1 files changed, 42 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 871e356e8d6c..f4e7266f5aee 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -66,6 +66,19 @@ void ima_file_free(struct file *file)
                return;
        mutex_lock(&iint->mutex);
+        if (iint->opencount <= 0) {
+                printk(KERN_INFO
+                       "%s: %s open/free imbalance (r:%ld w:%ld o:%ld f:%ld)\n",
+                       __FUNCTION__, file->f_dentry->d_name.name,
+                       iint->readcount, iint->writecount,
+                       iint->opencount, atomic_long_read(&file->f_count));
+                if (!(iint->flags & IMA_IINT_DUMP_STACK)) {
+                        dump_stack();
+                        iint->flags |= IMA_IINT_DUMP_STACK;
+                }
+        }
+        iint->opencount--;
        if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
                iint->readcount--;
@@ -119,6 +132,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file,
                pr_info("%s dentry_open failed\n", filename);
                return rc;
        }
+        iint->opencount++;
        iint->readcount++;
        rc = ima_collect_measurement(iint, file);
@@ -159,6 +173,7 @@ int ima_path_check(struct path *path, int mask)
                return 0;
        mutex_lock(&iint->mutex);
+        iint->opencount++;
        if ((mask & MAY_WRITE) || (mask == 0))
                iint->writecount++;
        else if (mask & (MAY_READ | MAY_EXEC))
@@ -219,6 +234,21 @@ out:
        return rc;
 }
+static void opencount_get(struct file *file)
+{
+        struct inode *inode = file->f_dentry->d_inode;
+        struct ima_iint_cache *iint;
+        if (!ima_initialized || !S_ISREG(inode->i_mode))
+                return;
+        iint = ima_iint_find_insert_get(inode);
+        if (!iint)
+                return;
+        mutex_lock(&iint->mutex);
+        iint->opencount++;
+        mutex_unlock(&iint->mutex);
+}
 /**
 * ima_file_mmap - based on policy, collect/store measurement.
 * @file: pointer to the file to be measured (May be NULL)
@@ -242,6 +272,18 @@ int ima_file_mmap(struct file *file, unsigned long prot)
        return 0;
 }
+/*
+ * ima_shm_check - IPC shm and shmat create/fput a file
+ *
+ * Maintain the opencount for these files to prevent unnecessary
+ * imbalance messages.
+ */
+void ima_shm_check(struct file *file)
+{
+        opencount_get(file);
+        return;
+}
 /**
 * ima_bprm_check - based on policy, collect/store measurement.
 * @bprm: contains the linux_binprm structure

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 871e356e8d6c..f4e7266f5aee 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c
@@ -66,6 +66,19 @@ void ima_file_free(struct file *file)
66	return;	66	return;
67		67
68	mutex_lock(&iint->mutex);	68	mutex_lock(&iint->mutex);
		69	if (iint->opencount <= 0) {
		70	printk(KERN_INFO
		71	"%s: %s open/free imbalance (r:%ld w:%ld o:%ld f:%ld)\n",
		72	__FUNCTION__, file->f_dentry->d_name.name,
		73	iint->readcount, iint->writecount,
		74	iint->opencount, atomic_long_read(&file->f_count));
		75	if (!(iint->flags & IMA_IINT_DUMP_STACK)) {
		76	dump_stack();
		77	iint->flags \|= IMA_IINT_DUMP_STACK;
		78	}
		79	}
		80	iint->opencount--;
		81
69	if ((file->f_mode & (FMODE_READ \| FMODE_WRITE)) == FMODE_READ)	82	if ((file->f_mode & (FMODE_READ \| FMODE_WRITE)) == FMODE_READ)
70	iint->readcount--;	83	iint->readcount--;
71		84
@@ -119,6 +132,7 @@ static int get_path_measurement(struct ima_iint_cache iint, struct file file,
119	pr_info("%s dentry_open failed\n", filename);	132	pr_info("%s dentry_open failed\n", filename);
120	return rc;	133	return rc;
121	}	134	}
		135	iint->opencount++;
122	iint->readcount++;	136	iint->readcount++;
123		137
124	rc = ima_collect_measurement(iint, file);	138	rc = ima_collect_measurement(iint, file);
@@ -159,6 +173,7 @@ int ima_path_check(struct path *path, int mask)
159	return 0;	173	return 0;
160		174
161	mutex_lock(&iint->mutex);	175	mutex_lock(&iint->mutex);
		176	iint->opencount++;
162	if ((mask & MAY_WRITE) \|\| (mask == 0))	177	if ((mask & MAY_WRITE) \|\| (mask == 0))
163	iint->writecount++;	178	iint->writecount++;
164	else if (mask & (MAY_READ \| MAY_EXEC))	179	else if (mask & (MAY_READ \| MAY_EXEC))
@@ -219,6 +234,21 @@ out:
219	return rc;	234	return rc;
220	}	235	}
221		236
		237	static void opencount_get(struct file *file)
		238	{
		239	struct inode *inode = file->f_dentry->d_inode;
		240	struct ima_iint_cache *iint;
		241
		242	if (!ima_initialized \|\| !S_ISREG(inode->i_mode))
		243	return;
		244	iint = ima_iint_find_insert_get(inode);
		245	if (!iint)
		246	return;
		247	mutex_lock(&iint->mutex);
		248	iint->opencount++;
		249	mutex_unlock(&iint->mutex);
		250	}
		251
222	/**	252	/**
223	* ima_file_mmap - based on policy, collect/store measurement.	253	* ima_file_mmap - based on policy, collect/store measurement.
224	* @file: pointer to the file to be measured (May be NULL)	254	* @file: pointer to the file to be measured (May be NULL)
@@ -242,6 +272,18 @@ int ima_file_mmap(struct file *file, unsigned long prot)
242	return 0;	272	return 0;
243	}	273	}
244		274
		275	/*
		276	* ima_shm_check - IPC shm and shmat create/fput a file
		277	*
		278	* Maintain the opencount for these files to prevent unnecessary
		279	* imbalance messages.
		280	*/
		281	void ima_shm_check(struct file *file)
		282	{
		283	opencount_get(file);
		284	return;
		285	}
		286
245	/**	287	/**
246	* ima_bprm_check - based on policy, collect/store measurement.	288	* ima_bprm_check - based on policy, collect/store measurement.
247	* @bprm: contains the linux_binprm structure	289	* @bprm: contains the linux_binprm structure