diff options
Diffstat (limited to 'security/tomoyo/memory.c')
| -rw-r--r-- | security/tomoyo/memory.c | 39 |
1 files changed, 12 insertions, 27 deletions
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c index 7a56051146c2..0e995716cc25 100644 --- a/security/tomoyo/memory.c +++ b/security/tomoyo/memory.c | |||
| @@ -27,8 +27,6 @@ void tomoyo_warn_oom(const char *function) | |||
| 27 | panic("MAC Initialization failed.\n"); | 27 | panic("MAC Initialization failed.\n"); |
| 28 | } | 28 | } |
| 29 | 29 | ||
| 30 | /* Lock for protecting tomoyo_memory_used. */ | ||
| 31 | static DEFINE_SPINLOCK(tomoyo_policy_memory_lock); | ||
| 32 | /* Memoy currently used by policy/audit log/query. */ | 30 | /* Memoy currently used by policy/audit log/query. */ |
| 33 | unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; | 31 | unsigned int tomoyo_memory_used[TOMOYO_MAX_MEMORY_STAT]; |
| 34 | /* Memory quota for "policy"/"audit log"/"query". */ | 32 | /* Memory quota for "policy"/"audit log"/"query". */ |
| @@ -42,22 +40,19 @@ unsigned int tomoyo_memory_quota[TOMOYO_MAX_MEMORY_STAT]; | |||
| 42 | * Returns true on success, false otherwise. | 40 | * Returns true on success, false otherwise. |
| 43 | * | 41 | * |
| 44 | * Returns true if @ptr is not NULL and quota not exceeded, false otherwise. | 42 | * Returns true if @ptr is not NULL and quota not exceeded, false otherwise. |
| 43 | * | ||
| 44 | * Caller holds tomoyo_policy_lock mutex. | ||
| 45 | */ | 45 | */ |
| 46 | bool tomoyo_memory_ok(void *ptr) | 46 | bool tomoyo_memory_ok(void *ptr) |
| 47 | { | 47 | { |
| 48 | if (ptr) { | 48 | if (ptr) { |
| 49 | const size_t s = ksize(ptr); | 49 | const size_t s = ksize(ptr); |
| 50 | bool result; | ||
| 51 | spin_lock(&tomoyo_policy_memory_lock); | ||
| 52 | tomoyo_memory_used[TOMOYO_MEMORY_POLICY] += s; | 50 | tomoyo_memory_used[TOMOYO_MEMORY_POLICY] += s; |
| 53 | result = !tomoyo_memory_quota[TOMOYO_MEMORY_POLICY] || | 51 | if (!tomoyo_memory_quota[TOMOYO_MEMORY_POLICY] || |
| 54 | tomoyo_memory_used[TOMOYO_MEMORY_POLICY] <= | 52 | tomoyo_memory_used[TOMOYO_MEMORY_POLICY] <= |
| 55 | tomoyo_memory_quota[TOMOYO_MEMORY_POLICY]; | 53 | tomoyo_memory_quota[TOMOYO_MEMORY_POLICY]) |
| 56 | if (!result) | ||
| 57 | tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= s; | ||
| 58 | spin_unlock(&tomoyo_policy_memory_lock); | ||
| 59 | if (result) | ||
| 60 | return true; | 54 | return true; |
| 55 | tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= s; | ||
| 61 | } | 56 | } |
| 62 | tomoyo_warn_oom(__func__); | 57 | tomoyo_warn_oom(__func__); |
| 63 | return false; | 58 | return false; |
| @@ -71,6 +66,8 @@ bool tomoyo_memory_ok(void *ptr) | |||
| 71 | * | 66 | * |
| 72 | * Returns pointer to allocated memory on success, NULL otherwise. | 67 | * Returns pointer to allocated memory on success, NULL otherwise. |
| 73 | * @data is zero-cleared on success. | 68 | * @data is zero-cleared on success. |
| 69 | * | ||
| 70 | * Caller holds tomoyo_policy_lock mutex. | ||
| 74 | */ | 71 | */ |
| 75 | void *tomoyo_commit_ok(void *data, const unsigned int size) | 72 | void *tomoyo_commit_ok(void *data, const unsigned int size) |
| 76 | { | 73 | { |
| @@ -85,20 +82,6 @@ void *tomoyo_commit_ok(void *data, const unsigned int size) | |||
| 85 | } | 82 | } |
| 86 | 83 | ||
| 87 | /** | 84 | /** |
| 88 | * tomoyo_memory_free - Free memory for elements. | ||
| 89 | * | ||
| 90 | * @ptr: Pointer to allocated memory. | ||
| 91 | */ | ||
| 92 | void tomoyo_memory_free(void *ptr) | ||
| 93 | { | ||
| 94 | size_t s = ksize(ptr); | ||
| 95 | spin_lock(&tomoyo_policy_memory_lock); | ||
| 96 | tomoyo_memory_used[TOMOYO_MEMORY_POLICY] -= s; | ||
| 97 | spin_unlock(&tomoyo_policy_memory_lock); | ||
| 98 | kfree(ptr); | ||
| 99 | } | ||
| 100 | |||
| 101 | /** | ||
| 102 | * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group". | 85 | * tomoyo_get_group - Allocate memory for "struct tomoyo_path_group"/"struct tomoyo_number_group". |
| 103 | * | 86 | * |
| 104 | * @param: Pointer to "struct tomoyo_acl_param". | 87 | * @param: Pointer to "struct tomoyo_acl_param". |
| @@ -123,7 +106,8 @@ struct tomoyo_group *tomoyo_get_group(struct tomoyo_acl_param *param, | |||
| 123 | goto out; | 106 | goto out; |
| 124 | list = ¶m->ns->group_list[idx]; | 107 | list = ¶m->ns->group_list[idx]; |
| 125 | list_for_each_entry(group, list, head.list) { | 108 | list_for_each_entry(group, list, head.list) { |
| 126 | if (e.group_name != group->group_name) | 109 | if (e.group_name != group->group_name || |
| 110 | atomic_read(&group->head.users) == TOMOYO_GC_IN_PROGRESS) | ||
| 127 | continue; | 111 | continue; |
| 128 | atomic_inc(&group->head.users); | 112 | atomic_inc(&group->head.users); |
| 129 | found = true; | 113 | found = true; |
| @@ -175,7 +159,8 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name) | |||
| 175 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) | 159 | if (mutex_lock_interruptible(&tomoyo_policy_lock)) |
| 176 | return NULL; | 160 | return NULL; |
| 177 | list_for_each_entry(ptr, head, head.list) { | 161 | list_for_each_entry(ptr, head, head.list) { |
| 178 | if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name)) | 162 | if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name) || |
| 163 | atomic_read(&ptr->head.users) == TOMOYO_GC_IN_PROGRESS) | ||
| 179 | continue; | 164 | continue; |
| 180 | atomic_inc(&ptr->head.users); | 165 | atomic_inc(&ptr->head.users); |
| 181 | goto out; | 166 | goto out; |