From fdb8ebb729bbb640e64028a4f579a02ebc405727 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Tue, 8 Dec 2009 09:34:43 +0900 Subject: TOMOYO: Use RCU primitives for list operation Replace list operation with RCU primitives and replace down_read()/up_read() with srcu_read_lock()/srcu_read_unlock(). Signed-off-by: Tetsuo Handa Acked-by: Serge Hallyn Signed-off-by: James Morris --- security/tomoyo/tomoyo.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'security/tomoyo/tomoyo.c') diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index ad9555f..714daa3 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -76,8 +76,18 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) * Execute permission is checked against pathname passed to do_execve() * using current domain. */ - if (!domain) - return tomoyo_find_next_domain(bprm); + if (!domain) { + /* + * We will need to protect whole execve() operation when GC + * starts kfree()ing "struct tomoyo_domain_info" because + * bprm->cred->security points to "struct tomoyo_domain_info" + * but "struct tomoyo_domain_info" does not have a refcounter. + */ + const int idx = tomoyo_read_lock(); + const int err = tomoyo_find_next_domain(bprm); + tomoyo_read_unlock(idx); + return err; + } /* * Read permission is checked against interpreters using next domain. * '1' is the result of open_to_namei_flags(O_RDONLY). @@ -278,6 +288,9 @@ static struct security_operations tomoyo_security_ops = { .sb_pivotroot = tomoyo_sb_pivotroot, }; +/* Lock for GC. */ +struct srcu_struct tomoyo_ss; + static int __init tomoyo_init(void) { struct cred *cred = (struct cred *) current_cred(); @@ -285,7 +298,8 @@ static int __init tomoyo_init(void) if (!security_module_enable(&tomoyo_security_ops)) return 0; /* register ourselves with the security framework */ - if (register_security(&tomoyo_security_ops)) + if (register_security(&tomoyo_security_ops) || + init_srcu_struct(&tomoyo_ss)) panic("Failure registering TOMOYO Linux"); printk(KERN_INFO "TOMOYO Linux initialized\n"); cred->security = &tomoyo_kernel_domain; -- cgit v1.1