Commit 196f5181 authored by Eric Paris's avatar Eric Paris Committed by Linus Torvalds

IMA: explicit IMA i_flag to remove global lock on inode_delete

Currently for every removed inode IMA must take a global lock and search
the IMA rbtree looking for an associated integrity structure.  Instead
we explicitly mark an inode when we add an integrity structure so we
only have to take the global lock and do the removal if it exists.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Acked-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 64c62f06
...@@ -235,6 +235,7 @@ struct inodes_stat_t { ...@@ -235,6 +235,7 @@ struct inodes_stat_t {
#define S_NOCMTIME 128 /* Do not update file c/mtime */ #define S_NOCMTIME 128 /* Do not update file c/mtime */
#define S_SWAPFILE 256 /* Do not truncate: swapon got its bmaps */ #define S_SWAPFILE 256 /* Do not truncate: swapon got its bmaps */
#define S_PRIVATE 512 /* Inode is fs-internal */ #define S_PRIVATE 512 /* Inode is fs-internal */
#define S_IMA 1024 /* Inode has an associated IMA struct */
/* /*
* Note that nosuid etc flags are inode-specific: setting some file-system * Note that nosuid etc flags are inode-specific: setting some file-system
...@@ -269,6 +270,7 @@ struct inodes_stat_t { ...@@ -269,6 +270,7 @@ struct inodes_stat_t {
#define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME) #define IS_NOCMTIME(inode) ((inode)->i_flags & S_NOCMTIME)
#define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE) #define IS_SWAPFILE(inode) ((inode)->i_flags & S_SWAPFILE)
#define IS_PRIVATE(inode) ((inode)->i_flags & S_PRIVATE) #define IS_PRIVATE(inode) ((inode)->i_flags & S_PRIVATE)
#define IS_IMA(inode) ((inode)->i_flags & S_IMA)
/* the read-only stuff doesn't really belong here, but any other place is /* the read-only stuff doesn't really belong here, but any other place is
probably as bad and I don't want to create yet another include file. */ probably as bad and I don't want to create yet another include file. */
......
...@@ -59,6 +59,9 @@ struct ima_iint_cache *ima_iint_find(struct inode *inode) ...@@ -59,6 +59,9 @@ struct ima_iint_cache *ima_iint_find(struct inode *inode)
{ {
struct ima_iint_cache *iint; struct ima_iint_cache *iint;
if (!IS_IMA(inode))
return NULL;
spin_lock(&ima_iint_lock); spin_lock(&ima_iint_lock);
iint = __ima_iint_find(inode); iint = __ima_iint_find(inode);
spin_unlock(&ima_iint_lock); spin_unlock(&ima_iint_lock);
...@@ -91,6 +94,7 @@ int ima_inode_alloc(struct inode *inode) ...@@ -91,6 +94,7 @@ int ima_inode_alloc(struct inode *inode)
new_iint->inode = inode; new_iint->inode = inode;
new_node = &new_iint->rb_node; new_node = &new_iint->rb_node;
mutex_lock(&inode->i_mutex); /* i_flags */
spin_lock(&ima_iint_lock); spin_lock(&ima_iint_lock);
p = &ima_iint_tree.rb_node; p = &ima_iint_tree.rb_node;
...@@ -107,14 +111,17 @@ int ima_inode_alloc(struct inode *inode) ...@@ -107,14 +111,17 @@ int ima_inode_alloc(struct inode *inode)
goto out_err; goto out_err;
} }
inode->i_flags |= S_IMA;
rb_link_node(new_node, parent, p); rb_link_node(new_node, parent, p);
rb_insert_color(new_node, &ima_iint_tree); rb_insert_color(new_node, &ima_iint_tree);
spin_unlock(&ima_iint_lock); spin_unlock(&ima_iint_lock);
mutex_unlock(&inode->i_mutex); /* i_flags */
return 0; return 0;
out_err: out_err:
spin_unlock(&ima_iint_lock); spin_unlock(&ima_iint_lock);
mutex_unlock(&inode->i_mutex); /* i_flags */
iint_free(new_iint); iint_free(new_iint);
return rc; return rc;
...@@ -135,15 +142,14 @@ void ima_inode_free(struct inode *inode) ...@@ -135,15 +142,14 @@ void ima_inode_free(struct inode *inode)
inode->i_readcount = 0; inode->i_readcount = 0;
if (!IS_IMA(inode))
return;
spin_lock(&ima_iint_lock); spin_lock(&ima_iint_lock);
iint = __ima_iint_find(inode); iint = __ima_iint_find(inode);
if (iint)
rb_erase(&iint->rb_node, &ima_iint_tree); rb_erase(&iint->rb_node, &ima_iint_tree);
spin_unlock(&ima_iint_lock); spin_unlock(&ima_iint_lock);
if (!iint)
return;
iint_free(iint); iint_free(iint);
} }
......
...@@ -211,6 +211,7 @@ void ima_file_free(struct file *file) ...@@ -211,6 +211,7 @@ void ima_file_free(struct file *file)
if (!iint_initialized || !S_ISREG(inode->i_mode)) if (!iint_initialized || !S_ISREG(inode->i_mode))
return; return;
iint = ima_iint_find(inode); iint = ima_iint_find(inode);
if (iint) if (iint)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment