diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2009-12-07 19:34:43 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-12-14 23:46:31 -0500 |
| commit | fdb8ebb729bbb640e64028a4f579a02ebc405727 (patch) | |
| tree | 9dfca7422cb858cd05208734affab31d980030fe /security | |
| parent | 86fc80f16e8a2449d5827bf1a9838b7fd9f70097 (diff) | |
TOMOYO: Use RCU primitives for list operation
Replace list operation with RCU primitives and replace
down_read()/up_read() with srcu_read_lock()/srcu_read_unlock().
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/tomoyo/common.c | 90 | ||||
| -rw-r--r-- | security/tomoyo/common.h | 28 | ||||
| -rw-r--r-- | security/tomoyo/domain.c | 63 | ||||
| -rw-r--r-- | security/tomoyo/file.c | 110 | ||||
| -rw-r--r-- | security/tomoyo/realpath.c | 8 | ||||
| -rw-r--r-- | security/tomoyo/tomoyo.c | 20 |
6 files changed, 207 insertions, 112 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 6c6061682438..f01b9364db2d 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
| @@ -365,10 +365,9 @@ bool tomoyo_is_domain_def(const unsigned char *buffer) | |||
| 365 | * | 365 | * |
| 366 | * @domainname: The domainname to find. | 366 | * @domainname: The domainname to find. |
| 367 | * | 367 | * |
| 368 | * Caller must call down_read(&tomoyo_domain_list_lock); or | ||
| 369 | * down_write(&tomoyo_domain_list_lock); . | ||
| 370 | * | ||
| 371 | * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. | 368 | * Returns pointer to "struct tomoyo_domain_info" if found, NULL otherwise. |
| 369 | * | ||
| 370 | * Caller holds tomoyo_read_lock(). | ||
| 372 | */ | 371 | */ |
| 373 | struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) | 372 | struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) |
| 374 | { | 373 | { |
| @@ -377,7 +376,7 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) | |||
| 377 | 376 | ||
| 378 | name.name = domainname; | 377 | name.name = domainname; |
| 379 | tomoyo_fill_path_info(&name); | 378 | tomoyo_fill_path_info(&name); |
| 380 | list_for_each_entry(domain, &tomoyo_domain_list, list) { | 379 | list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) { |
| 381 | if (!domain->is_deleted && | 380 | if (!domain->is_deleted && |
| 382 | !tomoyo_pathcmp(&name, domain->domainname)) | 381 | !tomoyo_pathcmp(&name, domain->domainname)) |
| 383 | return domain; | 382 | return domain; |
| @@ -829,6 +828,8 @@ bool tomoyo_verbose_mode(const struct tomoyo_domain_info *domain) | |||
| 829 | * @domain: Pointer to "struct tomoyo_domain_info". | 828 | * @domain: Pointer to "struct tomoyo_domain_info". |
| 830 | * | 829 | * |
| 831 | * Returns true if the domain is not exceeded quota, false otherwise. | 830 | * Returns true if the domain is not exceeded quota, false otherwise. |
| 831 | * | ||
| 832 | * Caller holds tomoyo_read_lock(). | ||
| 832 | */ | 833 | */ |
| 833 | bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) | 834 | bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) |
| 834 | { | 835 | { |
| @@ -837,8 +838,7 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) | |||
| 837 | 838 | ||
| 838 | if (!domain) | 839 | if (!domain) |
| 839 | return true; | 840 | return true; |
| 840 | down_read(&tomoyo_domain_acl_info_list_lock); | 841 | list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) { |
| 841 | list_for_each_entry(ptr, &domain->acl_info_list, list) { | ||
| 842 | if (ptr->type & TOMOYO_ACL_DELETED) | 842 | if (ptr->type & TOMOYO_ACL_DELETED) |
| 843 | continue; | 843 | continue; |
| 844 | switch (tomoyo_acl_type2(ptr)) { | 844 | switch (tomoyo_acl_type2(ptr)) { |
| @@ -866,7 +866,6 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain) | |||
| 866 | break; | 866 | break; |
| 867 | } | 867 | } |
| 868 | } | 868 | } |
| 869 | up_read(&tomoyo_domain_acl_info_list_lock); | ||
| 870 | if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) | 869 | if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY)) |
| 871 | return true; | 870 | return true; |
| 872 | if (!domain->quota_warned) { | 871 | if (!domain->quota_warned) { |
| @@ -1096,6 +1095,8 @@ static DECLARE_RWSEM(tomoyo_policy_manager_list_lock); | |||
| 1096 | * @is_delete: True if it is a delete request. | 1095 | * @is_delete: True if it is a delete request. |
| 1097 | * | 1096 | * |
| 1098 | * Returns 0 on success, negative value otherwise. | 1097 | * Returns 0 on success, negative value otherwise. |
| 1098 | * | ||
| 1099 | * Caller holds tomoyo_read_lock(). | ||
| 1099 | */ | 1100 | */ |
| 1100 | static int tomoyo_update_manager_entry(const char *manager, | 1101 | static int tomoyo_update_manager_entry(const char *manager, |
| 1101 | const bool is_delete) | 1102 | const bool is_delete) |
| @@ -1118,7 +1119,7 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
| 1118 | if (!saved_manager) | 1119 | if (!saved_manager) |
| 1119 | return -ENOMEM; | 1120 | return -ENOMEM; |
| 1120 | down_write(&tomoyo_policy_manager_list_lock); | 1121 | down_write(&tomoyo_policy_manager_list_lock); |
| 1121 | list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { | 1122 | list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { |
| 1122 | if (ptr->manager != saved_manager) | 1123 | if (ptr->manager != saved_manager) |
| 1123 | continue; | 1124 | continue; |
| 1124 | ptr->is_deleted = is_delete; | 1125 | ptr->is_deleted = is_delete; |
| @@ -1134,7 +1135,7 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
| 1134 | goto out; | 1135 | goto out; |
| 1135 | new_entry->manager = saved_manager; | 1136 | new_entry->manager = saved_manager; |
| 1136 | new_entry->is_domain = is_domain; | 1137 | new_entry->is_domain = is_domain; |
| 1137 | list_add_tail(&new_entry->list, &tomoyo_policy_manager_list); | 1138 | list_add_tail_rcu(&new_entry->list, &tomoyo_policy_manager_list); |
| 1138 | error = 0; | 1139 | error = 0; |
| 1139 | out: | 1140 | out: |
| 1140 | up_write(&tomoyo_policy_manager_list_lock); | 1141 | up_write(&tomoyo_policy_manager_list_lock); |
| @@ -1147,6 +1148,8 @@ static int tomoyo_update_manager_entry(const char *manager, | |||
| 1147 | * @head: Pointer to "struct tomoyo_io_buffer". | 1148 | * @head: Pointer to "struct tomoyo_io_buffer". |
| 1148 | * | 1149 | * |
| 1149 | * Returns 0 on success, negative value otherwise. | 1150 | * Returns 0 on success, negative value otherwise. |
| 1151 | * | ||
| 1152 | * Caller holds tomoyo_read_lock(). | ||
| 1150 | */ | 1153 | */ |
| 1151 | static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) | 1154 | static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) |
| 1152 | { | 1155 | { |
| @@ -1166,6 +1169,8 @@ static int tomoyo_write_manager_policy(struct tomoyo_io_buffer *head) | |||
| 1166 | * @head: Pointer to "struct tomoyo_io_buffer". | 1169 | * @head: Pointer to "struct tomoyo_io_buffer". |
| 1167 | * | 1170 | * |
| 1168 | * Returns 0. | 1171 | * Returns 0. |
| 1172 | * | ||
| 1173 | * Caller holds tomoyo_read_lock(). | ||
| 1169 | */ | 1174 | */ |
| 1170 | static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | 1175 | static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) |
| 1171 | { | 1176 | { |
| @@ -1174,7 +1179,6 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | |||
| 1174 | 1179 | ||
| 1175 | if (head->read_eof) | 1180 | if (head->read_eof) |
| 1176 | return 0; | 1181 | return 0; |
| 1177 | down_read(&tomoyo_policy_manager_list_lock); | ||
| 1178 | list_for_each_cookie(pos, head->read_var2, | 1182 | list_for_each_cookie(pos, head->read_var2, |
| 1179 | &tomoyo_policy_manager_list) { | 1183 | &tomoyo_policy_manager_list) { |
| 1180 | struct tomoyo_policy_manager_entry *ptr; | 1184 | struct tomoyo_policy_manager_entry *ptr; |
| @@ -1186,7 +1190,6 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | |||
| 1186 | if (!done) | 1190 | if (!done) |
| 1187 | break; | 1191 | break; |
| 1188 | } | 1192 | } |
| 1189 | up_read(&tomoyo_policy_manager_list_lock); | ||
| 1190 | head->read_eof = done; | 1193 | head->read_eof = done; |
| 1191 | return 0; | 1194 | return 0; |
| 1192 | } | 1195 | } |
| @@ -1196,6 +1199,8 @@ static int tomoyo_read_manager_policy(struct tomoyo_io_buffer *head) | |||
| 1196 | * | 1199 | * |
| 1197 | * Returns true if the current process is permitted to modify policy | 1200 | * Returns true if the current process is permitted to modify policy |
| 1198 | * via /sys/kernel/security/tomoyo/ interface. | 1201 | * via /sys/kernel/security/tomoyo/ interface. |
| 1202 | * | ||
| 1203 | * Caller holds tomoyo_read_lock(). | ||
| 1199 | */ | 1204 | */ |
| 1200 | static bool tomoyo_is_policy_manager(void) | 1205 | static bool tomoyo_is_policy_manager(void) |
| 1201 | { | 1206 | { |
| @@ -1209,29 +1214,25 @@ static bool tomoyo_is_policy_manager(void) | |||
| 1209 | return true; | 1214 | return true; |
| 1210 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) | 1215 | if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid)) |
| 1211 | return false; | 1216 | return false; |
| 1212 | down_read(&tomoyo_policy_manager_list_lock); | 1217 | list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { |
| 1213 | list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { | ||
| 1214 | if (!ptr->is_deleted && ptr->is_domain | 1218 | if (!ptr->is_deleted && ptr->is_domain |
| 1215 | && !tomoyo_pathcmp(domainname, ptr->manager)) { | 1219 | && !tomoyo_pathcmp(domainname, ptr->manager)) { |
| 1216 | found = true; | 1220 | found = true; |
| 1217 | break; | 1221 | break; |
| 1218 | } | 1222 | } |
| 1219 | } | 1223 | } |
| 1220 | up_read(&tomoyo_policy_manager_list_lock); | ||
| 1221 | if (found) | 1224 | if (found) |
| 1222 | return true; | 1225 | return true; |
| 1223 | exe = tomoyo_get_exe(); | 1226 | exe = tomoyo_get_exe(); |
| 1224 | if (!exe) | 1227 | if (!exe) |
| 1225 | return false; | 1228 | return false; |
| 1226 | down_read(&tomoyo_policy_manager_list_lock); | 1229 | list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) { |
| 1227 | list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) { | ||
| 1228 | if (!ptr->is_deleted && !ptr->i | ||
