Commit fdb8ebb7 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by James Morris

TOMOYO: Use RCU primitives for list operation

Replace list operation with RCU primitives and replace
down_read()/up_read() with srcu_read_lock()/srcu_read_unlock().
Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 86fc80f1
This diff is collapsed.
...@@ -269,6 +269,8 @@ struct tomoyo_io_buffer { ...@@ -269,6 +269,8 @@ struct tomoyo_io_buffer {
int (*write) (struct tomoyo_io_buffer *); int (*write) (struct tomoyo_io_buffer *);
/* Exclusive lock for this structure. */ /* Exclusive lock for this structure. */
struct mutex io_sem; struct mutex io_sem;
/* Index returned by tomoyo_read_lock(). */
int reader_idx;
/* The position currently reading from. */ /* The position currently reading from. */
struct list_head *read_var1; struct list_head *read_var1;
/* Extra variables for reading. */ /* Extra variables for reading. */
...@@ -446,7 +448,7 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain; ...@@ -446,7 +448,7 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain;
* @cookie: the &struct list_head to use as a cookie. * @cookie: the &struct list_head to use as a cookie.
* @head: the head for your list. * @head: the head for your list.
* *
* Same with list_for_each() except that this primitive uses @cookie * Same with list_for_each_rcu() except that this primitive uses @cookie
* so that we can continue iteration. * so that we can continue iteration.
* @cookie must be NULL when iteration starts, and @cookie will become * @cookie must be NULL when iteration starts, and @cookie will become
* NULL when iteration finishes. * NULL when iteration finishes.
...@@ -454,8 +456,20 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain; ...@@ -454,8 +456,20 @@ extern struct tomoyo_domain_info tomoyo_kernel_domain;
#define list_for_each_cookie(pos, cookie, head) \ #define list_for_each_cookie(pos, cookie, head) \
for (({ if (!cookie) \ for (({ if (!cookie) \
cookie = head; }), \ cookie = head; }), \
pos = (cookie)->next; \ pos = rcu_dereference((cookie)->next); \
prefetch(pos->next), pos != (head) || ((cookie) = NULL); \ prefetch(pos->next), pos != (head) || ((cookie) = NULL); \
(cookie) = pos, pos = pos->next) (cookie) = pos, pos = rcu_dereference(pos->next))
extern struct srcu_struct tomoyo_ss;
static inline int tomoyo_read_lock(void)
{
return srcu_read_lock(&tomoyo_ss);
}
static inline void tomoyo_read_unlock(int idx)
{
srcu_read_unlock(&tomoyo_ss, idx);
}
#endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */ #endif /* !defined(_SECURITY_TOMOYO_COMMON_H) */
This diff is collapsed.
This diff is collapsed.
...@@ -402,11 +402,13 @@ void __init tomoyo_realpath_init(void) ...@@ -402,11 +402,13 @@ void __init tomoyo_realpath_init(void)
INIT_LIST_HEAD(&tomoyo_name_list[i]); INIT_LIST_HEAD(&tomoyo_name_list[i]);
INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list); INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);
tomoyo_kernel_domain.domainname = tomoyo_save_name(TOMOYO_ROOT_NAME); tomoyo_kernel_domain.domainname = tomoyo_save_name(TOMOYO_ROOT_NAME);
list_add_tail(&tomoyo_kernel_domain.list, &tomoyo_domain_list); /*
down_read(&tomoyo_domain_list_lock); * tomoyo_read_lock() is not needed because this function is
* called before the first "delete" request.
*/
list_add_tail_rcu(&tomoyo_kernel_domain.list, &tomoyo_domain_list);
if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain) if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain)
panic("Can't register tomoyo_kernel_domain"); panic("Can't register tomoyo_kernel_domain");
up_read(&tomoyo_domain_list_lock);
} }
/* Memory allocated for temporary purpose. */ /* Memory allocated for temporary purpose. */
......
...@@ -76,8 +76,18 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) ...@@ -76,8 +76,18 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
* Execute permission is checked against pathname passed to do_execve() * Execute permission is checked against pathname passed to do_execve()
* using current domain. * using current domain.
*/ */
if (!domain) if (!domain) {
return tomoyo_find_next_domain(bprm); /*
* We will need to protect whole execve() operation when GC
* starts kfree()ing "struct tomoyo_domain_info" because
* bprm->cred->security points to "struct tomoyo_domain_info"
* but "struct tomoyo_domain_info" does not have a refcounter.
*/
const int idx = tomoyo_read_lock();
const int err = tomoyo_find_next_domain(bprm);
tomoyo_read_unlock(idx);
return err;
}
/* /*
* Read permission is checked against interpreters using next domain. * Read permission is checked against interpreters using next domain.
* '1' is the result of open_to_namei_flags(O_RDONLY). * '1' is the result of open_to_namei_flags(O_RDONLY).
...@@ -278,6 +288,9 @@ static struct security_operations tomoyo_security_ops = { ...@@ -278,6 +288,9 @@ static struct security_operations tomoyo_security_ops = {
.sb_pivotroot = tomoyo_sb_pivotroot, .sb_pivotroot = tomoyo_sb_pivotroot,
}; };
/* Lock for GC. */
struct srcu_struct tomoyo_ss;
static int __init tomoyo_init(void) static int __init tomoyo_init(void)
{ {
struct cred *cred = (struct cred *) current_cred(); struct cred *cred = (struct cred *) current_cred();
...@@ -285,7 +298,8 @@ static int __init tomoyo_init(void) ...@@ -285,7 +298,8 @@ static int __init tomoyo_init(void)
if (!security_module_enable(&tomoyo_security_ops)) if (!security_module_enable(&tomoyo_security_ops))
return 0; return 0;
/* register ourselves with the security framework */ /* register ourselves with the security framework */
if (register_security(&tomoyo_security_ops)) if (register_security(&tomoyo_security_ops) ||
init_srcu_struct(&tomoyo_ss))
panic("Failure registering TOMOYO Linux"); panic("Failure registering TOMOYO Linux");
printk(KERN_INFO "TOMOYO Linux initialized\n"); printk(KERN_INFO "TOMOYO Linux initialized\n");
cred->security = &tomoyo_kernel_domain; cred->security = &tomoyo_kernel_domain;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment