aboutsummaryrefslogtreecommitdiffstats
path: root/security/integrity/ima
diff options
context:
space:
mode:
Diffstat (limited to 'security/integrity/ima')
-rw-r--r--security/integrity/ima/ima.h4
-rw-r--r--security/integrity/ima/ima_iint.c4
-rw-r--r--security/integrity/ima/ima_main.c15
3 files changed, 14 insertions, 9 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 3d701084eac6..000d13ab1a2d 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -106,8 +106,8 @@ struct ima_iint_cache {
106 unsigned long flags; 106 unsigned long flags;
107 u8 digest[IMA_DIGEST_SIZE]; 107 u8 digest[IMA_DIGEST_SIZE];
108 struct mutex mutex; /* protects: version, flags, digest */ 108 struct mutex mutex; /* protects: version, flags, digest */
109 long readcount; /* measured files readcount */ 109 unsigned int readcount; /* measured files readcount */
110 long writecount; /* measured files writecount */ 110 unsigned int writecount;/* measured files writecount */
111 struct kref refcount; /* ima_iint_cache reference count */ 111 struct kref refcount; /* ima_iint_cache reference count */
112}; 112};
113 113
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
index 8e64313ed182..db71a13f27fe 100644
--- a/security/integrity/ima/ima_iint.c
+++ b/security/integrity/ima/ima_iint.c
@@ -125,12 +125,12 @@ void iint_free(struct kref *kref)
125 iint->version = 0; 125 iint->version = 0;
126 iint->flags = 0UL; 126 iint->flags = 0UL;
127 if (iint->readcount != 0) { 127 if (iint->readcount != 0) {
128 printk(KERN_INFO "%s: readcount: %ld\n", __func__, 128 printk(KERN_INFO "%s: readcount: %u\n", __func__,
129 iint->readcount); 129 iint->readcount);
130 iint->readcount = 0; 130 iint->readcount = 0;
131 } 131 }
132 if (iint->writecount != 0) { 132 if (iint->writecount != 0) {
133 printk(KERN_INFO "%s: writecount: %ld\n", __func__, 133 printk(KERN_INFO "%s: writecount: %u\n", __func__,
134 iint->writecount); 134 iint->writecount);
135 iint->writecount = 0; 135 iint->writecount = 0;
136 } 136 }
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 995bd1b98fa8..5a1bf3df11f8 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -178,11 +178,18 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
178 struct file *file) 178 struct file *file)
179{ 179{
180 mode_t mode = file->f_mode; 180 mode_t mode = file->f_mode;
181 bool dump = false;
182
181 BUG_ON(!mutex_is_locked(&iint->mutex)); 183 BUG_ON(!mutex_is_locked(&iint->mutex));
182 184
183 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) 185 if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
186 if (unlikely(iint->readcount == 0))
187 dump = true;
184 iint->readcount--; 188 iint->readcount--;
189 }
185 if (mode & FMODE_WRITE) { 190 if (mode & FMODE_WRITE) {
191 if (unlikely(iint->writecount == 0))
192 dump = true;
186 iint->writecount--; 193 iint->writecount--;
187 if (iint->writecount == 0) { 194 if (iint->writecount == 0) {
188 if (iint->version != inode->i_version) 195 if (iint->version != inode->i_version)
@@ -190,10 +197,8 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
190 } 197 }
191 } 198 }
192 199
193 if (((iint->readcount < 0) || 200 if (dump && !ima_limit_imbalance(file)) {
194 (iint->writecount < 0)) && 201 printk(KERN_INFO "%s: open/free imbalance (r:%u w:%u)\n",
195 !ima_limit_imbalance(file)) {
196 printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld)\n",
197 __func__, iint->readcount, iint->writecount); 202 __func__, iint->readcount, iint->writecount);
198 dump_stack(); 203 dump_stack();
199 } 204 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-11 02:39:11 -0500