aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-01-26 06:45:27 -0500
committerJames Morris <jmorris@namei.org>2010-01-26 16:20:48 -0500
commit8e2d39a1665e680c095545993aac2fcac6916eb9 (patch)
tree41687f7e7f4fb37416b7948b6d2e09d0a383459b /security/tomoyo
parent7d52a155e38d5a165759dbbee656455861bf7801 (diff)
TOMOYO: Remove usage counter for temporary memory.
TOMOYO was using own memory usage counter for detecting memory leak. But as kernel 2.6.31 introduced memory leak detection mechanism ( CONFIG_DEBUG_KMEMLEAK ), we no longer need to have own counter. We remove usage counter for memory used for permission checks, but we keep usage counter for memory used for policy so that we can apply quota. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c22
-rw-r--r--security/tomoyo/common.h2
-rw-r--r--security/tomoyo/domain.c8
-rw-r--r--security/tomoyo/file.c15
-rw-r--r--security/tomoyo/realpath.c45
-rw-r--r--security/tomoyo/realpath.h8
6 files changed, 29 insertions, 71 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index e331e699cf54..ef6622300a81 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -750,7 +750,7 @@ bool tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...)
750 * 750 *
751 * Returns the tomoyo_realpath() of current process on success, NULL otherwise. 751 * Returns the tomoyo_realpath() of current process on success, NULL otherwise.
752 * 752 *
753 * This function uses tomoyo_alloc(), so the caller must call tomoyo_free() 753 * This function uses kzalloc(), so the caller must call kfree()
754 * if this function didn't return NULL. 754 * if this function didn't return NULL.
755 */ 755 */
756static const char *tomoyo_get_exe(void) 756static const char *tomoyo_get_exe(void)
@@ -1248,7 +1248,7 @@ static bool tomoyo_is_policy_manager(void)
1248 last_pid = pid; 1248 last_pid = pid;
1249 } 1249 }
1250 } 1250 }
1251 tomoyo_free(exe); 1251 kfree(exe);
1252 return found; 1252 return found;
1253} 1253}
1254 1254
@@ -1931,7 +1931,7 @@ static int tomoyo_read_self_domain(struct tomoyo_io_buffer *head)
1931 */ 1931 */
1932static int tomoyo_open_control(const u8 type, struct file *file) 1932static int tomoyo_open_control(const u8 type, struct file *file)
1933{ 1933{
1934 struct tomoyo_io_buffer *head = tomoyo_alloc(sizeof(*head)); 1934 struct tomoyo_io_buffer *head = kzalloc(sizeof(*head), GFP_KERNEL);
1935 1935
1936 if (!head) 1936 if (!head)
1937 return -ENOMEM; 1937 return -ENOMEM;
@@ -1992,9 +1992,9 @@ static int tomoyo_open_control(const u8 type, struct file *file)
1992 } else { 1992 } else {
1993 if (!head->readbuf_size) 1993 if (!head->readbuf_size)
1994 head->readbuf_size = 4096 * 2; 1994 head->readbuf_size = 4096 * 2;
1995 head->read_buf = tomoyo_alloc(head->readbuf_size); 1995 head->read_buf = kzalloc(head->readbuf_size, GFP_KERNEL);
1996 if (!head->read_buf) { 1996 if (!head->read_buf) {
1997 tomoyo_free(head); 1997 kfree(head);
1998 return -ENOMEM; 1998 return -ENOMEM;
1999 } 1999 }
2000 } 2000 }
@@ -2006,10 +2006,10 @@ static int tomoyo_open_control(const u8 type, struct file *file)
2006 head->write = NULL; 2006 head->write = NULL;
2007 } else if (head->write) { 2007 } else if (head->write) {
2008 head->writebuf_size = 4096 * 2; 2008 head->writebuf_size = 4096 * 2;
2009 head->write_buf = tomoyo_alloc(head->writebuf_size); 2009 head->write_buf = kzalloc(head->writebuf_size, GFP_KERNEL);
2010 if (!head->write_buf) { 2010 if (!head->write_buf) {
2011 tomoyo_free(head->read_buf); 2011 kfree(head->read_buf);
2012 tomoyo_free(head); 2012 kfree(head);
2013 return -ENOMEM; 2013 return -ENOMEM;
2014 } 2014 }
2015 } 2015 }
@@ -2141,11 +2141,11 @@ static int tomoyo_close_control(struct file *file)
2141 2141
2142 tomoyo_read_unlock(head->reader_idx); 2142 tomoyo_read_unlock(head->reader_idx);
2143 /* Release memory used for policy I/O. */ 2143 /* Release memory used for policy I/O. */
2144 tomoyo_free(head->read_buf); 2144 kfree(head->read_buf);
2145 head->read_buf = NULL; 2145 head->read_buf = NULL;
2146 tomoyo_free(head->write_buf); 2146 kfree(head->write_buf);
2147 head->write_buf = NULL; 2147 head->write_buf = NULL;
2148 tomoyo_free(head); 2148 kfree(head);
2149 head = NULL; 2149 head = NULL;
2150 file->private_data = NULL; 2150 file->private_data = NULL;
2151 return 0; 2151 return 0;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 610a6a056828..8b59ec8fe11e 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -89,7 +89,7 @@ struct tomoyo_path_info {
89 * "struct tomoyo_path_info_with_data". 89 * "struct tomoyo_path_info_with_data".
90 */ 90 */
91struct tomoyo_path_info_with_data { 91struct tomoyo_path_info_with_data {
92 /* Keep "head" first, for this pointer is passed to tomoyo_free(). */ 92 /* Keep "head" first, for this pointer is passed to kfree(). */
93 struct tomoyo_path_info head; 93 struct tomoyo_path_info head;
94 char barrier1[16]; /* Safeguard for overrun. */ 94 char barrier1[16]; /* Safeguard for overrun. */
95 char body[TOMOYO_MAX_PATHNAME_LEN]; 95 char body[TOMOYO_MAX_PATHNAME_LEN];
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index a55a1cced58e..34843971cc60 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -787,7 +787,7 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
787 * This function assumes that the size of buffer returned by 787 * This function assumes that the size of buffer returned by
788 * tomoyo_realpath() = TOMOYO_MAX_PATHNAME_LEN. 788 * tomoyo_realpath() = TOMOYO_MAX_PATHNAME_LEN.
789 */ 789 */
790 struct tomoyo_page_buffer *tmp = tomoyo_alloc(sizeof(*tmp)); 790 struct tomoyo_page_buffer *tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
791 struct tomoyo_domain_info *old_domain = tomoyo_domain(); 791 struct tomoyo_domain_info *old_domain = tomoyo_domain();
792 struct tomoyo_domain_info *domain = NULL; 792 struct tomoyo_domain_info *domain = NULL;
793 const char *old_domain_name = old_domain->domainname->name; 793 const char *old_domain_name = old_domain->domainname->name;
@@ -902,8 +902,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
902 if (!domain) 902 if (!domain)
903 domain = old_domain; 903 domain = old_domain;
904 bprm->cred->security = domain; 904 bprm->cred->security = domain;
905 tomoyo_free(real_program_name); 905 kfree(real_program_name);
906 tomoyo_free(symlink_program_name); 906 kfree(symlink_program_name);
907 tomoyo_free(tmp); 907 kfree(tmp);
908 return retval; 908 return retval;
909} 909}
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index cfcb096ee97a..24af081f1af9 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -150,7 +150,8 @@ static bool tomoyo_strendswith(const char *name, const char *tail)
150static struct tomoyo_path_info *tomoyo_get_path(struct path *path) 150static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
151{ 151{
152 int error; 152 int error;
153 struct tomoyo_path_info_with_data *buf = tomoyo_alloc(sizeof(*buf)); 153 struct tomoyo_path_info_with_data *buf = kzalloc(sizeof(*buf),
154 GFP_KERNEL);
154 155
155 if (!buf) 156 if (!buf)
156 return NULL; 157 return NULL;
@@ -162,7 +163,7 @@ static struct tomoyo_path_info *tomoyo_get_path(struct path *path)
162 tomoyo_fill_path_info(&buf->head); 163 tomoyo_fill_path_info(&buf->head);
163 return &buf->head; 164 return &buf->head;
164 } 165 }
165 tomoyo_free(buf); 166 kfree(buf);
166 return NULL; 167 return NULL;
167} 168}
168 169
@@ -1227,7 +1228,7 @@ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
1227 TOMOYO_TYPE_TRUNCATE_ACL, 1228 TOMOYO_TYPE_TRUNCATE_ACL,
1228 buf, mode); 1229 buf, mode);
1229 out: 1230 out:
1230 tomoyo_free(buf); 1231 kfree(buf);
1231 tomoyo_read_unlock(idx); 1232 tomoyo_read_unlock(idx);
1232 if (!is_enforce) 1233 if (!is_enforce)
1233 error = 0; 1234 error = 0;
@@ -1273,7 +1274,7 @@ int tomoyo_check_1path_perm(struct tomoyo_domain_info *domain,
1273 error = tomoyo_check_single_path_permission2(domain, operation, buf, 1274 error = tomoyo_check_single_path_permission2(domain, operation, buf,
1274 mode); 1275 mode);
1275 out: 1276 out:
1276 tomoyo_free(buf); 1277 kfree(buf);
1277 tomoyo_read_unlock(idx); 1278 tomoyo_read_unlock(idx);
1278 if (!is_enforce) 1279 if (!is_enforce)
1279 error = 0; 1280 error = 0;
@@ -1312,7 +1313,7 @@ int tomoyo_check_rewrite_permission(struct tomoyo_domain_info *domain,
1312 TOMOYO_TYPE_REWRITE_ACL, 1313 TOMOYO_TYPE_REWRITE_ACL,
1313 buf, mode); 1314 buf, mode);
1314 out: 1315 out:
1315 tomoyo_free(buf); 1316 kfree(buf);
1316 tomoyo_read_unlock(idx); 1317 tomoyo_read_unlock(idx);
1317 if (!is_enforce) 1318 if (!is_enforce)
1318 error = 0; 1319 error = 0;
@@ -1379,8 +1380,8 @@ int tomoyo_check_2path_perm(struct tomoyo_domain_info * const domain,
1379 false); 1380 false);
1380 } 1381 }
1381 out: 1382 out:
1382 tomoyo_free(buf1); 1383 kfree(buf1);
1383 tomoyo_free(buf2); 1384 kfree(buf2);
1384 tomoyo_read_unlock(idx); 1385 tomoyo_read_unlock(idx);
1385 if (!is_enforce) 1386 if (!is_enforce)
1386 error = 0; 1387 error = 0;
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 54226d5be493..92460c7ded67 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -150,12 +150,12 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
150 * 150 *
151 * Returns the realpath of the given @path on success, NULL otherwise. 151 * Returns the realpath of the given @path on success, NULL otherwise.
152 * 152 *
153 * These functions use tomoyo_alloc(), so the caller must call tomoyo_free() 153 * These functions use kzalloc(), so the caller must call kfree()
154 * if these functions didn't return NULL. 154 * if these functions didn't return NULL.
155 */ 155 */
156char *tomoyo_realpath_from_path(struct path *path) 156char *tomoyo_realpath_from_path(struct path *path)
157{ 157{
158 char *buf = tomoyo_alloc(sizeof(struct tomoyo_page_buffer)); 158 char *buf = kzalloc(sizeof(struct tomoyo_page_buffer), GFP_KERNEL);
159 159
160 BUILD_BUG_ON(sizeof(struct tomoyo_page_buffer) 160 BUILD_BUG_ON(sizeof(struct tomoyo_page_buffer)
161 <= TOMOYO_MAX_PATHNAME_LEN - 1); 161 <= TOMOYO_MAX_PATHNAME_LEN - 1);
@@ -164,7 +164,7 @@ char *tomoyo_realpath_from_path(struct path *path)
164 if (tomoyo_realpath_from_path2(path, buf, 164 if (tomoyo_realpath_from_path2(path, buf,
165 TOMOYO_MAX_PATHNAME_LEN - 1) == 0) 165 TOMOYO_MAX_PATHNAME_LEN - 1) == 0)
166 return buf; 166 return buf;
167 tomoyo_free(buf); 167 kfree(buf);
168 return NULL; 168 return NULL;
169} 169}
170 170
@@ -346,39 +346,6 @@ void __init tomoyo_realpath_init(void)
346 panic("Can't register tomoyo_kernel_domain"); 346 panic("Can't register tomoyo_kernel_domain");
347} 347}
348 348
349/* Memory allocated for temporary purpose. */
350static atomic_t tomoyo_dynamic_memory_size;
351
352/**
353 * tomoyo_alloc - Allocate memory for temporary purpose.
354 *
355 * @size: Size in bytes.
356 *
357 * Returns pointer to allocated memory on success, NULL otherwise.
358 */
359void *tomoyo_alloc(const size_t size)
360{
361 void *p = kzalloc(size, GFP_KERNEL);
362 if (p)
363 atomic_add(ksize(p), &tomoyo_dynamic_memory_size);
364 return p;
365}
366
367/**
368 * tomoyo_free - Release memory allocated by tomoyo_alloc().
369 *
370 * @p: Pointer returned by tomoyo_alloc(). May be NULL.
371 *
372 * Returns nothing.
373 */
374void tomoyo_free(const void *p)
375{
376 if (p) {
377 atomic_sub(ksize(p), &tomoyo_dynamic_memory_size);
378 kfree(p);
379 }
380}
381
382/** 349/**
383 * tomoyo_read_memory_counter - Check for memory usage in bytes. 350 * tomoyo_read_memory_counter - Check for memory usage in bytes.
384 * 351 *
@@ -393,8 +360,6 @@ int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
393 = tomoyo_allocated_memory_for_savename; 360 = tomoyo_allocated_memory_for_savename;
394 const unsigned int private 361 const unsigned int private
395 = tomoyo_allocated_memory_for_elements; 362 = tomoyo_allocated_memory_for_elements;
396 const unsigned int dynamic
397 = atomic_read(&tomoyo_dynamic_memory_size);
398 char buffer[64]; 363 char buffer[64];
399 364
400 memset(buffer, 0, sizeof(buffer)); 365 memset(buffer, 0, sizeof(buffer));
@@ -412,9 +377,7 @@ int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head)
412 else 377 else
413 buffer[0] = '\0'; 378 buffer[0] = '\0';
414 tomoyo_io_printf(head, "Private: %10u%s\n", private, buffer); 379 tomoyo_io_printf(head, "Private: %10u%s\n", private, buffer);
415 tomoyo_io_printf(head, "Dynamic: %10u\n", dynamic); 380 tomoyo_io_printf(head, "Total: %10u\n", shared + private);
416 tomoyo_io_printf(head, "Total: %10u\n",
417 shared + private + dynamic);
418 head->read_eof = true; 381 head->read_eof = true;
419 } 382 }
420 return 0; 383 return 0;
diff --git a/security/tomoyo/realpath.h b/security/tomoyo/realpath.h
index 47b4f59dad6f..da4f06ff6f8d 100644
--- a/security/tomoyo/realpath.h
+++ b/security/tomoyo/realpath.h
@@ -25,7 +25,7 @@ int tomoyo_realpath_from_path2(struct path *path, char *newname,
25 25
26/* 26/*
27 * Returns realpath(3) of the given pathname but ignores chroot'ed root. 27 * Returns realpath(3) of the given pathname but ignores chroot'ed root.
28 * These functions use tomoyo_alloc(), so the caller must call tomoyo_free() 28 * These functions use kzalloc(), so the caller must call kfree()
29 * if these functions didn't return NULL. 29 * if these functions didn't return NULL.
30 */ 30 */
31char *tomoyo_realpath(const char *pathname); 31char *tomoyo_realpath(const char *pathname);
@@ -45,12 +45,6 @@ bool tomoyo_memory_ok(void *ptr);
45 */ 45 */
46const struct tomoyo_path_info *tomoyo_save_name(const char *name); 46const struct tomoyo_path_info *tomoyo_save_name(const char *name);
47 47
48/* Allocate memory for temporary use (e.g. permission checks). */
49void *tomoyo_alloc(const size_t size);
50
51/* Free memory allocated by tomoyo_alloc(). */
52void tomoyo_free(const void *p);
53
54/* Check for memory usage. */ 48/* Check for memory usage. */
55int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head); 49int tomoyo_read_memory_counter(struct tomoyo_io_buffer *head);
56 50