diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-02-11 09:43:20 +0900 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-02-15 09:00:21 +1100 |
commit | ec8e6a4e062e2edebef91e930c20572c9f4c0dda (patch) | |
tree | 1c48fb2aa2220b3bdc138e0fb33e1ac632d0dffe | |
parent | 76bb0895d038be7bcdb6ccfcd2dd7deb30371d6b (diff) | |
download | op-kernel-dev-ec8e6a4e062e2edebef91e930c20572c9f4c0dda.zip op-kernel-dev-ec8e6a4e062e2edebef91e930c20572c9f4c0dda.tar.gz |
TOMOYO: Add refcounter on domain structure.
Add refcounter to "struct tomoyo_domain_info" since garbage collector needs to
determine whether this struct is referred by "struct cred"->security or not.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/tomoyo/common.h | 5 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 2 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 37 |
3 files changed, 28 insertions, 16 deletions
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index f6aff59..521b4b5 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -234,6 +234,10 @@ struct tomoyo_acl_info { * name of the domain to be created was too long or it could not allocate * memory. If set to true, more than one process continued execve() * without domain transition. + * (9) "users" is an atomic_t that holds how many "struct cred"->security + * are referring this "struct tomoyo_domain_info". If is_deleted == true + * and users == 0, this struct will be kfree()d upon next garbage + * collection. * * A domain's lifecycle is an analogy of files on / directory. * Multiple domains with the same domainname cannot be created (as with @@ -252,6 +256,7 @@ struct tomoyo_domain_info { bool quota_warned; /* Quota warnning flag. */ bool ignore_global_allow_read; /* Ignore "allow_read" flag. */ bool transition_failed; /* Domain transition failed flag. */ + atomic_t users; /* Number of referring credentials. */ }; /* diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index d60b8a6..6f74b30 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -817,6 +817,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) out: if (!domain) domain = old_domain; + /* Update reference count on "struct tomoyo_domain_info". */ + atomic_inc(&domain->users); bprm->cred->security = domain; kfree(real_program_name); kfree(symlink_program_name); diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 8a0988d..87e82bf 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -21,21 +21,23 @@ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp) static int tomoyo_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) { - /* - * Since "struct tomoyo_domain_info *" is a sharable pointer, - * we don't need to duplicate. - */ - new->security = old->security; + struct tomoyo_domain_info *domain = old->security; + new->security = domain; + if (domain) + atomic_inc(&domain->users); return 0; } static void tomoyo_cred_transfer(struct cred *new, const struct cred *old) { - /* - * Since "struct tomoyo_domain_info *" is a sharable pointer, - * we don't need to duplicate. - */ - new->security = old->security; + tomoyo_cred_prepare(new, old, 0); +} + +static void tomoyo_cred_free(struct cred *cred) +{ + struct tomoyo_domain_info *domain = cred->security; + if (domain) + atomic_dec(&domain->users); } static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) @@ -59,6 +61,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) if (!tomoyo_policy_loaded) tomoyo_load_policy(bprm->filename); /* + * Release reference to "struct tomoyo_domain_info" stored inside + * "bprm->cred->security". New reference to "struct tomoyo_domain_info" + * stored inside "bprm->cred->security" will be acquired later inside + * tomoyo_find_next_domain(). + */ + atomic_dec(&((struct tomoyo_domain_info *) + bprm->cred->security)->users); + /* * Tell tomoyo_bprm_check_security() is called for the first time of an * execve operation. */ @@ -75,12 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) * using current domain. */ if (!domain) { - /* - * We will need to protect whole execve() operation when GC - * starts kfree()ing "struct tomoyo_domain_info" because - * bprm->cred->security points to "struct tomoyo_domain_info" - * but "struct tomoyo_domain_info" does not have a refcounter. - */ const int idx = tomoyo_read_lock(); const int err = tomoyo_find_next_domain(bprm); tomoyo_read_unlock(idx); @@ -265,6 +269,7 @@ static struct security_operations tomoyo_security_ops = { .cred_alloc_blank = tomoyo_cred_alloc_blank, .cred_prepare = tomoyo_cred_prepare, .cred_transfer = tomoyo_cred_transfer, + .cred_free = tomoyo_cred_free, .bprm_set_creds = tomoyo_bprm_set_creds, .bprm_check_security = tomoyo_bprm_check_security, .file_fcntl = tomoyo_file_fcntl, |