diff options
| -rw-r--r-- | security/keys/process_keys.c | 7 | ||||
| -rw-r--r-- | security/selinux/selinuxfs.c | 19 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 9 |
3 files changed, 19 insertions, 16 deletions
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 74cb79eb917e..f6940618e345 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c | |||
| @@ -16,11 +16,12 @@ | |||
| 16 | #include <linux/keyctl.h> | 16 | #include <linux/keyctl.h> |
| 17 | #include <linux/fs.h> | 17 | #include <linux/fs.h> |
| 18 | #include <linux/err.h> | 18 | #include <linux/err.h> |
| 19 | #include <linux/mutex.h> | ||
| 19 | #include <asm/uaccess.h> | 20 | #include <asm/uaccess.h> |
| 20 | #include "internal.h" | 21 | #include "internal.h" |
| 21 | 22 | ||
| 22 | /* session keyring create vs join semaphore */ | 23 | /* session keyring create vs join semaphore */ |
| 23 | static DECLARE_MUTEX(key_session_sem); | 24 | static DEFINE_MUTEX(key_session_mutex); |
| 24 | 25 | ||
| 25 | /* the root user's tracking struct */ | 26 | /* the root user's tracking struct */ |
| 26 | struct key_user root_key_user = { | 27 | struct key_user root_key_user = { |
| @@ -711,7 +712,7 @@ long join_session_keyring(const char *name) | |||
| 711 | } | 712 | } |
| 712 | 713 | ||
| 713 | /* allow the user to join or create a named keyring */ | 714 | /* allow the user to join or create a named keyring */ |
| 714 | down(&key_session_sem); | 715 | mutex_lock(&key_session_mutex); |
| 715 | 716 | ||
| 716 | /* look for an existing keyring of this name */ | 717 | /* look for an existing keyring of this name */ |
| 717 | keyring = find_keyring_by_name(name, 0); | 718 | keyring = find_keyring_by_name(name, 0); |
| @@ -737,7 +738,7 @@ long join_session_keyring(const char *name) | |||
| 737 | key_put(keyring); | 738 | key_put(keyring); |
| 738 | 739 | ||
| 739 | error2: | 740 | error2: |
| 740 | up(&key_session_sem); | 741 | mutex_unlock(&key_session_mutex); |
| 741 | error: | 742 | error: |
| 742 | return ret; | 743 | return ret; |
| 743 | 744 | ||
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index b5fa02d17b1e..65efa8f76331 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -15,6 +15,7 @@ | |||
| 15 | #include <linux/slab.h> | 15 | #include <linux/slab.h> |
| 16 | #include <linux/vmalloc.h> | 16 | #include <linux/vmalloc.h> |
| 17 | #include <linux/fs.h> | 17 | #include <linux/fs.h> |
| 18 | #include <linux/mutex.h> | ||
| 18 | #include <linux/init.h> | 19 | #include <linux/init.h> |
| 19 | #include <linux/string.h> | 20 | #include <linux/string.h> |
| 20 | #include <linux/security.h> | 21 | #include <linux/security.h> |
| @@ -44,7 +45,7 @@ static int __init checkreqprot_setup(char *str) | |||
| 44 | __setup("checkreqprot=", checkreqprot_setup); | 45 | __setup("checkreqprot=", checkreqprot_setup); |
| 45 | 46 | ||
| 46 | 47 | ||
| 47 | static DECLARE_MUTEX(sel_sem); | 48 | static DEFINE_MUTEX(sel_mutex); |
| 48 | 49 | ||
| 49 | /* global data for booleans */ | 50 | /* global data for booleans */ |
| 50 | static struct dentry *bool_dir = NULL; | 51 | static struct dentry *bool_dir = NULL; |
| @@ -230,7 +231,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, | |||
| 230 | ssize_t length; | 231 | ssize_t length; |
| 231 | void *data = NULL; | 232 | void *data = NULL; |
| 232 | 233 | ||
| 233 | down(&sel_sem); | 234 | mutex_lock(&sel_mutex); |
| 234 | 235 | ||
| 235 | length = task_has_security(current, SECURITY__LOAD_POLICY); | 236 | length = task_has_security(current, SECURITY__LOAD_POLICY); |
| 236 | if (length) | 237 | if (length) |
| @@ -262,7 +263,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, | |||
| 262 | else | 263 | else |
| 263 | length = count; | 264 | length = count; |
| 264 | out: | 265 | out: |
| 265 | up(&sel_sem); | 266 | mutex_unlock(&sel_mutex); |
| 266 | vfree(data); | 267 | vfree(data); |
| 267 | return length; | 268 | return length; |
| 268 | } | 269 | } |
| @@ -714,7 +715,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |||
| 714 | int cur_enforcing; | 715 | int cur_enforcing; |
| 715 | struct inode *inode; | 716 | struct inode *inode; |
| 716 | 717 | ||
| 717 | down(&sel_sem); | 718 | mutex_lock(&sel_mutex); |
| 718 | 719 | ||
| 719 | ret = -EFAULT; | 720 | ret = -EFAULT; |
| 720 | 721 | ||
| @@ -759,7 +760,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, | |||
| 759 | *ppos = end; | 760 | *ppos = end; |
| 760 | ret = count; | 761 | ret = count; |
| 761 | out: | 762 | out: |
| 762 | up(&sel_sem); | 763 | mutex_unlock(&sel_mutex); |
| 763 | if (page) | 764 | if (page) |
| 764 | free_page((unsigned long)page); | 765 | free_page((unsigned long)page); |
| 765 | return ret; | 766 | return ret; |
| @@ -773,7 +774,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
| 773 | int new_value; | 774 | int new_value; |
| 774 | struct inode *inode; | 775 | struct inode *inode; |
| 775 | 776 | ||
| 776 | down(&sel_sem); | 777 | mutex_lock(&sel_mutex); |
| 777 | 778 | ||
| 778 | length = task_has_security(current, SECURITY__SETBOOL); | 779 | length = task_has_security(current, SECURITY__SETBOOL); |
| 779 | if (length) | 780 | if (length) |
| @@ -812,7 +813,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, | |||
| 812 | length = count; | 813 | length = count; |
| 813 | 814 | ||
| 814 | out: | 815 | out: |
| 815 | up(&sel_sem); | 816 | mutex_unlock(&sel_mutex); |
| 816 | if (page) | 817 | if (page) |
| 817 | free_page((unsigned long) page); | 818 | free_page((unsigned long) page); |
| 818 | return length; | 819 | return length; |
| @@ -831,7 +832,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, | |||
| 831 | ssize_t length = -EFAULT; | 832 | ssize_t length = -EFAULT; |
| 832 | int new_value; | 833 | int new_value; |
| 833 | 834 | ||
| 834 | down(&sel_sem); | 835 | mutex_lock(&sel_mutex); |
| 835 | 836 | ||
| 836 | length = task_has_security(current, SECURITY__SETBOOL); | 837 | length = task_has_security(current, SECURITY__SETBOOL); |
| 837 | if (length) | 838 | if (length) |
| @@ -869,7 +870,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, | |||
| 869 | length = count; | 870 | length = count; |
| 870 | 871 | ||
| 871 | out: | 872 | out: |
| 872 | up(&sel_sem); | 873 | mutex_unlock(&sel_mutex); |
| 873 | if (page) | 874 | if (page) |
| 874 | free_page((unsigned long) page); | 875 | free_page((unsigned long) page); |
| 875 | return length; | 876 | return length; |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 8a764928ff4b..63e0b7f29cb5 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -27,7 +27,8 @@ | |||
| 27 | #include <linux/in.h> | 27 | #include <linux/in.h> |
| 28 | #include <linux/sched.h> | 28 | #include <linux/sched.h> |
| 29 | #include <linux/audit.h> | 29 | #include <linux/audit.h> |
| 30 | #include <asm/semaphore.h> | 30 | #include <linux/mutex.h> |
| 31 | |||
| 31 | #include "flask.h" | 32 | #include "flask.h" |
| 32 | #include "avc.h" | 33 | #include "avc.h" |
| 33 | #include "avc_ss.h" | 34 | #include "avc_ss.h" |
| @@ -48,9 +49,9 @@ static DEFINE_RWLOCK(policy_rwlock); | |||
| 48 | #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) | 49 | #define POLICY_RDUNLOCK read_unlock(&policy_rwlock) |
| 49 | #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) | 50 | #define POLICY_WRUNLOCK write_unlock_irq(&policy_rwlock) |
| 50 | 51 | ||
| 51 | static DECLARE_MUTEX(load_sem); | 52 | static DEFINE_MUTEX(load_mutex); |
| 52 | #define LOAD_LOCK down(&load_sem) | 53 | #define LOAD_LOCK mutex_lock(&load_mutex) |
| 53 | #define LOAD_UNLOCK up(&load_sem) | 54 | #define LOAD_UNLOCK mutex_unlock(&load_mutex) |
| 54 | 55 | ||
| 55 | static struct sidtab sidtab; | 56 | static struct sidtab sidtab; |
| 56 | struct policydb policydb; | 57 | struct policydb policydb; |