From af901ca181d92aac3a7dc265144a9081a86d8f39 Mon Sep 17 00:00:00 2001 From: André Goddard Rosa Date: Sat, 14 Nov 2009 13:09:05 -0200 Subject: tree-wide: fix assorted typos all over the place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That is "success", "unknown", "through", "performance", "[re|un]mapping" , "access", "default", "reasonable", "[con]currently", "temperature" , "channel", "[un]used", "application", "example","hierarchy", "therefore" , "[over|under]flow", "contiguous", "threshold", "enough" and others. Signed-off-by: André Goddard Rosa Signed-off-by: Jiri Kosina --- security/selinux/netlabel.c | 2 +- security/selinux/ss/services.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'security') diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index e68823741ad5..2534400317c5 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -204,7 +204,7 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, * * Description * Call the NetLabel mechanism to set the label of a packet using @sid. - * Returns zero on auccess, negative values on failure. + * Returns zero on success, negative values on failure. * */ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ff17820d35ec..5914eeb0b339 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -741,7 +741,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) goto out; } - /* type/domain unchaned */ + /* type/domain unchanged */ if (old_context->type == new_context->type) { rc = 0; goto out; -- cgit v1.2.3-59-g8ed1b From ec29ea544b1ce204ba3575ba05fccf3069d00c3f Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:47:44 -0500 Subject: ima: valid return code from ima_inode_alloc ima_inode_alloc returns 0 and 1, but the LSM hooks expects an errno. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima_iint.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index a4e2b1dac943..4a53f396d422 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -87,8 +87,6 @@ out: /** * ima_inode_alloc - allocate an iint associated with an inode * @inode: pointer to the inode - * - * Return 0 on success, 1 on failure. */ int ima_inode_alloc(struct inode *inode) { @@ -99,7 +97,7 @@ int ima_inode_alloc(struct inode *inode) iint = ima_iint_insert(inode); if (!iint) - return 1; + return -ENOMEM; return 0; } -- cgit v1.2.3-59-g8ed1b From 9353384ec8128cb443463016bbabb44ca857ff52 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:47:52 -0500 Subject: ima: only insert at inode creation time iints are supposed to be allocated when an inode is allocated (during security_inode_alloc()) But we have code which will attempt to allocate an iint during measurement calls. If we couldn't allocate the iint and we cared, we should have died during security_inode_alloc(). Not make the code more complex and less efficient. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_iint.c | 71 ++++++--------------------------------- security/integrity/ima/ima_main.c | 8 ++--- 3 files changed, 14 insertions(+), 66 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 165eb5397ea5..349aabc83297 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -128,7 +128,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode); void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 4a53f396d422..2f6ab5258b1e 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -45,22 +45,21 @@ out: return iint; } -/* Allocate memory for the iint associated with the inode - * from the iint_cache slab, initialize the iint, and - * insert it into the radix tree. - * - * On success return a pointer to the iint; on failure return NULL. +/** + * ima_inode_alloc - allocate an iint associated with an inode + * @inode: pointer to the inode */ -struct ima_iint_cache *ima_iint_insert(struct inode *inode) +int ima_inode_alloc(struct inode *inode) { struct ima_iint_cache *iint = NULL; int rc = 0; if (!ima_initialized) - return iint; + return 0; + iint = kmem_cache_alloc(iint_cache, GFP_NOFS); if (!iint) - return iint; + return -ENOMEM; rc = radix_tree_preload(GFP_NOFS); if (rc < 0) @@ -70,63 +69,13 @@ struct ima_iint_cache *ima_iint_insert(struct inode *inode) rc = radix_tree_insert(&ima_iint_store, (unsigned long)inode, iint); spin_unlock(&ima_iint_lock); out: - if (rc < 0) { + if (rc < 0) kmem_cache_free(iint_cache, iint); - if (rc == -EEXIST) { - spin_lock(&ima_iint_lock); - iint = radix_tree_lookup(&ima_iint_store, - (unsigned long)inode); - spin_unlock(&ima_iint_lock); - } else - iint = NULL; - } - radix_tree_preload_end(); - return iint; -} - -/** - * ima_inode_alloc - allocate an iint associated with an inode - * @inode: pointer to the inode - */ -int ima_inode_alloc(struct inode *inode) -{ - struct ima_iint_cache *iint; - - if (!ima_initialized) - return 0; - - iint = ima_iint_insert(inode); - if (!iint) - return -ENOMEM; - return 0; -} - -/* ima_iint_find_insert_get - get the iint associated with an inode - * - * Most insertions are done at inode_alloc, except those allocated - * before late_initcall. When the iint does not exist, allocate it, - * initialize and insert it, and increment the iint refcount. - * - * (Can't initialize at security_initcall before any inodes are - * allocated, got to wait at least until proc_init.) - * - * Return the iint. - */ -struct ima_iint_cache *ima_iint_find_insert_get(struct inode *inode) -{ - struct ima_iint_cache *iint = NULL; - iint = ima_iint_find_get(inode); - if (iint) - return iint; - - iint = ima_iint_insert(inode); - if (iint) - kref_get(&iint->refcount); + radix_tree_preload_end(); - return iint; + return rc; } -EXPORT_SYMBOL_GPL(ima_iint_find_insert_get); /* iint_free - called when the iint refcount goes to zero */ void iint_free(struct kref *kref) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index b85e61bcf246..96fafc01e2c7 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -161,7 +161,7 @@ int ima_path_check(struct path *path, int mask, int update_counts) if (!ima_initialized || !S_ISREG(inode->i_mode)) return 0; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return 0; @@ -219,7 +219,7 @@ static int process_measurement(struct file *file, const unsigned char *filename, if (!ima_initialized || !S_ISREG(inode->i_mode)) return 0; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return -ENOMEM; @@ -255,7 +255,7 @@ void ima_counts_put(struct path *path, int mask) */ if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) return; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return; @@ -286,7 +286,7 @@ void ima_counts_get(struct file *file) if (!ima_initialized || !S_ISREG(inode->i_mode)) return; - iint = ima_iint_find_insert_get(inode); + iint = ima_iint_find_get(inode); if (!iint) return; mutex_lock(&iint->mutex); -- cgit v1.2.3-59-g8ed1b From e0d5bd2aec4e69e720ee86958503923cafb45be5 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:00 -0500 Subject: IMA: clean up the IMA counts updating code We currently have a lot of duplicated code around ima file counts. Clean that all up. Signed-off-by: Eric Paris Acked-by: Serge Hallyn Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_main.c | 118 ++++++++++++++++++++++---------------- 2 files changed, 70 insertions(+), 49 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 349aabc83297..268ef57b9142 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -97,7 +97,6 @@ static inline unsigned long ima_hash_key(u8 *digest) /* iint cache flags */ #define IMA_MEASURED 1 -#define IMA_IINT_DUMP_STACK 512 /* integrity data associated with an inode */ struct ima_iint_cache { diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 96fafc01e2c7..e041233b4d2a 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -13,8 +13,8 @@ * License. * * File: ima_main.c - * implements the IMA hooks: ima_bprm_check, ima_file_mmap, - * and ima_path_check. + * implements the IMA hooks: ima_bprm_check, ima_file_mmap, + * and ima_path_check. */ #include #include @@ -35,6 +35,69 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +/* + * Update the counts given an fmode_t + */ +static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) +{ + BUG_ON(!mutex_is_locked(&iint->mutex)); + + iint->opencount++; + if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) + iint->readcount++; + if (mode & FMODE_WRITE) + iint->writecount++; +} + +/* + * Update the counts given open flags instead of fmode + */ +static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags) +{ + ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE)); +} + +/* + * Decrement ima counts + */ +static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, + fmode_t mode) +{ + BUG_ON(!mutex_is_locked(&iint->mutex)); + + iint->opencount--; + if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) + iint->readcount--; + if (mode & FMODE_WRITE) { + iint->writecount--; + if (iint->writecount == 0) { + if (iint->version != inode->i_version) + iint->flags &= ~IMA_MEASURED; + } + } + + if ((iint->opencount < 0) || + (iint->readcount < 0) || + (iint->writecount < 0)) { + static int dumped; + + if (dumped) + return; + dumped = 1; + + printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld o:%ld)\n", + __FUNCTION__, iint->readcount, iint->writecount, + iint->opencount); + dump_stack(); + } +} + +static void ima_dec_counts_flags(struct ima_iint_cache *iint, + struct inode *inode, int flags) +{ + ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE)); +} + /** * ima_file_free - called on __fput() * @file: pointer to file structure being freed @@ -54,29 +117,7 @@ void ima_file_free(struct file *file) return; mutex_lock(&iint->mutex); - if (iint->opencount <= 0) { - printk(KERN_INFO - "%s: %s open/free imbalance (r:%ld w:%ld o:%ld f:%ld)\n", - __FUNCTION__, file->f_dentry->d_name.name, - iint->readcount, iint->writecount, - iint->opencount, atomic_long_read(&file->f_count)); - if (!(iint->flags & IMA_IINT_DUMP_STACK)) { - dump_stack(); - iint->flags |= IMA_IINT_DUMP_STACK; - } - } - iint->opencount--; - - if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) - iint->readcount--; - - if (file->f_mode & FMODE_WRITE) { - iint->writecount--; - if (iint->writecount == 0) { - if (iint->version != inode->i_version) - iint->flags &= ~IMA_MEASURED; - } - } + ima_dec_counts(iint, inode, file->f_mode); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); } @@ -116,8 +157,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, { int rc = 0; - iint->opencount++; - iint->readcount++; + ima_inc_counts(iint, file->f_mode); rc = ima_collect_measurement(iint, file); if (!rc) @@ -125,15 +165,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, return rc; } -static void ima_update_counts(struct ima_iint_cache *iint, int mask) -{ - iint->opencount++; - if ((mask & MAY_WRITE) || (mask == 0)) - iint->writecount++; - else if (mask & (MAY_READ | MAY_EXEC)) - iint->readcount++; -} - /** * ima_path_check - based on policy, collect/store measurement. * @path: contains a pointer to the path to be measured @@ -167,7 +198,7 @@ int ima_path_check(struct path *path, int mask, int update_counts) mutex_lock(&iint->mutex); if (update_counts) - ima_update_counts(iint, mask); + ima_inc_counts_flags(iint, mask); rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); if (rc < 0) @@ -260,11 +291,7 @@ void ima_counts_put(struct path *path, int mask) return; mutex_lock(&iint->mutex); - iint->opencount--; - if ((mask & MAY_WRITE) || (mask == 0)) - iint->writecount--; - else if (mask & (MAY_READ | MAY_EXEC)) - iint->readcount--; + ima_dec_counts_flags(iint, inode, mask); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); @@ -290,12 +317,7 @@ void ima_counts_get(struct file *file) if (!iint) return; mutex_lock(&iint->mutex); - iint->opencount++; - if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) - iint->readcount++; - - if (file->f_mode & FMODE_WRITE) - iint->writecount++; + ima_inc_counts(iint, file->f_mode); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); -- cgit v1.2.3-59-g8ed1b From 85a17f552dfe77efb44b971615e4f221a5f28f37 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 4 Dec 2009 15:48:08 -0500 Subject: ima: call ima_inode_free ima_inode_free ima_inode_free() has some funky #define just to confuse the crap out of me. void ima_iint_delete(struct inode *inode) and then things actually call ima_inode_free() and nothing calls ima_iint_delete(). Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_iint.c | 6 ++---- 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 268ef57b9142..c41afe6639a0 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -127,7 +127,6 @@ void ima_template_show(struct seq_file *m, void *e, */ struct ima_iint_cache *ima_iint_insert(struct inode *inode); struct ima_iint_cache *ima_iint_find_get(struct inode *inode); -void ima_iint_delete(struct inode *inode); void iint_free(struct kref *kref); void iint_rcu_free(struct rcu_head *rcu); diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index 2f6ab5258b1e..fa592ff1ac1c 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -19,8 +19,6 @@ #include #include "ima.h" -#define ima_iint_delete ima_inode_free - RADIX_TREE(ima_iint_store, GFP_ATOMIC); DEFINE_SPINLOCK(ima_iint_lock); @@ -111,12 +109,12 @@ void iint_rcu_free(struct rcu_head *rcu_head) } /** - * ima_iint_delete - called on integrity_inode_free + * ima_inode_free - called on security_inode_free * @inode: pointer to the inode * * Free the integrity information(iint) associated with an inode. */ -void ima_iint_delete(struct inode *inode) +void ima_inode_free(struct inode *inode) { struct ima_iint_cache *iint; -- cgit v1.2.3-59-g8ed1b From 1429b3eca23818f87f9fa569a15d9816de81f698 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 16 Dec 2009 06:38:01 -0500 Subject: Untangling ima mess, part 3: kill dead code in ima Kill the 'update' argument of ima_path_check(), kill dead code in ima. Current rules: ima counters are bumped at the same time when the file switches from put_filp() fodder to fput() one. Which happens exactly in two places - alloc_file() and __dentry_open(). Nothing else needs to do that at all. Signed-off-by: Al Viro --- fs/namei.c | 4 +-- fs/nfsd/vfs.c | 3 +-- include/linux/ima.h | 12 ++------- security/integrity/ima/ima_main.c | 52 +++------------------------------------ 4 files changed, 9 insertions(+), 62 deletions(-) (limited to 'security') diff --git a/fs/namei.c b/fs/namei.c index c530e5d32f12..a765e7a741f4 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1686,7 +1686,7 @@ do_last: path_put(&nd.root); if (!IS_ERR(filp)) { error = ima_path_check(&filp->f_path, filp->f_mode & - (MAY_READ | MAY_WRITE | MAY_EXEC), 0); + (MAY_READ | MAY_WRITE | MAY_EXEC)); if (error) { fput(filp); filp = ERR_PTR(error); @@ -1747,7 +1747,7 @@ ok: filp = nameidata_to_filp(&nd, open_flag); if (!IS_ERR(filp)) { error = ima_path_check(&filp->f_path, filp->f_mode & - (MAY_READ | MAY_WRITE | MAY_EXEC), 0); + (MAY_READ | MAY_WRITE | MAY_EXEC)); if (error) { fput(filp); filp = ERR_PTR(error); diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index c9942b39654e..936f08400db6 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -2122,8 +2122,7 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp, */ path.mnt = exp->ex_path.mnt; path.dentry = dentry; - err = ima_path_check(&path, acc & (MAY_READ | MAY_WRITE | MAY_EXEC), - IMA_COUNT_LEAVE); + err = ima_path_check(&path, acc & (MAY_READ | MAY_WRITE | MAY_EXEC)); nfsd_out: return err? nfserrno(err) : 0; } diff --git a/include/linux/ima.h b/include/linux/ima.h index 0e3f2a4c25f6..99dc6d5cf7e5 100644 --- a/include/linux/ima.h +++ b/include/linux/ima.h @@ -13,18 +13,14 @@ #include struct linux_binprm; -#define IMA_COUNT_UPDATE 1 -#define IMA_COUNT_LEAVE 0 - #ifdef CONFIG_IMA extern int ima_bprm_check(struct linux_binprm *bprm); extern int ima_inode_alloc(struct inode *inode); extern void ima_inode_free(struct inode *inode); -extern int ima_path_check(struct path *path, int mask, int update_counts); +extern int ima_path_check(struct path *path, int mask); extern void ima_file_free(struct file *file); extern int ima_file_mmap(struct file *file, unsigned long prot); extern void ima_counts_get(struct file *file); -extern void ima_counts_put(struct path *path, int mask); #else static inline int ima_bprm_check(struct linux_binprm *bprm) @@ -42,7 +38,7 @@ static inline void ima_inode_free(struct inode *inode) return; } -static inline int ima_path_check(struct path *path, int mask, int update_counts) +static inline int ima_path_check(struct path *path, int mask) { return 0; } @@ -62,9 +58,5 @@ static inline void ima_counts_get(struct file *file) return; } -static inline void ima_counts_put(struct path *path, int mask) -{ - return; -} #endif /* CONFIG_IMA_H */ #endif /* _LINUX_IMA_H */ diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e041233b4d2a..16dc57d247d0 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -49,20 +49,13 @@ static void ima_inc_counts(struct ima_iint_cache *iint, fmode_t mode) iint->writecount++; } -/* - * Update the counts given open flags instead of fmode - */ -static void ima_inc_counts_flags(struct ima_iint_cache *iint, int flags) -{ - ima_inc_counts(iint, (__force fmode_t)((flags+1) & O_ACCMODE)); -} - /* * Decrement ima counts */ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, - fmode_t mode) + struct file *file) { + mode_t mode = file->f_mode; BUG_ON(!mutex_is_locked(&iint->mutex)); iint->opencount--; @@ -92,12 +85,6 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, } } -static void ima_dec_counts_flags(struct ima_iint_cache *iint, - struct inode *inode, int flags) -{ - ima_dec_counts(iint, inode, (__force fmode_t)((flags+1) & O_ACCMODE)); -} - /** * ima_file_free - called on __fput() * @file: pointer to file structure being freed @@ -117,7 +104,7 @@ void ima_file_free(struct file *file) return; mutex_lock(&iint->mutex); - ima_dec_counts(iint, inode, file->f_mode); + ima_dec_counts(iint, inode, file); mutex_unlock(&iint->mutex); kref_put(&iint->refcount, iint_free); } @@ -183,7 +170,7 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, * Always return 0 and audit dentry_open failures. * (Return code will be based upon measurement appraisal.) */ -int ima_path_check(struct path *path, int mask, int update_counts) +int ima_path_check(struct path *path, int mask) { struct inode *inode = path->dentry->d_inode; struct ima_iint_cache *iint; @@ -197,8 +184,6 @@ int ima_path_check(struct path *path, int mask, int update_counts) return 0; mutex_lock(&iint->mutex); - if (update_counts) - ima_inc_counts_flags(iint, mask); rc = ima_must_measure(iint, inode, MAY_READ, PATH_CHECK); if (rc < 0) @@ -268,35 +253,6 @@ out: return rc; } -/* - * ima_counts_put - decrement file counts - * - * File counts are incremented in ima_path_check. On file open - * error, such as ETXTBSY, decrement the counts to prevent - * unnecessary imbalance messages. - */ -void ima_counts_put(struct path *path, int mask) -{ - struct inode *inode = path->dentry->d_inode; - struct ima_iint_cache *iint; - - /* The inode may already have been freed, freeing the iint - * with it. Verify the inode is not NULL before dereferencing - * it. - */ - if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) - return; - iint = ima_iint_find_get(inode); - if (!iint) - return; - - mutex_lock(&iint->mutex); - ima_dec_counts_flags(iint, inode, mask); - mutex_unlock(&iint->mutex); - - kref_put(&iint->refcount, iint_free); -} - /* * ima_counts_get - increment file counts * -- cgit v1.2.3-59-g8ed1b From d1625436b4fe526fa463bc0519ba37d7e4b37bbc Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Fri, 4 Dec 2009 15:48:40 -0500 Subject: ima: limit imbalance msg Limit the number of imbalance messages to once per filesystem type instead of once per system boot. (it's actually slightly racy and could give you a couple per fs, but this isn't a real issue) Signed-off-by: Mimi Zohar Signed-off-by: Al Viro --- security/integrity/ima/ima_main.c | 62 +++++++++++++++++++++++++++++++++------ 1 file changed, 53 insertions(+), 9 deletions(-) (limited to 'security') diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 16dc57d247d0..a89f44d5e030 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -35,6 +35,55 @@ static int __init hash_setup(char *str) } __setup("ima_hash=", hash_setup); +struct ima_imbalance { + struct hlist_node node; + unsigned long fsmagic; +}; + +/* + * ima_limit_imbalance - emit one imbalance message per filesystem type + * + * Maintain list of filesystem types that do not measure files properly. + * Return false if unknown, true if known. + */ +static bool ima_limit_imbalance(struct file *file) +{ + static DEFINE_SPINLOCK(ima_imbalance_lock); + static HLIST_HEAD(ima_imbalance_list); + + struct super_block *sb = file->f_dentry->d_sb; + struct ima_imbalance *entry; + struct hlist_node *node; + bool found = false; + + rcu_read_lock(); + hlist_for_each_entry_rcu(entry, node, &ima_imbalance_list, node) { + if (entry->fsmagic == sb->s_magic) { + found = true; + break; + } + } + rcu_read_unlock(); + if (found) + goto out; + + entry = kmalloc(sizeof(*entry), GFP_NOFS); + if (!entry) + goto out; + entry->fsmagic = sb->s_magic; + spin_lock(&ima_imbalance_lock); + /* + * we could have raced and something else might have added this fs + * to the list, but we don't really care + */ + hlist_add_head_rcu(&entry->node, &ima_imbalance_list); + spin_unlock(&ima_imbalance_lock); + printk(KERN_INFO "IMA: unmeasured files on fsmagic: %lX\n", + entry->fsmagic); +out: + return found; +} + /* * Update the counts given an fmode_t */ @@ -69,15 +118,10 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode, } } - if ((iint->opencount < 0) || - (iint->readcount < 0) || - (iint->writecount < 0)) { - static int dumped; - - if (dumped) - return; - dumped = 1; - + if (((iint->opencount < 0) || + (iint->readcount < 0) || + (iint->writecount < 0)) && + !ima_limit_imbalance(file)) { printk(KERN_INFO "%s: open/free imbalance (r:%ld w:%ld o:%ld)\n", __FUNCTION__, iint->readcount, iint->writecount, iint->opencount); -- cgit v1.2.3-59-g8ed1b From fa1cc7b5a5c4171dfdcac855428295340ccf87ec Mon Sep 17 00:00:00 2001 From: Roel Kluin Date: Tue, 15 Dec 2009 15:05:12 -0800 Subject: keys: PTR_ERR return of wrong pointer in keyctl_get_security() Return the PTR_ERR of the correct pointer. Signed-off-by: Roel Kluin Signed-off-by: Andrew Morton Acked-by: David Howells Signed-off-by: James Morris --- security/keys/keyctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 06ec722897be..5f830bc6f287 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1194,7 +1194,7 @@ long keyctl_get_security(key_serial_t keyid, * have the authorisation token handy */ instkey = key_get_instantiation_authkey(keyid); if (IS_ERR(instkey)) - return PTR_ERR(key_ref); + return PTR_ERR(instkey); key_put(instkey); key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); -- cgit v1.2.3-59-g8ed1b From dd880fbe8e4792d1185a5101dc751f49eab0a509 Mon Sep 17 00:00:00 2001 From: H Hartley Sweeten Date: Tue, 15 Dec 2009 15:05:12 -0800 Subject: security/min_addr.c: make init_mmap_min_addr() static init_mmap_min_addr() is a pure_initcall and should be static. Signed-off-by: H Hartley Sweeten Signed-off-by: Andrew Morton Signed-off-by: James Morris --- security/min_addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/min_addr.c b/security/min_addr.c index fc43c9d37084..e86f297522bf 100644 --- a/security/min_addr.c +++ b/security/min_addr.c @@ -43,7 +43,7 @@ int mmap_min_addr_handler(struct ctl_table *table, int write, return ret; } -int __init init_mmap_min_addr(void) +static int __init init_mmap_min_addr(void) { update_mmap_min_addr(); -- cgit v1.2.3-59-g8ed1b From 6e1415467614e854fee660ff6648bd10fa976e95 Mon Sep 17 00:00:00 2001 From: David Howells Date: Tue, 15 Dec 2009 19:27:45 +0000 Subject: NOMMU: Optimise away the {dac_,}mmap_min_addr tests In NOMMU mode clamp dac_mmap_min_addr to zero to cause the tests on it to be skipped by the compiler. We do this as the minimum mmap address doesn't make any sense in NOMMU mode. mmap_min_addr and round_hint_to_min() can be discarded entirely in NOMMU mode. Signed-off-by: David Howells Acked-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 7 +++++++ kernel/sysctl.c | 2 ++ mm/Kconfig | 1 + security/Makefile | 3 ++- 4 files changed, 12 insertions(+), 1 deletion(-) (limited to 'security') diff --git a/include/linux/security.h b/include/linux/security.h index 466cbadbd1ef..2c627d361c02 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -95,8 +95,13 @@ struct seq_file; extern int cap_netlink_send(struct sock *sk, struct sk_buff *skb); extern int cap_netlink_recv(struct sk_buff *skb, int cap); +#ifdef CONFIG_MMU extern unsigned long mmap_min_addr; extern unsigned long dac_mmap_min_addr; +#else +#define dac_mmap_min_addr 0UL +#endif + /* * Values used in the task_security_ops calls */ @@ -121,6 +126,7 @@ struct request_sock; #define LSM_UNSAFE_PTRACE 2 #define LSM_UNSAFE_PTRACE_CAP 4 +#ifdef CONFIG_MMU /* * If a hint addr is less than mmap_min_addr change hint to be as * low as possible but still greater than mmap_min_addr @@ -135,6 +141,7 @@ static inline unsigned long round_hint_to_min(unsigned long hint) } extern int mmap_min_addr_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); +#endif #ifdef CONFIG_SECURITY diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 45e4bef0012a..856a24eadf7e 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -1214,6 +1214,7 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_jiffies, }, #endif +#ifdef CONFIG_MMU { .procname = "mmap_min_addr", .data = &dac_mmap_min_addr, @@ -1221,6 +1222,7 @@ static struct ctl_table vm_table[] = { .mode = 0644, .proc_handler = mmap_min_addr_handler, }, +#endif #ifdef CONFIG_NUMA { .procname = "numa_zonelist_order", diff --git a/mm/Kconfig b/mm/Kconfig index 43ea8c3a2bbf..ee9f3e0f2b69 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -221,6 +221,7 @@ config KSM config DEFAULT_MMAP_MIN_ADDR int "Low address space to protect from user allocation" + depends on MMU default 4096 help This is the portion of low virtual memory which should be protected diff --git a/security/Makefile b/security/Makefile index bb44e350c618..da20a193c8dd 100644 --- a/security/Makefile +++ b/security/Makefile @@ -8,7 +8,8 @@ subdir-$(CONFIG_SECURITY_SMACK) += smack subdir-$(CONFIG_SECURITY_TOMOYO) += tomoyo # always enable default capabilities -obj-y += commoncap.o min_addr.o +obj-y += commoncap.o +obj-$(CONFIG_MMU) += min_addr.o # Object file lists obj-$(CONFIG_SECURITY) += security.o capability.o -- cgit v1.2.3-59-g8ed1b From a00ae4d21b2fa9379914f270ffffd8d3bec55430 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Sun, 13 Dec 2009 20:21:34 +0100 Subject: Keys: KEYCTL_SESSION_TO_PARENT needs TIF_NOTIFY_RESUME architecture support As of commit ee18d64c1f632043a02e6f5ba5e045bb26a5465f ("KEYS: Add a keyctl to install a process's session keyring on its parent [try #6]"), CONFIG_KEYS=y fails to build on architectures that haven't implemented TIF_NOTIFY_RESUME yet: security/keys/keyctl.c: In function 'keyctl_session_to_parent': security/keys/keyctl.c:1312: error: 'TIF_NOTIFY_RESUME' undeclared (first use in this function) security/keys/keyctl.c:1312: error: (Each undeclared identifier is reported only once security/keys/keyctl.c:1312: error: for each function it appears in.) Make KEYCTL_SESSION_TO_PARENT depend on TIF_NOTIFY_RESUME until m68k, and xtensa have implemented it. Signed-off-by: Geert Uytterhoeven Signed-off-by: James Morris Acked-by: Mike Frysinger --- security/keys/keyctl.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'security') diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 5f830bc6f287..e9c2e7c584d9 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1236,6 +1236,7 @@ long keyctl_get_security(key_serial_t keyid, */ long keyctl_session_to_parent(void) { +#ifdef TIF_NOTIFY_RESUME struct task_struct *me, *parent; const struct cred *mycred, *pcred; struct cred *cred, *oldcred; @@ -1326,6 +1327,15 @@ not_permitted: error_keyring: key_ref_put(keyring_r); return ret; + +#else /* !TIF_NOTIFY_RESUME */ + /* + * To be removed when TIF_NOTIFY_RESUME has been implemented on + * m68k/xtensa + */ +#warning TIF_NOTIFY_RESUME not implemented + return -EOPNOTSUPP; +#endif /* !TIF_NOTIFY_RESUME */ } /*****************************************************************************/ -- cgit v1.2.3-59-g8ed1b From 5300990c0370e804e49d9a59d928c5d53fb73487 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 19 Dec 2009 10:15:07 -0500 Subject: Sanitize f_flags helpers * pull ACC_MODE to fs.h; we have several copies all over the place * nightmarish expression calculating f_mode by f_flags deserves a helper too (OPEN_FMODE(flags)) Signed-off-by: Al Viro --- fs/anon_inodes.c | 10 +--------- fs/namei.c | 2 -- fs/open.c | 2 +- include/linux/fs.h | 3 +++ kernel/auditsc.c | 1 - security/tomoyo/file.c | 1 - 6 files changed, 5 insertions(+), 14 deletions(-) (limited to 'security') diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index 598237e97221..9f0bf13291e5 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -89,19 +89,11 @@ struct file *anon_inode_getfile(const char *name, struct qstr this; struct path path; struct file *file; - fmode_t mode; int error; if (IS_ERR(anon_inode_inode)) return ERR_PTR(-ENODEV); - switch (flags & O_ACCMODE) { - case O_RDONLY: mode = FMODE_READ; break; - case O_WRONLY: mode = FMODE_WRITE; break; - case O_RDWR: mode = FMODE_READ | FMODE_WRITE; break; - default: return ERR_PTR(-EINVAL); - } - if (fops->owner && !try_module_get(fops->owner)) return ERR_PTR(-ENOENT); @@ -129,7 +121,7 @@ struct file *anon_inode_getfile(const char *name, d_instantiate(path.dentry, anon_inode_inode); error = -ENFILE; - file = alloc_file(&path, mode, fops); + file = alloc_file(&path, OPEN_FMODE(flags), fops); if (!file) goto err_dput; file->f_mapping = anon_inode_inode->i_mapping; diff --git a/fs/namei.c b/fs/namei.c index d517f73aa36b..68921d9b5302 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -37,8 +37,6 @@ #include "internal.h" -#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) - /* [Feb-1997 T. Schoebel-Theuer] * Fundamental changes in the pathname lookup mechanisms (namei) * were necessary because of omirr. The reason is that omirr needs diff --git a/fs/open.c b/fs/open.c index 6daee28f6e8f..040cef72bc00 100644 --- a/fs/open.c +++ b/fs/open.c @@ -828,7 +828,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, struct inode *inode; int error; - f->f_mode = (__force fmode_t)((f->f_flags+1) & O_ACCMODE) | FMODE_LSEEK | + f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; inode = dentry->d_inode; if (f->f_mode & FMODE_WRITE) { diff --git a/include/linux/fs.h b/include/linux/fs.h index cca191933ff6..9e13b533aaef 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2464,5 +2464,8 @@ int proc_nr_files(struct ctl_table *table, int write, int __init get_filesystem_list(char *buf); +#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) +#define OPEN_FMODE(flag) ((__force fmode_t)((flag + 1) & O_ACCMODE)) + #endif /* __KERNEL__ */ #endif /* _LINUX_FS_H */ diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 267e484f0198..fc0f928167e7 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -250,7 +250,6 @@ struct audit_context { #endif }; -#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE]) static inline int open_arg(int flags, int mask) { int n = ACC_MODE(flags); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 8346938809b1..9a6c58881c0a 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -12,7 +12,6 @@ #include "common.h" #include "tomoyo.h" #include "realpath.h" -#define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) /* * tomoyo_globally_readable_file_entry is a structure which is used for holding -- cgit v1.2.3-59-g8ed1b From 17740d89785aeb4143770923d67c293849414710 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Fri, 28 Aug 2009 10:47:16 +0200 Subject: SECURITY: selinux, fix update_rlimit_cpu parameter Don't pass current RLIMIT_RTTIME to update_rlimit_cpu() in selinux_bprm_committing_creds, since update_rlimit_cpu expects RLIMIT_CPU limit. Use proper rlim[RLIMIT_CPU].rlim_cur instead to fix that. Signed-off-by: Jiri Slaby Acked-by: James Morris Cc: Stephen Smalley Cc: Eric Paris Cc: David Howells --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7a374c2eb043..9a2ee845e9d4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2365,7 +2365,7 @@ static void selinux_bprm_committing_creds(struct linux_binprm *bprm) initrlim = init_task.signal->rlim + i; rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur); } - update_rlimit_cpu(rlim->rlim_cur); + update_rlimit_cpu(current->signal->rlim[RLIMIT_CPU].rlim_cur); } } -- cgit v1.2.3-59-g8ed1b