diff options
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/ima/ima_iint.c | 16 | ||||
-rw-r--r-- | security/integrity/ima/ima_main.c | 1 |
2 files changed, 12 insertions, 5 deletions
diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 969a1c1cb333..c442e47b6785 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c | |||
@@ -59,6 +59,9 @@ struct ima_iint_cache *ima_iint_find(struct inode *inode) | |||
59 | { | 59 | { |
60 | struct ima_iint_cache *iint; | 60 | struct ima_iint_cache *iint; |
61 | 61 | ||
62 | if (!IS_IMA(inode)) | ||
63 | return NULL; | ||
64 | |||
62 | spin_lock(&ima_iint_lock); | 65 | spin_lock(&ima_iint_lock); |
63 | iint = __ima_iint_find(inode); | 66 | iint = __ima_iint_find(inode); |
64 | spin_unlock(&ima_iint_lock); | 67 | spin_unlock(&ima_iint_lock); |
@@ -91,6 +94,7 @@ int ima_inode_alloc(struct inode *inode) | |||
91 | new_iint->inode = inode; | 94 | new_iint->inode = inode; |
92 | new_node = &new_iint->rb_node; | 95 | new_node = &new_iint->rb_node; |
93 | 96 | ||
97 | mutex_lock(&inode->i_mutex); /* i_flags */ | ||
94 | spin_lock(&ima_iint_lock); | 98 | spin_lock(&ima_iint_lock); |
95 | 99 | ||
96 | p = &ima_iint_tree.rb_node; | 100 | p = &ima_iint_tree.rb_node; |
@@ -107,14 +111,17 @@ int ima_inode_alloc(struct inode *inode) | |||
107 | goto out_err; | 111 | goto out_err; |
108 | } | 112 | } |
109 | 113 | ||
114 | inode->i_flags |= S_IMA; | ||
110 | rb_link_node(new_node, parent, p); | 115 | rb_link_node(new_node, parent, p); |
111 | rb_insert_color(new_node, &ima_iint_tree); | 116 | rb_insert_color(new_node, &ima_iint_tree); |
112 | 117 | ||
113 | spin_unlock(&ima_iint_lock); | 118 | spin_unlock(&ima_iint_lock); |
119 | mutex_unlock(&inode->i_mutex); /* i_flags */ | ||
114 | 120 | ||
115 | return 0; | 121 | return 0; |
116 | out_err: | 122 | out_err: |
117 | spin_unlock(&ima_iint_lock); | 123 | spin_unlock(&ima_iint_lock); |
124 | mutex_unlock(&inode->i_mutex); /* i_flags */ | ||
118 | iint_free(new_iint); | 125 | iint_free(new_iint); |
119 | 126 | ||
120 | return rc; | 127 | return rc; |
@@ -135,15 +142,14 @@ void ima_inode_free(struct inode *inode) | |||
135 | 142 | ||
136 | inode->i_readcount = 0; | 143 | inode->i_readcount = 0; |
137 | 144 | ||
145 | if (!IS_IMA(inode)) | ||
146 | return; | ||
147 | |||
138 | spin_lock(&ima_iint_lock); | 148 | spin_lock(&ima_iint_lock); |
139 | iint = __ima_iint_find(inode); | 149 | iint = __ima_iint_find(inode); |
140 | if (iint) | 150 | rb_erase(&iint->rb_node, &ima_iint_tree); |
141 | rb_erase(&iint->rb_node, &ima_iint_tree); | ||
142 | spin_unlock(&ima_iint_lock); | 151 | spin_unlock(&ima_iint_lock); |
143 | 152 | ||
144 | if (!iint) | ||
145 | return; | ||
146 | |||
147 | iint_free(iint); | 153 | iint_free(iint); |
148 | } | 154 | } |
149 | 155 | ||
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 1dccafef7494..60dd61527b1e 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
@@ -211,6 +211,7 @@ void ima_file_free(struct file *file) | |||
211 | 211 | ||
212 | if (!iint_initialized || !S_ISREG(inode->i_mode)) | 212 | if (!iint_initialized || !S_ISREG(inode->i_mode)) |
213 | return; | 213 | return; |
214 | |||
214 | iint = ima_iint_find(inode); | 215 | iint = ima_iint_find(inode); |
215 | 216 | ||
216 | if (iint) | 217 | if (iint) |