aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/ima/ima_main.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/ima/ima_main.c')
-rw-r--r--security/integrity/ima/ima_main.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 995bd1b98fa8..5a1bf3df11f8 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -178,11 +178,18 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
178 struct file *file) 178 struct file *file)
179{ 179{
180 mode_t mode = file->f_mode; 180 mode_t mode = file->f_mode;
181 bool dump = false;
182
181 BUG_ON(!mutex_is_locked(&iint->mutex)); 183 BUG_ON(!mutex_is_locked(&iint->mutex));
182 184
183 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) 185 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
186 if (unlikely(iint->readcount == 0))
187 dump = true;
184 iint->readcount--; 188 iint->readcount--;
189 }
185 if (mode & FMODE_WRITE) { 190 if (mode & FMODE_WRITE) {
191 if (unlikely(iint->writecount == 0))
192 dump = true;
186 iint->writecount--; 193 iint->writecount--;
187 if (iint->writecount == 0) { 194 if (iint->writecount == 0) {
188 if (iint->version != inode->i_version) 195 if (iint->version != inode->i_version)
@@ -190,10 +197,8 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
190 } 197 }
191 } 198 }
192 199
193 if (((iint->readcount < 0) || 200 if (dump && !ima_limit_imbalance(file)) {
194 (iint->writecount < 0)) && 201 printk(KERN_INFO "%s: open/free imbalance (r:%u w:%u)\n",
195 !ima_limit_imbalance(file)) {
196 printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld)\n",
197 __func__, iint->readcount, iint->writecount); 202 __func__, iint->readcount, iint->writecount);
198 dump_stack(); 203 dump_stack();
199 } 204 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-18 13:05:51 -0500