Skip to content

Commit c5c928c

Browse files
committed
Merge tag 'tomoyo-fixes-for-5.5' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1
Pull tomoyo fixes from Tetsuo Handa: "Two bug fixes: - Suppress RCU warning at list_for_each_entry_rcu() - Don't use fancy names on sockets" * tag 'tomoyo-fixes-for-5.5' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). tomoyo: Don't use nifty names on sockets.
2 parents fd69884 + 6bd5ce6 commit c5c928c

File tree

5 files changed

+27
-44
lines changed

5 files changed

+27
-44
lines changed

security/tomoyo/common.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -951,7 +951,8 @@ static bool tomoyo_manager(void)
951951
exe = tomoyo_get_exe();
952952
if (!exe)
953953
return false;
954-
list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.policy_list[TOMOYO_ID_MANAGER], head.list) {
954+
list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.policy_list[TOMOYO_ID_MANAGER], head.list,
955+
srcu_read_lock_held(&tomoyo_ss)) {
955956
if (!ptr->head.is_deleted &&
956957
(!tomoyo_pathcmp(domainname, ptr->manager) ||
957958
!strcmp(exe, ptr->manager->name))) {
@@ -1095,7 +1096,8 @@ static int tomoyo_delete_domain(char *domainname)
10951096
if (mutex_lock_interruptible(&tomoyo_policy_lock))
10961097
return -EINTR;
10971098
/* Is there an active domain? */
1098-
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
1099+
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list,
1100+
srcu_read_lock_held(&tomoyo_ss)) {
10991101
/* Never delete tomoyo_kernel_domain */
11001102
if (domain == &tomoyo_kernel_domain)
11011103
continue;
@@ -2778,7 +2780,8 @@ void tomoyo_check_profile(void)
27782780

27792781
tomoyo_policy_loaded = true;
27802782
pr_info("TOMOYO: 2.6.0\n");
2781-
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
2783+
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list,
2784+
srcu_read_lock_held(&tomoyo_ss)) {
27822785
const u8 profile = domain->profile;
27832786
struct tomoyo_policy_namespace *ns = domain->ns;
27842787

security/tomoyo/domain.c

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,8 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size,
4141

4242
if (mutex_lock_interruptible(&tomoyo_policy_lock))
4343
return -ENOMEM;
44-
list_for_each_entry_rcu(entry, list, list) {
44+
list_for_each_entry_rcu(entry, list, list,
45+
srcu_read_lock_held(&tomoyo_ss)) {
4546
if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)
4647
continue;
4748
if (!check_duplicate(entry, new_entry))
@@ -119,7 +120,8 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size,
119120
}
120121
if (mutex_lock_interruptible(&tomoyo_policy_lock))
121122
goto out;
122-
list_for_each_entry_rcu(entry, list, list) {
123+
list_for_each_entry_rcu(entry, list, list,
124+
srcu_read_lock_held(&tomoyo_ss)) {
123125
if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)
124126
continue;
125127
if (!tomoyo_same_acl_head(entry, new_entry) ||
@@ -166,7 +168,8 @@ void tomoyo_check_acl(struct tomoyo_request_info *r,
166168
u16 i = 0;
167169

168170
retry:
169-
list_for_each_entry_rcu(ptr, list, list) {
171+
list_for_each_entry_rcu(ptr, list, list,
172+
srcu_read_lock_held(&tomoyo_ss)) {
170173
if (ptr->is_deleted || ptr->type != r->param_type)
171174
continue;
172175
if (!check_entry(r, ptr))
@@ -298,7 +301,8 @@ static inline bool tomoyo_scan_transition
298301
{
299302
const struct tomoyo_transition_control *ptr;
300303

301-
list_for_each_entry_rcu(ptr, list, head.list) {
304+
list_for_each_entry_rcu(ptr, list, head.list,
305+
srcu_read_lock_held(&tomoyo_ss)) {
302306
if (ptr->head.is_deleted || ptr->type != type)
303307
continue;
304308
if (ptr->domainname) {
@@ -735,7 +739,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
735739

736740
/* Check 'aggregator' directive. */
737741
candidate = &exename;
738-
list_for_each_entry_rcu(ptr, list, head.list) {
742+
list_for_each_entry_rcu(ptr, list, head.list,
743+
srcu_read_lock_held(&tomoyo_ss)) {
739744
if (ptr->head.is_deleted ||
740745
!tomoyo_path_matches_pattern(&exename,
741746
ptr->original_name))

security/tomoyo/group.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,8 @@ tomoyo_path_matches_group(const struct tomoyo_path_info *pathname,
133133
{
134134
struct tomoyo_path_group *member;
135135

136-
list_for_each_entry_rcu(member, &group->member_list, head.list) {
136+
list_for_each_entry_rcu(member, &group->member_list, head.list,
137+
srcu_read_lock_held(&tomoyo_ss)) {
137138
if (member->head.is_deleted)
138139
continue;
139140
if (!tomoyo_path_matches_pattern(pathname, member->member_name))
@@ -161,7 +162,8 @@ bool tomoyo_number_matches_group(const unsigned long min,
161162
struct tomoyo_number_group *member;
162163
bool matched = false;
163164

164-
list_for_each_entry_rcu(member, &group->member_list, head.list) {
165+
list_for_each_entry_rcu(member, &group->member_list, head.list,
166+
srcu_read_lock_held(&tomoyo_ss)) {
165167
if (member->head.is_deleted)
166168
continue;
167169
if (min > member->number.values[1] ||
@@ -191,7 +193,8 @@ bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address,
191193
bool matched = false;
192194
const u8 size = is_ipv6 ? 16 : 4;
193195

194-
list_for_each_entry_rcu(member, &group->member_list, head.list) {
196+
list_for_each_entry_rcu(member, &group->member_list, head.list,
197+
srcu_read_lock_held(&tomoyo_ss)) {
195198
if (member->head.is_deleted)
196199
continue;
197200
if (member->address.is_ipv6 != is_ipv6)

security/tomoyo/realpath.c

Lines changed: 1 addition & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -217,31 +217,6 @@ static char *tomoyo_get_local_path(struct dentry *dentry, char * const buffer,
217217
return ERR_PTR(-ENOMEM);
218218
}
219219

220-
/**
221-
* tomoyo_get_socket_name - Get the name of a socket.
222-
*
223-
* @path: Pointer to "struct path".
224-
* @buffer: Pointer to buffer to return value in.
225-
* @buflen: Sizeof @buffer.
226-
*
227-
* Returns the buffer.
228-
*/
229-
static char *tomoyo_get_socket_name(const struct path *path, char * const buffer,
230-
const int buflen)
231-
{
232-
struct inode *inode = d_backing_inode(path->dentry);
233-
struct socket *sock = inode ? SOCKET_I(inode) : NULL;
234-
struct sock *sk = sock ? sock->sk : NULL;
235-
236-
if (sk) {
237-
snprintf(buffer, buflen, "socket:[family=%u:type=%u:protocol=%u]",
238-
sk->sk_family, sk->sk_type, sk->sk_protocol);
239-
} else {
240-
snprintf(buffer, buflen, "socket:[unknown]");
241-
}
242-
return buffer;
243-
}
244-
245220
/**
246221
* tomoyo_realpath_from_path - Returns realpath(3) of the given pathname but ignores chroot'ed root.
247222
*
@@ -279,12 +254,7 @@ char *tomoyo_realpath_from_path(const struct path *path)
279254
break;
280255
/* To make sure that pos is '\0' terminated. */
281256
buf[buf_len - 1] = '\0';
282-
/* Get better name for socket. */
283-
if (sb->s_magic == SOCKFS_MAGIC) {
284-
pos = tomoyo_get_socket_name(path, buf, buf_len - 1);
285-
goto encode;
286-
}
287-
/* For "pipe:[\$]". */
257+
/* For "pipe:[\$]" and "socket:[\$]". */
288258
if (dentry->d_op && dentry->d_op->d_dname) {
289259
pos = dentry->d_op->d_dname(dentry, buf, buf_len - 1);
290260
goto encode;

security/tomoyo/util.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -594,7 +594,8 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname)
594594

595595
name.name = domainname;
596596
tomoyo_fill_path_info(&name);
597-
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
597+
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list,
598+
srcu_read_lock_held(&tomoyo_ss)) {
598599
if (!domain->is_deleted &&
599600
!tomoyo_pathcmp(&name, domain->domainname))
600601
return domain;
@@ -1028,7 +1029,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
10281029
return false;
10291030
if (!domain)
10301031
return true;
1031-
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
1032+
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list,
1033+
srcu_read_lock_held(&tomoyo_ss)) {
10321034
u16 perm;
10331035
u8 i;
10341036

0 commit comments

Comments
 (0)