summaryrefslogtreecommitdiff
path: root/security/tomoyo/tomoyo.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-02-11 09:43:20 +0900
committerJames Morris <jmorris@namei.org>2010-02-15 09:00:21 +1100
commitec8e6a4e062e2edebef91e930c20572c9f4c0dda (patch)
tree1c48fb2aa2220b3bdc138e0fb33e1ac632d0dffe /security/tomoyo/tomoyo.c
parent76bb0895d038be7bcdb6ccfcd2dd7deb30371d6b (diff)
downloadlinux-3.10-ec8e6a4e062e2edebef91e930c20572c9f4c0dda.tar.gz
linux-3.10-ec8e6a4e062e2edebef91e930c20572c9f4c0dda.tar.bz2
linux-3.10-ec8e6a4e062e2edebef91e930c20572c9f4c0dda.zip
TOMOYO: Add refcounter on domain structure.
Add refcounter to "struct tomoyo_domain_info" since garbage collector needs to determine whether this struct is referred by "struct cred"->security or not. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/tomoyo.c')
-rw-r--r--security/tomoyo/tomoyo.c37
1 files changed, 21 insertions, 16 deletions
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 8a0988dade7..87e82bfeac2 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -21,21 +21,23 @@ static int tomoyo_cred_alloc_blank(struct cred *new, gfp_t gfp)
static int tomoyo_cred_prepare(struct cred *new, const struct cred *old,
gfp_t gfp)
{
- /*
- * Since "struct tomoyo_domain_info *" is a sharable pointer,
- * we don't need to duplicate.
- */
- new->security = old->security;
+ struct tomoyo_domain_info *domain = old->security;
+ new->security = domain;
+ if (domain)
+ atomic_inc(&domain->users);
return 0;
}
static void tomoyo_cred_transfer(struct cred *new, const struct cred *old)
{
- /*
- * Since "struct tomoyo_domain_info *" is a sharable pointer,
- * we don't need to duplicate.
- */
- new->security = old->security;
+ tomoyo_cred_prepare(new, old, 0);
+}
+
+static void tomoyo_cred_free(struct cred *cred)
+{
+ struct tomoyo_domain_info *domain = cred->security;
+ if (domain)
+ atomic_dec(&domain->users);
}
static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
@@ -59,6 +61,14 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm)
if (!tomoyo_policy_loaded)
tomoyo_load_policy(bprm->filename);
/*
+ * Release reference to "struct tomoyo_domain_info" stored inside
+ * "bprm->cred->security". New reference to "struct tomoyo_domain_info"
+ * stored inside "bprm->cred->security" will be acquired later inside
+ * tomoyo_find_next_domain().
+ */
+ atomic_dec(&((struct tomoyo_domain_info *)
+ bprm->cred->security)->users);
+ /*
* Tell tomoyo_bprm_check_security() is called for the first time of an
* execve operation.
*/
@@ -75,12 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
* using current domain.
*/
if (!domain) {
- /*
- * We will need to protect whole execve() operation when GC
- * starts kfree()ing "struct tomoyo_domain_info" because
- * bprm->cred->security points to "struct tomoyo_domain_info"
- * but "struct tomoyo_domain_info" does not have a refcounter.
- */
const int idx = tomoyo_read_lock();
const int err = tomoyo_find_next_domain(bprm);
tomoyo_read_unlock(idx);
@@ -265,6 +269,7 @@ static struct security_operations tomoyo_security_ops = {
.cred_alloc_blank = tomoyo_cred_alloc_blank,
.cred_prepare = tomoyo_cred_prepare,
.cred_transfer = tomoyo_cred_transfer,
+ .cred_free = tomoyo_cred_free,
.bprm_set_creds = tomoyo_bprm_set_creds,
.bprm_check_security = tomoyo_bprm_check_security,
.file_fcntl = tomoyo_file_fcntl,