| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 02 Jun 2009 10:43:16 +0900
From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
To: linux-security-module@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Subject: [PATCH 2/5] TOMOYO: Clarify lock protected section.
Enclose reader section in
/***** READER SECTION START *****/
and
/***** READER SECTION END *****/
and writer section in
/***** WRITER SECTION START *****/
and
/***** WRITER SECTION END *****/
in order to avoid oversighting lock protected section.
Signed-off-by: Kentaro Takeda <takedakn@...data.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@...data.co.jp>
---
security/tomoyo/common.c | 30 ++++++++++++++++++++++++++++--
security/tomoyo/domain.c | 34 ++++++++++++++++++++++++----------
security/tomoyo/file.c | 36 ++++++++++++++++++++++++++----------
security/tomoyo/realpath.c | 2 ++
4 files changed, 80 insertions(+), 22 deletions(-)
--- security-testing-2.6.git.orig/security/tomoyo/common.c
+++ security-testing-2.6.git/security/tomoyo/common.c
@@ -706,6 +706,7 @@ static const char *tomoyo_get_exe(void)
if (!mm)
return NULL;
+ /***** READER SECTION START *****/
down_read(&mm->mmap_sem);
for (vma = mm->mmap; vma; vma = vma->vm_next) {
if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) {
@@ -714,6 +715,7 @@ static const char *tomoyo_get_exe(void)
}
}
up_read(&mm->mmap_sem);
+ /***** READER SECTION END *****/
return cp;
}
@@ -784,6 +786,7 @@ bool tomoyo_domain_quota_is_ok(struct to
if (!domain)
return true;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_acl_info_list_lock);
list_for_each_entry(ptr, &domain->acl_info_list, list) {
if (ptr->type & TOMOYO_ACL_DELETED)
@@ -839,6 +842,7 @@ bool tomoyo_domain_quota_is_ok(struct to
}
}
up_read(&tomoyo_domain_acl_info_list_lock);
+ /***** READER SECTION END *****/
if (count < tomoyo_check_flags(domain, TOMOYO_MAX_ACCEPT_ENTRY))
return true;
if (!domain->quota_warned) {
@@ -1053,7 +1057,7 @@ static int tomoyo_update_manager_entry(c
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_policy_manager_list_lock);
list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
if (ptr->manager != saved_manager)
@@ -1070,7 +1074,7 @@ static int tomoyo_update_manager_entry(c
error = 0;
}
up_write(&tomoyo_policy_manager_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -1108,6 +1112,7 @@ static int tomoyo_read_manager_policy(st
if (head->read_eof)
return 0;
+ /***** READER SECTION START *****/
down_read(&tomoyo_policy_manager_list_lock);
list_for_each_cookie(pos, head->read_var2,
&tomoyo_policy_manager_list) {
@@ -1122,6 +1127,7 @@ static int tomoyo_read_manager_policy(st
}
}
up_read(&tomoyo_policy_manager_list_lock);
+ /***** READER SECTION END *****/
head->read_eof = done;
return 0;
}
@@ -1144,6 +1150,7 @@ static bool tomoyo_is_policy_manager(voi
return true;
if (!tomoyo_manage_by_non_root && (task->cred->uid || task->cred->euid))
return false;
+ /***** READER SECTION START *****/
down_read(&tomoyo_policy_manager_list_lock);
list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
if (!ptr->is_deleted && ptr->is_domain
@@ -1153,11 +1160,13 @@ static bool tomoyo_is_policy_manager(voi
}
}
up_read(&tomoyo_policy_manager_list_lock);
+ /***** READER SECTION END *****/
if (found)
return true;
exe = tomoyo_get_exe();
if (!exe)
return false;
+ /***** READER SECTION START *****/
down_read(&tomoyo_policy_manager_list_lock);
list_for_each_entry(ptr, &tomoyo_policy_manager_list, list) {
if (!ptr->is_deleted && !ptr->is_domain
@@ -1167,6 +1176,7 @@ static bool tomoyo_is_policy_manager(voi
}
}
up_read(&tomoyo_policy_manager_list_lock);
+ /***** READER SECTION END *****/
if (!found) { /* Reduce error messages. */
static pid_t last_pid;
const pid_t pid = current->pid;
@@ -1205,9 +1215,11 @@ static bool tomoyo_is_select_one(struct
/***** CRITICAL SECTION END *****/
} else if (!strncmp(data, "domain=", 7)) {
if (tomoyo_is_domain_def(data + 7)) {
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
domain = tomoyo_find_domain(data + 7);
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
}
} else
return false;
@@ -1222,6 +1234,7 @@ static bool tomoyo_is_select_one(struct
if (domain) {
struct tomoyo_domain_info *d;
head->read_var1 = NULL;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
list_for_each_entry(d, &tomoyo_domain_list, list) {
if (d == domain)
@@ -1229,6 +1242,7 @@ static bool tomoyo_is_select_one(struct
head->read_var1 = &d->list;
}
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
head->read_var2 = NULL;
head->read_bit = 0;
head->read_step = 0;
@@ -1267,9 +1281,11 @@ static int tomoyo_write_domain_policy(st
if (is_delete)
tomoyo_delete_domain(data);
else if (is_select) {
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
domain = tomoyo_find_domain(data);
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
} else
domain = tomoyo_find_or_assign_new_domain(data, 0);
head->write_var1 = domain;
@@ -1426,6 +1442,7 @@ static int tomoyo_read_domain_policy(str
return 0;
if (head->read_step == 0)
head->read_step = 1;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
list_for_each_cookie(dpos, head->read_var1, &tomoyo_domain_list) {
struct tomoyo_domain_info *domain;
@@ -1460,6 +1477,7 @@ acl_loop:
if (head->read_step == 3)
goto tail_mark;
/* Print ACL entries in the domain. */
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_acl_info_list_lock);
list_for_each_cookie(apos, head->read_var2,
&domain->acl_info_list) {
@@ -1472,6 +1490,7 @@ acl_loop:
}
}
up_read(&tomoyo_domain_acl_info_list_lock);
+ /***** READER SECTION END *****/
if (!done)
break;
head->read_step = 3;
@@ -1485,6 +1504,7 @@ tail_mark:
break;
}
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
head->read_eof = done;
return 0;
}
@@ -1511,9 +1531,11 @@ static int tomoyo_write_domain_profile(s
if (!cp)
return -EINVAL;
*cp = '\0';
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
domain = tomoyo_find_domain(cp + 1);
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
if (strict_strtoul(data, 10, &profile))
return -EINVAL;
if (domain && profile < TOMOYO_MAX_PROFILES
@@ -1543,6 +1565,7 @@ static int tomoyo_read_domain_profile(st
if (head->read_eof)
return 0;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
list_for_each_cookie(pos, head->read_var1, &tomoyo_domain_list) {
struct tomoyo_domain_info *domain;
@@ -1556,6 +1579,7 @@ static int tomoyo_read_domain_profile(st
}
}
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
head->read_eof = done;
return 0;
}
@@ -1777,6 +1801,7 @@ void tomoyo_load_policy(const char *file
tomoyo_policy_loaded = true;
{ /* Check all profiles currently assigned to domains are defined. */
struct tomoyo_domain_info *domain;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
list_for_each_entry(domain, &tomoyo_domain_list, list) {
const u8 profile = domain->profile;
@@ -1786,6 +1811,7 @@ void tomoyo_load_policy(const char *file
profile, domain->domainname->name);
}
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
}
}
--- security-testing-2.6.git.orig/security/tomoyo/domain.c
+++ security-testing-2.6.git/security/tomoyo/domain.c
@@ -137,7 +137,7 @@ static int tomoyo_update_domain_initiali
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_domain_initializer_list_lock);
list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) {
if (ptr->is_not != is_not ||
@@ -159,7 +159,7 @@ static int tomoyo_update_domain_initiali
error = 0;
}
up_write(&tomoyo_domain_initializer_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -176,6 +176,7 @@ bool tomoyo_read_domain_initializer_poli
struct list_head *pos;
bool done = true;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_initializer_list_lock);
list_for_each_cookie(pos, head->read_var2,
&tomoyo_domain_initializer_list) {
@@ -201,6 +202,7 @@ bool tomoyo_read_domain_initializer_poli
}
}
up_read(&tomoyo_domain_initializer_list_lock);
+ /***** READER SECTION END *****/
return done;
}
@@ -247,6 +249,7 @@ static bool tomoyo_is_domain_initializer
struct tomoyo_domain_initializer_entry *ptr;
bool flag = false;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_initializer_list_lock);
list_for_each_entry(ptr, &tomoyo_domain_initializer_list, list) {
if (ptr->is_deleted)
@@ -269,6 +272,7 @@ static bool tomoyo_is_domain_initializer
flag = true;
}
up_read(&tomoyo_domain_initializer_list_lock);
+ /***** READER SECTION END *****/
return flag;
}
@@ -316,7 +320,7 @@ static int tomoyo_update_domain_keeper_e
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_domain_keeper_list_lock);
list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) {
if (ptr->is_not != is_not ||
@@ -337,7 +341,7 @@ static int tomoyo_update_domain_keeper_e
error = 0;
}
up_write(&tomoyo_domain_keeper_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -375,6 +379,7 @@ bool tomoyo_read_domain_keeper_policy(st
struct list_head *pos;
bool done = true;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_keeper_list_lock);
list_for_each_cookie(pos, head->read_var2,
&tomoyo_domain_keeper_list) {
@@ -400,6 +405,7 @@ bool tomoyo_read_domain_keeper_policy(st
}
}
up_read(&tomoyo_domain_keeper_list_lock);
+ /***** READER SECTION END *****/
return done;
}
@@ -420,6 +426,7 @@ static bool tomoyo_is_domain_keeper(cons
struct tomoyo_domain_keeper_entry *ptr;
bool flag = false;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_keeper_list_lock);
list_for_each_entry(ptr, &tomoyo_domain_keeper_list, list) {
if (ptr->is_deleted)
@@ -440,6 +447,7 @@ static bool tomoyo_is_domain_keeper(cons
flag = true;
}
up_read(&tomoyo_domain_keeper_list_lock);
+ /***** READER SECTION END *****/
return flag;
}
@@ -475,7 +483,7 @@ static int tomoyo_update_alias_entry(con
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_alias_list_lock);
list_for_each_entry(ptr, &tomoyo_alias_list, list) {
if (ptr->original_name != saved_original_name ||
@@ -493,7 +501,7 @@ static int tomoyo_update_alias_entry(con
error = 0;
}
up_write(&tomoyo_alias_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -510,6 +518,7 @@ bool tomoyo_read_alias_policy(struct tom
struct list_head *pos;
bool done = true;
+ /***** READER SECTION START *****/
down_read(&tomoyo_alias_list_lock);
list_for_each_cookie(pos, head->read_var2, &tomoyo_alias_list) {
struct tomoyo_alias_entry *ptr;
@@ -525,6 +534,7 @@ bool tomoyo_read_alias_policy(struct tom
}
}
up_read(&tomoyo_alias_list_lock);
+ /***** READER SECTION END *****/
return done;
}
@@ -562,7 +572,7 @@ int tomoyo_delete_domain(char *domainnam
name.name = domainname;
tomoyo_fill_path_info(&name);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_domain_list_lock);
/* Is there an active domain? */
list_for_each_entry(domain, &tomoyo_domain_list, list) {
@@ -576,7 +586,7 @@ int tomoyo_delete_domain(char *domainnam
break;
}
up_write(&tomoyo_domain_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
return 0;
}
@@ -602,7 +612,7 @@ struct tomoyo_domain_info *tomoyo_find_o
if (!saved_domainname)
return NULL;
new_domain = kmalloc(sizeof(*new_domain), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_domain_list_lock);
domain = tomoyo_find_domain(domainname);
if (domain)
@@ -649,7 +659,7 @@ struct tomoyo_domain_info *tomoyo_find_o
}
out:
up_write(&tomoyo_domain_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_domain);
return domain;
}
@@ -722,6 +732,7 @@ int tomoyo_find_next_domain(struct linux
if (tomoyo_pathcmp(&r, &s)) {
struct tomoyo_alias_entry *ptr;
/* Is this program allowed to be called via symbolic links? */
+ /***** READER SECTION START *****/
down_read(&tomoyo_alias_list_lock);
list_for_each_entry(ptr, &tomoyo_alias_list, list) {
if (ptr->is_deleted ||
@@ -735,6 +746,7 @@ int tomoyo_find_next_domain(struct linux
break;
}
up_read(&tomoyo_alias_list_lock);
+ /***** READER SECTION END *****/
}
/* Check execute permission. */
@@ -765,9 +777,11 @@ int tomoyo_find_next_domain(struct linux
}
if (domain || strlen(new_domain_name) >= TOMOYO_MAX_PATHNAME_LEN)
goto done;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
domain = tomoyo_find_domain(new_domain_name);
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
if (domain)
goto done;
if (is_enforce)
--- security-testing-2.6.git.orig/security/tomoyo/file.c
+++ security-testing-2.6.git/security/tomoyo/file.c
@@ -168,7 +168,7 @@ static int tomoyo_update_globally_readab
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_globally_readable_list_lock);
list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
if (ptr->filename != saved_filename)
@@ -184,7 +184,7 @@ static int tomoyo_update_globally_readab
error = 0;
}
up_write(&tomoyo_globally_readable_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -201,6 +201,7 @@ static bool tomoyo_is_globally_readable_
{
struct tomoyo_globally_readable_file_entry *ptr;
bool found = false;
+ /***** READER SECTION START *****/
down_read(&tomoyo_globally_readable_list_lock);
list_for_each_entry(ptr, &tomoyo_globally_readable_list, list) {
if (!ptr->is_deleted &&
@@ -210,6 +211,7 @@ static bool tomoyo_is_globally_readable_
}
}
up_read(&tomoyo_globally_readable_list_lock);
+ /***** READER SECTION END *****/
return found;
}
@@ -238,6 +240,7 @@ bool tomoyo_read_globally_readable_polic
struct list_head *pos;
bool done = true;
+ /***** READER SECTION START *****/
down_read(&tomoyo_globally_readable_list_lock);
list_for_each_cookie(pos, head->read_var2,
&tomoyo_globally_readable_list) {
@@ -254,6 +257,7 @@ bool tomoyo_read_globally_readable_polic
}
}
up_read(&tomoyo_globally_readable_list_lock);
+ /***** READER SECTION END *****/
return done;
}
@@ -284,7 +288,7 @@ static int tomoyo_update_file_pattern_en
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_pattern_list_lock);
list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
if (saved_pattern != ptr->pattern)
@@ -300,7 +304,7 @@ static int tomoyo_update_file_pattern_en
error = 0;
}
up_write(&tomoyo_pattern_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -318,6 +322,7 @@ tomoyo_get_file_pattern(const struct tom
struct tomoyo_pattern_entry *ptr;
const struct tomoyo_path_info *pattern = NULL;
+ /***** READER SECTION START *****/
down_read(&tomoyo_pattern_list_lock);
list_for_each_entry(ptr, &tomoyo_pattern_list, list) {
if (ptr->is_deleted)
@@ -333,6 +338,7 @@ tomoyo_get_file_pattern(const struct tom
}
}
up_read(&tomoyo_pattern_list_lock);
+ /***** READER SECTION END *****/
if (pattern)
filename = pattern;
return filename;
@@ -363,6 +369,7 @@ bool tomoyo_read_file_pattern(struct tom
struct list_head *pos;
bool done = true;
+ /***** READER SECTION START *****/
down_read(&tomoyo_pattern_list_lock);
list_for_each_cookie(pos, head->read_var2, &tomoyo_pattern_list) {
struct tomoyo_pattern_entry *ptr;
@@ -376,6 +383,7 @@ bool tomoyo_read_file_pattern(struct tom
}
}
up_read(&tomoyo_pattern_list_lock);
+ /***** READER SECTION END *****/
return done;
}
@@ -406,7 +414,7 @@ static int tomoyo_update_no_rewrite_entr
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_no_rewrite_list_lock);
list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
if (ptr->pattern != saved_pattern)
@@ -422,7 +430,7 @@ static int tomoyo_update_no_rewrite_entr
error = 0;
}
up_write(&tomoyo_no_rewrite_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -440,6 +448,7 @@ static bool tomoyo_is_no_rewrite_file(co
struct tomoyo_no_rewrite_entry *ptr;
bool found = false;
+ /***** READER SECTION START *****/
down_read(&tomoyo_no_rewrite_list_lock);
list_for_each_entry(ptr, &tomoyo_no_rewrite_list, list) {
if (ptr->is_deleted)
@@ -450,6 +459,7 @@ static bool tomoyo_is_no_rewrite_file(co
break;
}
up_read(&tomoyo_no_rewrite_list_lock);
+ /***** READER SECTION END *****/
return found;
}
@@ -478,6 +488,7 @@ bool tomoyo_read_no_rewrite_policy(struc
struct list_head *pos;
bool done = true;
+ /***** READER SECTION START *****/
down_read(&tomoyo_no_rewrite_list_lock);
list_for_each_cookie(pos, head->read_var2, &tomoyo_no_rewrite_list) {
struct tomoyo_no_rewrite_entry *ptr;
@@ -491,6 +502,7 @@ bool tomoyo_read_no_rewrite_policy(struc
}
}
up_read(&tomoyo_no_rewrite_list_lock);
+ /***** READER SECTION END *****/
return done;
}
@@ -556,6 +568,7 @@ static int tomoyo_check_single_path_acl2
struct tomoyo_acl_info *ptr;
int error = -EPERM;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_acl_info_list_lock);
list_for_each_entry(ptr, &domain->acl_info_list, list) {
struct tomoyo_single_path_acl_record *acl;
@@ -576,6 +589,7 @@ static int tomoyo_check_single_path_acl2
break;
}
up_read(&tomoyo_domain_acl_info_list_lock);
+ /***** READER SECTION END *****/
return error;
}
@@ -742,7 +756,7 @@ static int tomoyo_update_single_path_acl
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_domain_acl_info_list_lock);
if (is_delete)
goto delete;
@@ -799,7 +813,7 @@ static int tomoyo_update_single_path_acl
}
out:
up_write(&tomoyo_domain_acl_info_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -838,7 +852,7 @@ static int tomoyo_update_double_path_acl
return -ENOMEM;
if (!is_delete)
new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
- /***** EXCLUSIVE SECTION START *****/
+ /***** WRITER SECTION START *****/
down_write(&tomoyo_domain_acl_info_list_lock);
if (is_delete)
goto delete;
@@ -888,7 +902,7 @@ static int tomoyo_update_double_path_acl
}
out:
up_write(&tomoyo_domain_acl_info_list_lock);
- /***** EXCLUSIVE SECTION END *****/
+ /***** WRITER SECTION END *****/
kfree(new_entry);
return error;
}
@@ -934,6 +948,7 @@ static int tomoyo_check_double_path_acl(
if (!tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE))
return 0;
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_acl_info_list_lock);
list_for_each_entry(ptr, &domain->acl_info_list, list) {
struct tomoyo_double_path_acl_record *acl;
@@ -951,6 +966,7 @@ static int tomoyo_check_double_path_acl(
break;
}
up_read(&tomoyo_domain_acl_info_list_lock);
+ /***** READER SECTION END *****/
return error;
}
--- security-testing-2.6.git.orig/security/tomoyo/realpath.c
+++ security-testing-2.6.git/security/tomoyo/realpath.c
@@ -326,10 +326,12 @@ void __init tomoyo_realpath_init(void)
INIT_LIST_HEAD(&tomoyo_kernel_domain.acl_info_list);
tomoyo_kernel_domain.domainname = tomoyo_save_name(TOMOYO_ROOT_NAME);
list_add_tail(&tomoyo_kernel_domain.list, &tomoyo_domain_list);
+ /***** READER SECTION START *****/
down_read(&tomoyo_domain_list_lock);
if (tomoyo_find_domain(TOMOYO_ROOT_NAME) != &tomoyo_kernel_domain)
panic("Can't register tomoyo_kernel_domain");
up_read(&tomoyo_domain_list_lock);
+ /***** READER SECTION END *****/
}
/* Memory allocated for temporary purpose. */
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists