[PATCH] SELinux: change isec semaphore to a mutex

This patch converts the remaining isec->sem into a mutex.  Very similar
locking is provided as before only in the faster smaller mutex rather than a
semaphore.  An out_unlock path is introduced rather than the conditional
unlocking found in the original code.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Eric Paris 2006-09-25 23:32:01 -07:00 коммит произвёл Linus Torvalds
Родитель 296fddf751
Коммит 2397074172
3 изменённых файлов: 17 добавлений и 19 удалений

Просмотреть файл

@ -71,6 +71,7 @@
#include <linux/audit.h>
#include <linux/string.h>
#include <linux/selinux.h>
#include <linux/mutex.h>
#include "avc.h"
#include "objsec.h"
@ -185,7 +186,7 @@ static int inode_alloc_security(struct inode *inode)
return -ENOMEM;
memset(isec, 0, sizeof(*isec));
init_MUTEX(&isec->sem);
mutex_init(&isec->lock);
INIT_LIST_HEAD(&isec->list);
isec->inode = inode;
isec->sid = SECINITSID_UNLABELED;
@ -843,15 +844,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
char *context = NULL;
unsigned len = 0;
int rc = 0;
int hold_sem = 0;
if (isec->initialized)
goto out;
down(&isec->sem);
hold_sem = 1;
mutex_lock(&isec->lock);
if (isec->initialized)
goto out;
goto out_unlock;
sbsec = inode->i_sb->s_security;
if (!sbsec->initialized) {
@ -862,7 +861,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
if (list_empty(&isec->list))
list_add(&isec->list, &sbsec->isec_head);
spin_unlock(&sbsec->isec_lock);
goto out;
goto out_unlock;
}
switch (sbsec->behavior) {
@ -885,7 +884,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
printk(KERN_WARNING "%s: no dentry for dev=%s "
"ino=%ld\n", __FUNCTION__, inode->i_sb->s_id,
inode->i_ino);
goto out;
goto out_unlock;
}
len = INITCONTEXTLEN;
@ -893,7 +892,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
if (!context) {
rc = -ENOMEM;
dput(dentry);
goto out;
goto out_unlock;
}
rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
context, len);
@ -903,7 +902,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
NULL, 0);
if (rc < 0) {
dput(dentry);
goto out;
goto out_unlock;
}
kfree(context);
len = rc;
@ -911,7 +910,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
if (!context) {
rc = -ENOMEM;
dput(dentry);
goto out;
goto out_unlock;
}
rc = inode->i_op->getxattr(dentry,
XATTR_NAME_SELINUX,
@ -924,7 +923,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
"%d for dev=%s ino=%ld\n", __FUNCTION__,
-rc, inode->i_sb->s_id, inode->i_ino);
kfree(context);
goto out;
goto out_unlock;
}
/* Map ENODATA to the default file SID */
sid = sbsec->def_sid;
@ -960,7 +959,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
isec->sclass,
&sid);
if (rc)
goto out;
goto out_unlock;
isec->sid = sid;
break;
case SECURITY_FS_USE_MNTPOINT:
@ -978,7 +977,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
isec->sclass,
&sid);
if (rc)
goto out;
goto out_unlock;
isec->sid = sid;
}
}
@ -987,12 +986,11 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
isec->initialized = 1;
out_unlock:
mutex_unlock(&isec->lock);
out:
if (isec->sclass == SECCLASS_FILE)
isec->sclass = inode_mode_to_security_class(inode->i_mode);
if (hold_sem)
up(&isec->sem);
return rc;
}

Просмотреть файл

@ -44,7 +44,7 @@ struct inode_security_struct {
u32 sid; /* SID of this object */
u16 sclass; /* security class of this object */
unsigned char initialized; /* initialization flag */
struct semaphore sem;
struct mutex lock;
unsigned char inherit; /* inherit SID from parent entry */
};

Просмотреть файл

@ -2578,7 +2578,7 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
sock = SOCKET_I(inode);
isec = inode->i_security;
sksec = sock->sk->sk_security;
down(&isec->sem);
mutex_lock(&isec->lock);
if (unlikely(sksec->nlbl_state == NLBL_REQUIRE &&
(mask & (MAY_WRITE | MAY_APPEND)))) {
lock_sock(sock->sk);
@ -2586,7 +2586,7 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
release_sock(sock->sk);
} else
rc = 0;
up(&isec->sem);
mutex_unlock(&isec->lock);
return rc;
}