aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-05-05 11:18:15 -0400
committerJames Morris <jmorris@namei.org>2010-05-05 23:19:18 -0400
commit292823814261e085cdcef06b6b691e6c2563fbd4 (patch)
tree8c1eaebcf8f698ea13ac2a9291b9769abde1905e /security/tomoyo
parent2b9e4688fad8867b6e918610f396af3ab9246898 (diff)
TOMOYO: Use mutex_lock_interruptible.
Some of TOMOYO's functions may sleep after mutex_lock(). If OOM-killer selected a process which is waiting at mutex_lock(), the to-be-killed process can't be killed. Thus, replace mutex_lock() with mutex_lock_interruptible() so that the to-be-killed process can immediately return from TOMOYO's functions. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c13
-rw-r--r--security/tomoyo/common.h1
-rw-r--r--security/tomoyo/domain.c15
-rw-r--r--security/tomoyo/file.c18
-rw-r--r--security/tomoyo/gc.c7
-rw-r--r--security/tomoyo/realpath.c7
6 files changed, 37 insertions, 24 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 3c86bbc33aeb..8f34036fd31c 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -874,13 +874,13 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
874static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned 874static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
875 int profile) 875 int profile)
876{ 876{
877 static DEFINE_MUTEX(lock);
878 struct tomoyo_profile *ptr = NULL; 877 struct tomoyo_profile *ptr = NULL;
879 int i; 878 int i;
880 879
881 if (profile >= TOMOYO_MAX_PROFILES) 880 if (profile >= TOMOYO_MAX_PROFILES)
882 return NULL; 881 return NULL;
883 mutex_lock(&lock); 882 if (mutex_lock_interruptible(&tomoyo_policy_lock))
883 return NULL;
884 ptr = tomoyo_profile_ptr[profile]; 884 ptr = tomoyo_profile_ptr[profile];
885 if (ptr) 885 if (ptr)
886 goto ok; 886 goto ok;
@@ -895,7 +895,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
895 mb(); /* Avoid out-of-order execution. */ 895 mb(); /* Avoid out-of-order execution. */
896 tomoyo_profile_ptr[profile] = ptr; 896 tomoyo_profile_ptr[profile] = ptr;
897 ok: 897 ok:
898 mutex_unlock(&lock); 898 mutex_unlock(&tomoyo_policy_lock);
899 return ptr; 899 return ptr;
900} 900}
901 901
@@ -1090,7 +1090,8 @@ static int tomoyo_update_manager_entry(const char *manager,
1090 return -ENOMEM; 1090 return -ENOMEM;
1091 if (!is_delete) 1091 if (!is_delete)
1092 entry = kmalloc(sizeof(*entry), GFP_NOFS); 1092 entry = kmalloc(sizeof(*entry), GFP_NOFS);
1093 mutex_lock(&tomoyo_policy_lock); 1093 if (mutex_lock_interruptible(&tomoyo_policy_lock))
1094 goto out;
1094 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { 1095 list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
1095 if (ptr->manager != saved_manager) 1096 if (ptr->manager != saved_manager)
1096 continue; 1097 continue;
@@ -1107,6 +1108,7 @@ static int tomoyo_update_manager_entry(const char *manager,
1107 error = 0; 1108 error = 0;
1108 } 1109 }
1109 mutex_unlock(&tomoyo_policy_lock); 1110 mutex_unlock(&tomoyo_policy_lock);
1111 out:
1110 tomoyo_put_name(saved_manager); 1112 tomoyo_put_name(saved_manager);
1111 kfree(entry); 1113 kfree(entry);
1112 return error; 1114 return error;
@@ -1287,7 +1289,8 @@ static int tomoyo_delete_domain(char *domainname)
1287 1289
1288 name.name = domainname; 1290 name.name = domainname;
1289 tomoyo_fill_path_info(&name); 1291 tomoyo_fill_path_info(&name);
1290 mutex_lock(&tomoyo_policy_lock); 1292 if (mutex_lock_interruptible(&tomoyo_policy_lock))
1293 return 0;
1291 /* Is there an active domain? */ 1294 /* Is there an active domain? */
1292 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 1295 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1293 /* Never delete tomoyo_kernel_domain */ 1296 /* Never delete tomoyo_kernel_domain */
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 67bd22dd3e68..52c9502ed675 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -662,7 +662,6 @@ extern struct list_head tomoyo_pattern_list;
662extern struct list_head tomoyo_no_rewrite_list; 662extern struct list_head tomoyo_no_rewrite_list;
663extern struct list_head tomoyo_policy_manager_list; 663extern struct list_head tomoyo_policy_manager_list;
664extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 664extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
665extern struct mutex tomoyo_name_list_lock;
666 665
667/* Lock for protecting policy. */ 666/* Lock for protecting policy. */
668extern struct mutex tomoyo_policy_lock; 667extern struct mutex tomoyo_policy_lock;
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index e1edec4a9b9d..a1723bbcde0e 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -154,7 +154,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
154 goto out; 154 goto out;
155 if (!is_delete) 155 if (!is_delete)
156 entry = kmalloc(sizeof(*entry), GFP_NOFS); 156 entry = kmalloc(sizeof(*entry), GFP_NOFS);
157 mutex_lock(&tomoyo_policy_lock); 157 if (mutex_lock_interruptible(&tomoyo_policy_lock))
158 goto out;
158 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) { 159 list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {
159 if (ptr->is_not != is_not || 160 if (ptr->is_not != is_not ||
160 ptr->domainname != saved_domainname || 161 ptr->domainname != saved_domainname ||
@@ -374,7 +375,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
374 goto out; 375 goto out;
375 if (!is_delete) 376 if (!is_delete)
376 entry = kmalloc(sizeof(*entry), GFP_NOFS); 377 entry = kmalloc(sizeof(*entry), GFP_NOFS);
377 mutex_lock(&tomoyo_policy_lock); 378 if (mutex_lock_interruptible(&tomoyo_policy_lock))
379 goto out;
378 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) { 380 list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
379 if (ptr->is_not != is_not || 381 if (ptr->is_not != is_not ||
380 ptr->domainname != saved_domainname || 382 ptr->domainname != saved_domainname ||
@@ -566,7 +568,8 @@ static int tomoyo_update_alias_entry(const char *original_name,
566 goto out; 568 goto out;
567 if (!is_delete) 569 if (!is_delete)
568 entry = kmalloc(sizeof(*entry), GFP_NOFS); 570 entry = kmalloc(sizeof(*entry), GFP_NOFS);
569 mutex_lock(&tomoyo_policy_lock); 571 if (mutex_lock_interruptible(&tomoyo_policy_lock))
572 goto out;
570 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) { 573 list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
571 if (ptr->original_name != saved_original_name || 574 if (ptr->original_name != saved_original_name ||
572 ptr->aliased_name != saved_aliased_name) 575 ptr->aliased_name != saved_aliased_name)
@@ -656,7 +659,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
656 const u8 profile) 659 const u8 profile)
657{ 660{
658 struct tomoyo_domain_info *entry; 661 struct tomoyo_domain_info *entry;
659 struct tomoyo_domain_info *domain; 662 struct tomoyo_domain_info *domain = NULL;
660 const struct tomoyo_path_info *saved_domainname; 663 const struct tomoyo_path_info *saved_domainname;
661 bool found = false; 664 bool found = false;
662 665
@@ -666,7 +669,8 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
666 if (!saved_domainname) 669 if (!saved_domainname)
667 return NULL; 670 return NULL;
668 entry = kzalloc(sizeof(*entry), GFP_NOFS); 671 entry = kzalloc(sizeof(*entry), GFP_NOFS);
669 mutex_lock(&tomoyo_policy_lock); 672 if (mutex_lock_interruptible(&tomoyo_policy_lock))
673 goto out;
670 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { 674 list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
671 if (domain->is_deleted || 675 if (domain->is_deleted ||
672 tomoyo_pathcmp(saved_domainname, domain->domainname)) 676 tomoyo_pathcmp(saved_domainname, domain->domainname))
@@ -685,6 +689,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
685 found = true; 689 found = true;
686 } 690 }
687 mutex_unlock(&tomoyo_policy_lock); 691 mutex_unlock(&tomoyo_policy_lock);
692 out:
688 tomoyo_put_name(saved_domainname); 693 tomoyo_put_name(saved_domainname);
689 kfree(entry); 694 kfree(entry);
690 return found ? domain : NULL; 695 return found ? domain : NULL;
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 0687ada28e82..060bbf3870ce 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -176,7 +176,8 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
176 return -ENOMEM; 176 return -ENOMEM;
177 if (!is_delete) 177 if (!is_delete)
178 entry = kmalloc(sizeof(*entry), GFP_NOFS); 178 entry = kmalloc(sizeof(*entry), GFP_NOFS);
179 mutex_lock(&tomoyo_policy_lock); 179 if (mutex_lock_interruptible(&tomoyo_policy_lock))
180 goto out;
180 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) { 181 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
181 if (ptr->filename != saved_filename) 182 if (ptr->filename != saved_filename)
182 continue; 183 continue;
@@ -192,6 +193,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
192 error = 0; 193 error = 0;
193 } 194 }
194 mutex_unlock(&tomoyo_policy_lock); 195 mutex_unlock(&tomoyo_policy_lock);
196 out:
195 tomoyo_put_name(saved_filename); 197 tomoyo_put_name(saved_filename);
196 kfree(entry); 198 kfree(entry);
197 return error; 199 return error;
@@ -323,7 +325,8 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
323 goto out; 325 goto out;
324 if (!is_delete) 326 if (!is_delete)
325 entry = kmalloc(sizeof(*entry), GFP_NOFS); 327 entry = kmalloc(sizeof(*entry), GFP_NOFS);
326 mutex_lock(&tomoyo_policy_lock); 328 if (mutex_lock_interruptible(&tomoyo_policy_lock))
329 goto out;
327 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) { 330 list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
328 if (saved_pattern != ptr->pattern) 331 if (saved_pattern != ptr->pattern)
329 continue; 332 continue;
@@ -476,7 +479,8 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
476 return error; 479 return error;
477 if (!is_delete) 480 if (!is_delete)
478 entry = kmalloc(sizeof(*entry), GFP_NOFS); 481 entry = kmalloc(sizeof(*entry), GFP_NOFS);
479 mutex_lock(&tomoyo_policy_lock); 482 if (mutex_lock_interruptible(&tomoyo_policy_lock))
483 goto out;
480 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) { 484 list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
481 if (ptr->pattern != saved_pattern) 485 if (ptr->pattern != saved_pattern)
482 continue; 486 continue;
@@ -492,6 +496,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
492 error = 0; 496 error = 0;
493 } 497 }
494 mutex_unlock(&tomoyo_policy_lock); 498 mutex_unlock(&tomoyo_policy_lock);
499 out:
495 tomoyo_put_name(saved_pattern); 500 tomoyo_put_name(saved_pattern);
496 kfree(entry); 501 kfree(entry);
497 return error; 502 return error;
@@ -822,7 +827,8 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
822 return -ENOMEM; 827 return -ENOMEM;
823 if (!is_delete) 828 if (!is_delete)
824 entry = kmalloc(sizeof(*entry), GFP_NOFS); 829 entry = kmalloc(sizeof(*entry), GFP_NOFS);
825 mutex_lock(&tomoyo_policy_lock); 830 if (mutex_lock_interruptible(&tomoyo_policy_lock))
831 goto out;
826 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { 832 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
827 struct tomoyo_path_acl *acl = 833 struct tomoyo_path_acl *acl =
828 container_of(ptr, struct tomoyo_path_acl, head); 834 container_of(ptr, struct tomoyo_path_acl, head);
@@ -867,6 +873,7 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
867 error = 0; 873 error = 0;
868 } 874 }
869 mutex_unlock(&tomoyo_policy_lock); 875 mutex_unlock(&tomoyo_policy_lock);
876 out:
870 kfree(entry); 877 kfree(entry);
871 tomoyo_put_name(saved_filename); 878 tomoyo_put_name(saved_filename);
872 return error; 879 return error;
@@ -908,7 +915,8 @@ static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
908 goto out; 915 goto out;
909 if (!is_delete) 916 if (!is_delete)
910 entry = kmalloc(sizeof(*entry), GFP_NOFS); 917 entry = kmalloc(sizeof(*entry), GFP_NOFS);
911 mutex_lock(&tomoyo_policy_lock); 918 if (mutex_lock_interruptible(&tomoyo_policy_lock))
919 goto out;
912 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { 920 list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
913 struct tomoyo_path2_acl *acl = 921 struct tomoyo_path2_acl *acl =
914 container_of(ptr, struct tomoyo_path2_acl, head); 922 container_of(ptr, struct tomoyo_path2_acl, head);
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index d9ad35bc7fa8..245bf422e3a5 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -151,7 +151,8 @@ static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)
151 151
152static void tomoyo_collect_entry(void) 152static void tomoyo_collect_entry(void)
153{ 153{
154 mutex_lock(&tomoyo_policy_lock); 154 if (mutex_lock_interruptible(&tomoyo_policy_lock))
155 return;
155 { 156 {
156 struct tomoyo_globally_readable_file_entry *ptr; 157 struct tomoyo_globally_readable_file_entry *ptr;
157 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, 158 list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
@@ -275,8 +276,6 @@ static void tomoyo_collect_entry(void)
275 break; 276 break;
276 } 277 }
277 } 278 }
278 mutex_unlock(&tomoyo_policy_lock);
279 mutex_lock(&tomoyo_name_list_lock);
280 { 279 {
281 int i; 280 int i;
282 for (i = 0; i < TOMOYO_MAX_HASH; i++) { 281 for (i = 0; i < TOMOYO_MAX_HASH; i++) {
@@ -294,7 +293,7 @@ static void tomoyo_collect_entry(void)
294 } 293 }
295 } 294 }
296 } 295 }
297 mutex_unlock(&tomoyo_name_list_lock); 296 mutex_unlock(&tomoyo_policy_lock);
298} 297}
299 298
300static void tomoyo_kfree_entry(void) 299static void tomoyo_kfree_entry(void)
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 6a51e0af2417..62062a68525a 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -240,8 +240,6 @@ void tomoyo_memory_free(void *ptr)
240 * "const struct tomoyo_path_info *". 240 * "const struct tomoyo_path_info *".
241 */ 241 */
242struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; 242struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
243/* Lock for protecting tomoyo_name_list . */
244DEFINE_MUTEX(tomoyo_name_list_lock);
245 243
246/** 244/**
247 * tomoyo_get_name - Allocate permanent memory for string data. 245 * tomoyo_get_name - Allocate permanent memory for string data.
@@ -263,7 +261,8 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
263 len = strlen(name) + 1; 261 len = strlen(name) + 1;
264 hash = full_name_hash((const unsigned char *) name, len - 1); 262 hash = full_name_hash((const unsigned char *) name, len - 1);
265 head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)]; 263 head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)];
266 mutex_lock(&tomoyo_name_list_lock); 264 if (mutex_lock_interruptible(&tomoyo_policy_lock))
265 return NULL;
267 list_for_each_entry(ptr, head, list) { 266 list_for_each_entry(ptr, head, list) {
268 if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name)) 267 if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name))
269 continue; 268 continue;
@@ -290,7 +289,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
290 tomoyo_fill_path_info(&ptr->entry); 289 tomoyo_fill_path_info(&ptr->entry);
291 list_add_tail(&ptr->list, head); 290 list_add_tail(&ptr->list, head);
292 out: 291 out:
293 mutex_unlock(&tomoyo_name_list_lock); 292 mutex_unlock(&tomoyo_policy_lock);
294 return ptr ? &ptr->entry : NULL; 293 return ptr ? &ptr->entry : NULL;
295} 294}
296 295