diff options
-rw-r--r-- | security/keys/process_keys.c | 7 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 19 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 9 |
3 files changed, 19 insertions, 16 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 74cb79eb917e..f6940618e345 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
@@ -16,11 +16,12 @@ | |||
16 | #include <linux/keyctl.h> | 16 | #include <linux/keyctl.h> |
17 | #include <linux/fs.h> | 17 | #include <linux/fs.h> |
18 | #include <linux/err.h> | 18 | #include <linux/err.h> |
19 | #include <linux/mutex.h> | ||
19 | #include <asm/uaccess.h> | 20 | #include <asm/uaccess.h> |
20 | #include "internal.h" | 21 | #include "internal.h" |
21 | 22 | ||
22 | /* session keyring create vs join semaphore */ | 23 | /* session keyring create vs join semaphore */ |
23 | static DECLARE_MUTEX(key_session_sem); | 24 | static DEFINE_MUTEX(key_session_mutex); |
24 | 25 | ||
25 | /* the root user's tracking struct */ | 26 | /* the root user's tracking struct */ |
26 | struct key_user root_key_user = { | 27 | struct key_user root_key_user = { |
@@ -711,7 +712,7 @@ long join_session_keyring(const char *name) | |||
711 | } | 712 | } |
712 | 713 | ||
713 | /* allow the user to join or create a named keyring */ | 714 | /* allow the user to join or create a named keyring */ |
714 | down(&key_session_sem); | 715 | mutex_lock(&key_session_mutex); |
715 | 716 | ||
716 | /* look for an existing keyring of this name */ | 717 | /* look for an existing keyring of this name */ |
717 | keyring = find_keyring_by_name(name, 0); | 718 | keyring = find_keyring_by_name(name, 0); |
@@ -737,7 +738,7 @@ long join_session_keyring(const char *name) | |||
737 | key_put(keyring); | 738 | key_put(keyring); |
738 | 739 | ||
739 | error2: | 740 | error2: |
740 | up(&key_session_sem); | 741 | mutex_unlock(&key_session_mutex); |
741 | error: | 742 | error: |
742 | return ret; | 743 | return ret; |
743 | 744 | ||
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index b5fa02d17b1e..65efa8f76331 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/slab.h> | 15 | #include <linux/slab.h> |
16 | #include <linux/vmalloc.h> | 16 | #include <linux/vmalloc.h> |
17 | #include <linux/fs.h> | 17 | #include <linux/fs.h> |
18 | #include <linux/mutex.h> | ||
18 | #include <linux/init.h> | 19 | #include <linux/init.h> |
19 | #include <linux/string.h> | 20 | #include <linux/string.h> |
20 | #include <linux/security.h> | 21 | #include <linux/security.h> |
@@ -44,7 +45,7 @@ static int __init checkreqprot_setup(char *str) | |||
44 | __setup("checkreqprot=", checkreqprot_setup); | 45 | __setup("checkreqprot=", checkreqprot_setup); |
45 | 46 | ||
46 | 47 | ||
47 | static DECLARE_MUTEX(sel_sem); | 48 | static DEFINE_MUTEX(sel_mutex); |
48 | 49 | ||
49 | /* global data for booleans */ | 50 | /* global data for booleans */ |
50 | static struct dentry *bool_dir = NULL; | 51 | static struct dentry *bool_dir = NULL; |
@@ -230,7 +231,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, | |||
230 | ssize_t length; | 231 | ssize_t length; |
231 | void *data = NULL; | 232 | void *data = NULL; |
232 | 233 | ||
233 | down(&sel_sem); | 234 | mutex_lock(&sel_mutex); |
234 | 235 | ||
235 | length = task_has_security(current, SECURITY__LOAD_POLICY); | 236 | length = task_has_security(current, SECURITY__LOAD_POLICY); |
236 | if (length) | 237 | if (length) |
@@ -262,7 +263,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, | |||
262 | else | 263 | else |
263 | length = count; | 264 | length = count; |
264 | out: | 265 | out: |
265 | up(&sel_sem); | 266 | mutex_unlock(&sel_mutex); |
266 | vfree(data); | 267 | vfree(data); |
267 | return length; | 268 | return length; |
268 | } | 269 | } |
@@ -714,7 +715,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |||
714 | int cur_enforcing; | 715 | int cur_enforcing; |
715 | struct inode *inode; | 716 | struct inode *inode; |
716 | 717 | ||
717 | down(&sel_sem); | 718 | mutex_lock(&sel_mutex); |
718 | 719 | ||
719 | ret = -EFAULT; | 720 | ret = -EFAULT; |
720 | 721 | ||
@@ -759,7 +760,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |||
759 | *ppos = end; | 760 | *ppos = end; |
760 | ret = count; | 761 | ret = count; |
761 | out: | 762 | out: |
762 | up(&sel_sem); | 763 | mutex_unlock(&sel_mutex); |
763 | if (page) | 764 | if (page) |
764 | free_page((unsigned long)page); | 765 | free_page((unsigned long)page); |
765 | return ret; | 766 | return ret; |
@@ -773,7 +774,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
773 | int new_value; | 774 | int new_value; |
774 | struct inode *inode; | 775 | struct inode *inode; |
775 | 776 | ||
776 | down(&sel_sem); | 777 | mutex_lock(&sel_mutex); |
777 | 778 | ||
778 | length = task_has_security(current, SECURITY__SETBOOL); | 779 | length = task_has_security(current, SECURITY__SETBOOL); |
779 | if (length) | 780 | if (length) |
@@ -812,7 +813,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
812 | length = count; | 813 | length = count; |
813 | 814 | ||
814 | out: | 815 | out: |
815 | up(&sel_sem); | 816 | mutex_unlock(&sel_mutex); |
816 | if (page) | 817 | if (page) |
817 | free_page((unsigned long) page); | 818 | free_page((unsigned long) page); |
818 | return length; | 819 | return length; |
@@ -831,7 +832,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, | |||
831 | ssize_t length = -EFAULT; | 832 | ssize_t length = -EFAULT; |
832 | int new_value; | 833 | int new_value; |
833 | 834 | ||
834 | down(&sel_sem); | 835 | mutex_lock(&sel_mutex); |
835 | 836 | ||
836 | length = task_has_security(current, SECURITY__SETBOOL); | 837 | length = task_has_security(current, SECURITY__SETBOOL); |
837 | if (length) | 838 | if (length) |
@@ -869,7 +870,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, | |||
869 | length = count; | 870 | length = count; |
870 | 871 | ||
871 | out: | 872 | out: |
872 | up(&sel_sem); | 873 | mutex_unlock(&sel_mutex); |
873 | if (page) | 874 | if (page) |
874 | free_page((unsigned long) page); | 875 | free_page((unsigned long) page); |
875 | return length; | 876 | return length; |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 8a764928ff4b..63e0b7f29cb5 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -27,7 +27,8 @@ | |||
27 | #include <linux/in.h> | 27 | #include <linux/in.h> |
28 | #include <linux/sched.h> | 28 | #include <linux/sched.h> |
29 | #include <linux/audit.h> | 29 | #include <linux/audit.h> |
30 | #include <asm/semaphore.h> | 30 | #include <linux/mutex.h> |
31 | |||
31 | #include "flask.h" | 32 | #include "flask.h" |
32 | #include "avc.h" | 33 | #include "avc.h" |
33 | #include "avc_ss.h" | 34 | #include "avc_ss.h" |
@@ -48,9 +49,9 @@ static DEFINE_RWLOCK(policy_rwlock); | |||
48 | #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) | 49 | #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) |
49 | #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) | 50 | #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) |
50 | 51 | ||
51 | static DECLARE_MUTEX(load_sem); | 52 | static DEFINE_MUTEX(load_mutex); |
52 | #define LOAD_LOCK down(&load_sem) | 53 | #define LOAD_LOCK mutex_lock(&load_mutex) |
53 | #define LOAD_UNLOCK up(&load_sem) | 54 | #define LOAD_UNLOCK mutex_unlock(&load_mutex) |
54 | 55 | ||
55 | static struct sidtab sidtab; | 56 | static struct sidtab sidtab; |
56 | struct policydb policydb; | 57 | struct policydb policydb; |