aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/realpath.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/tomoyo/realpath.c')
-rw-r--r--security/tomoyo/realpath.c65
1 files changed, 20 insertions, 45 deletions
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index 9105e5e29da9..54226d5be493 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -212,57 +212,32 @@ static unsigned int tomoyo_allocated_memory_for_elements;
212static unsigned int tomoyo_quota_for_elements; 212static unsigned int tomoyo_quota_for_elements;
213 213
214/** 214/**
215 * tomoyo_alloc_element - Allocate permanent memory for structures. 215 * tomoyo_memory_ok - Check memory quota.
216 * 216 *
217 * @size: Size in bytes. 217 * @ptr: Pointer to allocated memory.
218 * 218 *
219 * Returns pointer to allocated memory on success, NULL otherwise. 219 * Returns true on success, false otherwise.
220 * 220 *
221 * Memory has to be zeroed. 221 * Caller holds tomoyo_policy_lock.
222 * The RAM is chunked, so NEVER try to kfree() the returned pointer. 222 * Memory pointed by @ptr will be zeroed on success.
223 */ 223 */
224void *tomoyo_alloc_element(const unsigned int size) 224bool tomoyo_memory_ok(void *ptr)
225{ 225{
226 static char *buf; 226 int allocated_len = ptr ? ksize(ptr) : 0;
227 static DEFINE_MUTEX(lock); 227 bool result = false;
228 static unsigned int buf_used_len = PATH_MAX; 228 if (!ptr || (tomoyo_quota_for_elements &&
229 char *ptr = NULL; 229 tomoyo_allocated_memory_for_elements
230 /*Assumes sizeof(void *) >= sizeof(long) is true. */ 230 + allocated_len > tomoyo_quota_for_elements)) {
231 const unsigned int word_aligned_size 231 printk(KERN_WARNING "ERROR: Out of memory "
232 = roundup(size, max(sizeof(void *), sizeof(long))); 232 "for tomoyo_alloc_element().\n");
233 if (word_aligned_size > PATH_MAX) 233 if (!tomoyo_policy_loaded)
234 return NULL; 234 panic("MAC Initialization failed.\n");
235 mutex_lock(&lock); 235 } else {
236 if (buf_used_len + word_aligned_size > PATH_MAX) { 236 result = true;
237 if (!tomoyo_quota_for_elements || 237 tomoyo_allocated_memory_for_elements += allocated_len;
238 tomoyo_allocated_memory_for_elements 238 memset(ptr, 0, allocated_len);
239 + PATH_MAX <= tomoyo_quota_for_elements)
240 ptr = kzalloc(PATH_MAX, GFP_KERNEL);
241 if (!ptr) {
242 printk(KERN_WARNING "ERROR: Out of memory "
243 "for tomoyo_alloc_element().\n");
244 if (!tomoyo_policy_loaded)
245 panic("MAC Initialization failed.\n");
246 } else {
247 buf = ptr;
248 tomoyo_allocated_memory_for_elements += PATH_MAX;
249 buf_used_len = word_aligned_size;
250 ptr = buf;
251 }
252 } else if (word_aligned_size) {
253 int i;
254 ptr = buf + buf_used_len;
255 buf_used_len += word_aligned_size;
256 for (i = 0; i < word_aligned_size; i++) {
257 if (!ptr[i])
258 continue;
259 printk(KERN_ERR "WARNING: Reserved memory was tainted! "
260 "The system might go wrong.\n");
261 ptr[i] = '\0';
262 }
263 } 239 }
264 mutex_unlock(&lock); 240 return result;
265 return ptr;
266} 241}
267 242
268/* Memory allocated for string data in bytes. */ 243/* Memory allocated for string data in bytes. */