len;
317	char *cp;	258	int allocated_len;
		259	struct list_head *head;
318		260
319	if (!name)	261	if (!name)
320	return NULL;	262	return NULL;
321	len = strlen(name) + 1;	263	len = strlen(name) + 1;
322	if (len > TOMOYO_MAX_PATHNAME_LEN) {
323	printk(KERN_WARNING "ERROR: Name too long "
324	"for tomoyo_save_name().\n");
325	return NULL;
326	}
327	hash = full_name_hash((const unsigned char *) name, len - 1);	264	hash = full_name_hash((const unsigned char *) name, len - 1);
328	mutex_lock(&lock);	265	head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)];
329	list_for_each_entry(ptr, &tomoyo_name_list[hash % TOMOYO_MAX_HASH],	266	mutex_lock(&tomoyo_name_list_lock);
330	list) {	267	list_for_each_entry(ptr, head, list) {
331	if (hash == ptr->entry.hash && !strcmp(name, ptr->entry.name))	268	if (hash != ptr->entry.hash \|\| strcmp(name, ptr->entry.name))
332	goto out;	269	continue;
333	}	270	atomic_inc(&ptr->users);
334	list_for_each_entry(fmb, &fmb_list, list) {	271	goto out;
335	if (len <= fmb->len)
336	goto ready;
337	}	272	}
338	if (!tomoyo_quota_for_savename \|\|	273	ptr = kzalloc(sizeof(*ptr) + len, GFP_KERNEL);
339	tomoyo_allocated_memory_for_savename + PATH_MAX	274	allocated_len = ptr ? ksize(ptr) : 0;
340	<= tomoyo_quota_for_savename)	275	if (!ptr \|\| (tomoyo_quota_for_policy &&
341	cp = kzalloc(PATH_MAX, GFP_KERNEL);	276	atomic_read(&tomoyo_policy_memory_size) + allocated_len
342	else	277	> tomoyo_quota_for_policy)) {
343	cp = NULL;	278	kfree(ptr);
344	fmb = kzalloc(sizeof(*fmb), GFP_KERNEL);
345	if (!cp \|\| !fmb) {
346	kfree(cp);
347	kfree(fmb);
348	printk(KERN_WARNING "ERROR: Out of memory "	279	printk(KERN_WARNING "ERROR: Out of memory "
349	"for tomoyo_save_name().\n");	280	"for tomoyo_get_name().\n");
350	if (!tomoyo_policy_loaded)	281	if (!tomoyo_policy_loaded)
351	panic("MAC Initialization failed.\n");	282	panic("MAC Initialization failed.\n");
352	ptr = NULL;	283	ptr = NULL;
353	goto out;	284	goto out;
354	}	285	}
355	tomoyo_allocated_memory_for_savename += PATH_MAX;	286	atomic_add(allocated_len, &tomoyo_policy_memory_size);
356	list_add(&fmb->list, &fmb_list);	287	ptr->entry.name = ((char ) ptr) + sizeof(ptr);
357	fmb->ptr = cp;	288	memmove((char *) ptr->entry.name, name, len);
358	fmb->len = PATH_MAX;	289	atomic_set(&ptr->users, 1);
359	ready:
360	ptr = tomoyo_alloc_element(sizeof(*ptr));
361	if (!ptr)
362	goto out;
363	ptr->entry.name = fmb->ptr;
364	memmove(fmb->ptr, name, len);
365	tomoyo_fill_path_info(&ptr->entry);	290	tomoyo_fill_path_info(&ptr->entry);
366	fmb->ptr += len;	291	list_add_tail(&ptr->list, head);
367	fmb->len -= len;
368	list_add_tail(&ptr->list, &tomoyo_name_list[hash % TOMOYO_MAX_HASH]);
369	if (fmb->len == 0) {
370	list_del(&fmb->list);
371	kfree(fmb);
372	}
373	out:	292	out:
374	mutex_unlock(&lock);	293	mutex_unlock(&tomoyo_name_list_lock);
375	return ptr ? &ptr->entry : NULL;	294	return ptr ? &ptr->entry : NULL;
376	}	295	}
377		296
@@ -386,45 +305,14 @@ void __init tomoyo_realpath_init(void)
386	for (i = 0; i < TOMOYO_MAX_HASH; i++)	305	for (i = 0; i < TOMOYO_MAX_HASH; i++)
387	INIT_LIST_HEAD(&tomoyo_name_list[i]);	306	INIT_LIST_HEAD(&tomoyo_name_list[i]);
388	INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);	307	INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);
389	tomoyo_kernel_domain.domainname = tomoyo_save_name(TOMOYO_ROOT_NAME);	308	tomoyo_kernel_domain.domainname = tomoyo_get_name(TOMOYO_ROOT_NAME);
390	list_add_tail(&tomoyo_kernel_domain.list, &tomoyo_domain_list);	309	/*
391	down_read(&tomoyo_domain_list_lock);	310	* tomoyo_read_lock() is not needed because this function is
		311	* called before the first "delete" request.
		312	*/
		313	list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list);
392	if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain)	314	if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain)
393	panic("Can't register tomoyo_kernel_domain");	315	panic("Can't register tomoyo_kernel_domain");
394	up_read(&tomoyo_domain_list_lock);
395	}
396
397	/* Memory allocated for temporary purpose. */
398	static atomic_t tomoyo_dynamic_memory_size;
399
400	/**
401	* tomoyo_alloc - Allocate memory for temporary purpose.
402	*
403	* @size: Size in bytes.
404	*
405	* Returns pointer to allocated memory on success, NULL otherwise.
406	*/
407	void *tomoyo_alloc(const size_t size)
408	{
409	void *p = kzalloc(size, GFP_KERNEL);
410	if (p)
411	atomic_add(ksize(p), &tomoyo_dynamic_memory_size);
412	return p;
413	}
414
415	/**
416	* tomoyo_free - Release memory allocated by tomoyo_alloc().
417	*
418	* @p: Pointer returned by tomoyo_alloc(). May be NULL.
419	*
420	* Returns nothing.
421	*/
422	void tomoyo_free(const void *p)
423	{
424	if (p) {
425	atomic_sub(ksize(p), &tomoyo_dynamic_memory_size);
426	kfree(p);
427	}
428	}	316	}
429		317
430	/**	318	/**
@@ -437,32 +325,19 @@ void tomoyo_free(const void *p)
437	int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)	325	int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
438	{	326	{
439	if (!head->read_eof) {	327	if (!head->read_eof) {
440	const unsigned int shared	328	const unsigned int policy
441	= tomoyo_allocated_memory_for_savename;	329	= atomic_read(&tomoyo_policy_memory_size);
442	const unsigned int private
443	= tomoyo_allocated_memory_for_elements;
444	const unsigned int dynamic
445	= atomic_read(&tomoyo_dynamic_memory_size);
446	char buffer[64];	330	char buffer[64];
447		331
448	memset(buffer, 0, sizeof(buffer));	332	memset(buffer, 0, sizeof(buffer));
449	if (tomoyo_quota_for_savename)	333	if (tomoyo_quota_for_policy)
450	snprintf(buffer, sizeof(buffer) - 1,
451	" (Quota: %10u)",
452	tomoyo_quota_for_savename);
453	else
454	buffer[0] = '\0';
455	tomoyo_io_printf(head, "Shared: %10u%s\n", shared, buffer);
456	if (tomoyo_quota_for_elements)
457	snprintf(buffer, sizeof(buffer) - 1,	334	snprintf(buffer, sizeof(buffer) - 1,
458	" (Quota: %10u)",	335	" (Quota: %10u)",
459	tomoyo_quota_for_elements);	336	tomoyo_quota_for_policy);
460	else	337	else
461	buffer[0] = '\0';	338	buffer[0] = '\0';
462	tomoyo_io_printf(head, "Private: %10u%s\n", private, buffer);	339	tomoyo_io_printf(head, "Policy: %10u%s\n", policy, buffer);
463	tomoyo_io_printf(head, "Dynamic: %10u\n", dynamic);	340	tomoyo_io_printf(head, "Total: %10u\n", policy);
464	tomoyo_io_printf(head, "Total: %10u\n",
465	shared + private + dynamic);
466	head->read_eof = true;	341	head->read_eof = true;
467	}	342	}
468	return 0;	343	return 0;
@@ -480,9 +355,7 @@ int tomoyo_write_memory_quota(struct tomoyo_io_buffer *head)
480	char *data = head->write_buf;	355	char *data = head->write_buf;
481	unsigned int size;	356	unsigned int size;
482		357
483	if (sscanf(data, "Shared: %u", &size) == 1)	358	if (sscanf(data, "Policy: %u", &size) == 1)
484	tomoyo_quota_for_savename = size;	359	tomoyo_quota_for_policy = size;
485	else if (sscanf(data, "Private: %u", &size) == 1)
486	tomoyo_quota_for_elements = size;
487	return 0;	360	return 0;
488	}	361	}