diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2010-05-06 00:18:15 +0900 | 
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-05-06 13:19:18 +1000 | 
| commit | 292823814261e085cdcef06b6b691e6c2563fbd4 (patch) | |
| tree | 8c1eaebcf8f698ea13ac2a9291b9769abde1905e /security | |
| parent | 2b9e4688fad8867b6e918610f396af3ab9246898 (diff) | |
TOMOYO: Use mutex_lock_interruptible.
Some of TOMOYO's functions may sleep after mutex_lock(). If OOM-killer selected
a process which is waiting at mutex_lock(), the to-be-killed process can't be
killed. Thus, replace mutex_lock() with mutex_lock_interruptible() so that the
to-be-killed process can immediately return from TOMOYO's functions.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/tomoyo/common.c | 13 | ||||
| -rw-r--r-- | security/tomoyo/common.h | 1 | ||||
| -rw-r--r-- | security/tomoyo/domain.c | 15 | ||||
| -rw-r--r-- | security/tomoyo/file.c | 18 | ||||
| -rw-r--r-- | security/tomoyo/gc.c | 7 | ||||
| -rw-r--r-- | security/tomoyo/realpath.c | 7 | 
6 files changed, 37 insertions, 24 deletions
| diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 3c86bbc33ae..8f34036fd31 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -874,13 +874,13 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)  static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned  								int profile)  { -	static DEFINE_MUTEX(lock);  	struct tomoyo_profile *ptr = NULL;  	int i;  	if (profile >= TOMOYO_MAX_PROFILES)  		return NULL; -	mutex_lock(&lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		return NULL;  	ptr = tomoyo_profile_ptr[profile];  	if (ptr)  		goto ok; @@ -895,7 +895,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned  	mb(); /* Avoid out-of-order execution. */  	tomoyo_profile_ptr[profile] = ptr;   ok: -	mutex_unlock(&lock); +	mutex_unlock(&tomoyo_policy_lock);  	return ptr;  } @@ -1090,7 +1090,8 @@ static int tomoyo_update_manager_entry(const char *manager,  		return -ENOMEM;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {  		if (ptr->manager != saved_manager)  			continue; @@ -1107,6 +1108,7 @@ static int tomoyo_update_manager_entry(const char *manager,  		error = 0;  	}  	mutex_unlock(&tomoyo_policy_lock); + out:  	tomoyo_put_name(saved_manager);  	kfree(entry);  	return error; @@ -1287,7 +1289,8 @@ static int tomoyo_delete_domain(char *domainname)  	name.name = domainname;  	tomoyo_fill_path_info(&name); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		return 0;  	/* Is there an active domain? */  	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {  		/* Never delete tomoyo_kernel_domain */ diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 67bd22dd3e6..52c9502ed67 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -662,7 +662,6 @@ extern struct list_head tomoyo_pattern_list;  extern struct list_head tomoyo_no_rewrite_list;  extern struct list_head tomoyo_policy_manager_list;  extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; -extern struct mutex tomoyo_name_list_lock;  /* Lock for protecting policy. */  extern struct mutex tomoyo_policy_lock; diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index e1edec4a9b9..a1723bbcde0 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -154,7 +154,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,  		goto out;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {  		if (ptr->is_not != is_not ||  		    ptr->domainname != saved_domainname || @@ -374,7 +375,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,  		goto out;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {  		if (ptr->is_not != is_not ||  		    ptr->domainname != saved_domainname || @@ -566,7 +568,8 @@ static int tomoyo_update_alias_entry(const char *original_name,  		goto out;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {  		if (ptr->original_name != saved_original_name ||  		    ptr->aliased_name != saved_aliased_name) @@ -656,7 +659,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *  							    const u8 profile)  {  	struct tomoyo_domain_info *entry; -	struct tomoyo_domain_info *domain; +	struct tomoyo_domain_info *domain = NULL;  	const struct tomoyo_path_info *saved_domainname;  	bool found = false; @@ -666,7 +669,8 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *  	if (!saved_domainname)  		return NULL;  	entry = kzalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {  		if (domain->is_deleted ||  		    tomoyo_pathcmp(saved_domainname, domain->domainname)) @@ -685,6 +689,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *  		found = true;  	}  	mutex_unlock(&tomoyo_policy_lock); + out:  	tomoyo_put_name(saved_domainname);  	kfree(entry);  	return found ? domain : NULL; diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 0687ada28e8..060bbf3870c 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -176,7 +176,8 @@ static int tomoyo_update_globally_readable_entry(const char *filename,  		return -ENOMEM;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {  		if (ptr->filename != saved_filename)  			continue; @@ -192,6 +193,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,  		error = 0;  	}  	mutex_unlock(&tomoyo_policy_lock); + out:  	tomoyo_put_name(saved_filename);  	kfree(entry);  	return error; @@ -323,7 +325,8 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,  		goto out;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {  		if (saved_pattern != ptr->pattern)  			continue; @@ -476,7 +479,8 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,  		return error;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {  		if (ptr->pattern != saved_pattern)  			continue; @@ -492,6 +496,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,  		error = 0;  	}  	mutex_unlock(&tomoyo_policy_lock); + out:  	tomoyo_put_name(saved_pattern);  	kfree(entry);  	return error; @@ -822,7 +827,8 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,  		return -ENOMEM;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {  		struct tomoyo_path_acl *acl =  			container_of(ptr, struct tomoyo_path_acl, head); @@ -867,6 +873,7 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,  		error = 0;  	}  	mutex_unlock(&tomoyo_policy_lock); + out:  	kfree(entry);  	tomoyo_put_name(saved_filename);  	return error; @@ -908,7 +915,8 @@ static int tomoyo_update_path2_acl(const u8 type, const char *filename1,  		goto out;  	if (!is_delete)  		entry = kmalloc(sizeof(*entry), GFP_NOFS); -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		goto out;  	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {  		struct tomoyo_path2_acl *acl =  			container_of(ptr, struct tomoyo_path2_acl, head); diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c index d9ad35bc7fa..245bf422e3a 100644 --- a/security/tomoyo/gc.c +++ b/security/tomoyo/gc.c @@ -151,7 +151,8 @@ static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)  static void tomoyo_collect_entry(void)  { -	mutex_lock(&tomoyo_policy_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		return;  	{  		struct tomoyo_globally_readable_file_entry *ptr;  		list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, @@ -275,8 +276,6 @@ static void tomoyo_collect_entry(void)  				break;  		}  	} -	mutex_unlock(&tomoyo_policy_lock); -	mutex_lock(&tomoyo_name_list_lock);  	{  		int i;  		for (i = 0; i < TOMOYO_MAX_HASH; i++) { @@ -294,7 +293,7 @@ static void tomoyo_collect_entry(void)  			}  		}  	} -	mutex_unlock(&tomoyo_name_list_lock); +	mutex_unlock(&tomoyo_policy_lock);  }  static void tomoyo_kfree_entry(void) diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index 6a51e0af241..62062a68525 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -240,8 +240,6 @@ void tomoyo_memory_free(void *ptr)   * "const struct tomoyo_path_info *".   */  struct list_head tomoyo_name_list[TOMOYO_MAX_HASH]; -/* Lock for protecting tomoyo_name_list . */ -DEFINE_MUTEX(tomoyo_name_list_lock);  /**   * tomoyo_get_name - Allocate permanent memory for string data. @@ -263,7 +261,8 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)  	len = strlen(name) + 1;  	hash = full_name_hash((const unsigned char *) name, len - 1);  	head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)]; -	mutex_lock(&tomoyo_name_list_lock); +	if (mutex_lock_interruptible(&tomoyo_policy_lock)) +		return NULL;  	list_for_each_entry(ptr, head, list) {  		if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name))  			continue; @@ -290,7 +289,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)  	tomoyo_fill_path_info(&ptr->entry);  	list_add_tail(&ptr->list, head);   out: -	mutex_unlock(&tomoyo_name_list_lock); +	mutex_unlock(&tomoyo_policy_lock);  	return ptr ? &ptr->entry : NULL;  } | 
