From bb0030797f55c9996ea1cebd16b65750ceb7e4fd Mon Sep 17 00:00:00 2001 From: Ingo Molnar Date: Wed, 22 Mar 2006 00:09:14 -0800 Subject: [PATCH] sem2mutex: security/ Semaphore to mutex conversion. The conversion was generated via scripts, and the result was validated automatically via a script as well. Signed-off-by: Ingo Molnar Cc: Stephen Smalley Cc: James Morris Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index b5fa02d17b1..65efa8f7633 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include #include @@ -44,7 +45,7 @@ static int __init checkreqprot_setup(char *str) __setup("checkreqprot=", checkreqprot_setup); -static DECLARE_MUTEX(sel_sem); +static DEFINE_MUTEX(sel_mutex); /* global data for booleans */ static struct dentry *bool_dir = NULL; @@ -230,7 +231,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, ssize_t length; void *data = NULL; - down(&sel_sem); + mutex_lock(&sel_mutex); length = task_has_security(current, SECURITY__LOAD_POLICY); if (length) @@ -262,7 +263,7 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, else length = count; out: - up(&sel_sem); + mutex_unlock(&sel_mutex); vfree(data); return length; } @@ -714,7 +715,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, int cur_enforcing; struct inode *inode; - down(&sel_sem); + mutex_lock(&sel_mutex); ret = -EFAULT; @@ -759,7 +760,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, *ppos = end; ret = count; out: - up(&sel_sem); + mutex_unlock(&sel_mutex); if (page) free_page((unsigned long)page); return ret; @@ -773,7 +774,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, int new_value; struct inode *inode; - down(&sel_sem); + mutex_lock(&sel_mutex); length = task_has_security(current, SECURITY__SETBOOL); if (length) @@ -812,7 +813,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, length = count; out: - up(&sel_sem); + mutex_unlock(&sel_mutex); if (page) free_page((unsigned long) page); return length; @@ -831,7 +832,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, ssize_t length = -EFAULT; int new_value; - down(&sel_sem); + mutex_lock(&sel_mutex); length = task_has_security(current, SECURITY__SETBOOL); if (length) @@ -869,7 +870,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, length = count; out: - up(&sel_sem); + mutex_unlock(&sel_mutex); if (page) free_page((unsigned long) page); return length; -- cgit v1.2.3-70-g09d2 From 68bdcf28a8d245208a02dc9caa60fe13cc1b0ea8 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Wed, 22 Mar 2006 00:09:15 -0800 Subject: [PATCH] selinux: simplify sel_read_bool Simplify sel_read_bool to use the simple_read_from_buffer helper, like the other selinuxfs functions. Signed-off-by: Stephen Smalley Acked-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 65efa8f7633..cc782083d71 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -710,7 +710,6 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, { char *page = NULL; ssize_t length; - ssize_t end; ssize_t ret; int cur_enforcing; struct inode *inode; @@ -741,24 +740,7 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf, length = scnprintf(page, PAGE_SIZE, "%d %d", cur_enforcing, bool_pending_values[inode->i_ino - BOOL_INO_OFFSET]); - if (length < 0) { - ret = length; - goto out; - } - - if (*ppos >= length) { - ret = 0; - goto out; - } - if (count + *ppos > length) - count = length - *ppos; - end = count + *ppos; - if (copy_to_user(buf, (char *) page + *ppos, count)) { - ret = -EFAULT; - goto out; - } - *ppos = end; - ret = count; + ret = simple_read_from_buffer(buf, count, ppos, page, length); out: mutex_unlock(&sel_mutex); if (page) -- cgit v1.2.3-70-g09d2 From 40e906f8224966ef65756cc75f9999ea2de0523d Mon Sep 17 00:00:00 2001 From: James Morris Date: Wed, 22 Mar 2006 00:09:16 -0800 Subject: [PATCH] selinuxfs cleanups: fix hard link count Fix the hard link count for selinuxfs directories, which are currently one short. Signed-off-by: James Morris Acked-by: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index cc782083d71..4f7cda67ac0 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1181,6 +1181,8 @@ static int sel_make_dir(struct super_block *sb, struct dentry *dentry) } inode->i_op = &simple_dir_inode_operations; inode->i_fop = &simple_dir_operations; + /* directory inodes start off with i_nlink == 2 (for "." entry) */ + inode->i_nlink++; d_add(dentry, inode); out: return ret; @@ -1222,6 +1224,8 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) goto out; inode->i_op = &simple_dir_inode_operations; inode->i_fop = &simple_dir_operations; + /* directory inodes start off with i_nlink == 2 (for "." entry) */ + inode->i_nlink++; d_add(dentry, inode); bool_dir = dentry; ret = sel_make_bools(); -- cgit v1.2.3-70-g09d2 From cde174a885821b5eee7e00c8a9a426c9c8186a29 Mon Sep 17 00:00:00 2001 From: James Morris Date: Wed, 22 Mar 2006 00:09:17 -0800 Subject: [PATCH] selinuxfs cleanups: use sel_make_dir() Use existing sel_make_dir() helper to create booleans directory rather than duplicating the logic. Signed-off-by: James Morris Acked-by: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4f7cda67ac0..f898080b949 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1219,14 +1219,10 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) if (!dentry) return -ENOMEM; - inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); - if (!inode) - goto out; - inode->i_op = &simple_dir_inode_operations; - inode->i_fop = &simple_dir_operations; - /* directory inodes start off with i_nlink == 2 (for "." entry) */ - inode->i_nlink++; - d_add(dentry, inode); + ret = sel_make_dir(sb, dentry); + if (ret) + return ret; + bool_dir = dentry; ret = sel_make_bools(); if (ret) -- cgit v1.2.3-70-g09d2 From 161ce45a8a34ba81673f60c603e6fc6d37d99c8f Mon Sep 17 00:00:00 2001 From: James Morris Date: Wed, 22 Mar 2006 00:09:17 -0800 Subject: [PATCH] selinuxfs cleanups: sel_fill_super exit path Unify the error path of sel_fill_super() so that all errors pass through the same point and generate an error message. Also, removes a spurious dput() in the error path which breaks the refcounting for the filesystem (litter_kill_super() will correctly clean things up itself on error). Signed-off-by: James Morris Acked-by: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f898080b949..1bfb40701b5 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1213,28 +1213,34 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) }; ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files); if (ret) - return ret; + goto err; dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); - if (!dentry) - return -ENOMEM; + if (!dentry) { + ret = -ENOMEM; + goto err; + } ret = sel_make_dir(sb, dentry); if (ret) - return ret; + goto err; bool_dir = dentry; ret = sel_make_bools(); if (ret) - goto out; + goto err; dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); - if (!dentry) - return -ENOMEM; + if (!dentry) { + ret = -ENOMEM; + goto err; + } inode = sel_make_inode(sb, S_IFCHR | S_IRUGO | S_IWUGO); - if (!inode) - goto out; + if (!inode) { + ret = -ENOMEM; + goto err; + } isec = (struct inode_security_struct*)inode->i_security; isec->sid = SECINITSID_DEVNULL; isec->sclass = SECCLASS_CHR_FILE; @@ -1245,22 +1251,23 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) selinux_null = dentry; dentry = d_alloc_name(sb->s_root, "avc"); - if (!dentry) - return -ENOMEM; + if (!dentry) { + ret = -ENOMEM; + goto err; + } ret = sel_make_dir(sb, dentry); if (ret) - goto out; + goto err; ret = sel_make_avc_files(dentry); if (ret) - goto out; - - return 0; + goto err; out: - dput(dentry); + return ret; +err: printk(KERN_ERR "%s: failed while creating inodes\n", __FUNCTION__); - return -ENOMEM; + goto out; } static struct super_block *sel_get_sb(struct file_system_type *fs_type, -- cgit v1.2.3-70-g09d2 From 253a8b1db1af146d3a7eef0f3626781df12c7141 Mon Sep 17 00:00:00 2001 From: James Morris Date: Wed, 22 Mar 2006 00:09:18 -0800 Subject: [PATCH] selinuxfs cleanups: sel_make_bools Remove the call to sel_make_bools() from sel_fill_super(), as policy needs to be loaded before the boolean files can be created. Policy will never be loaded during sel_fill_super() as selinuxfs is kernel mounted during init and the only means to load policy is via selinuxfs. Also, the call to d_genocide() on the error path of sel_make_bools() is incorrect and replaced with sel_remove_bools(). Signed-off-by: James Morris Acked-by: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 1bfb40701b5..ab7c9935c29 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -970,7 +970,7 @@ out: return ret; err: kfree(values); - d_genocide(dir); + sel_remove_bools(dir); ret = -ENOMEM; goto out; } @@ -1226,9 +1226,6 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) goto err; bool_dir = dentry; - ret = sel_make_bools(); - if (ret) - goto err; dentry = d_alloc_name(sb->s_root, NULL_FILE_NAME); if (!dentry) { -- cgit v1.2.3-70-g09d2 From d6aafa65354cd2dbb089ab9e7dc618f22230fe32 Mon Sep 17 00:00:00 2001 From: James Morris Date: Wed, 22 Mar 2006 00:09:19 -0800 Subject: [PATCH] selinuxfs cleanups: sel_make_avc_files Fix copy & paste error in sel_make_avc_files(), removing a supurious call to d_genocide() in the error path. All of this will be cleaned up by kill_litter_super(). Signed-off-by: James Morris Acked-by: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index ab7c9935c29..f321c0c49f4 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1151,22 +1151,19 @@ static int sel_make_avc_files(struct dentry *dir) dentry = d_alloc_name(dir, files[i].name); if (!dentry) { ret = -ENOMEM; - goto err; + goto out; } inode = sel_make_inode(dir->d_sb, S_IFREG|files[i].mode); if (!inode) { ret = -ENOMEM; - goto err; + goto out; } inode->i_fop = files[i].ops; d_add(dentry, inode); } out: return ret; -err: - d_genocide(dir); - goto out; } static int sel_make_dir(struct super_block *sb, struct dentry *dentry) -- cgit v1.2.3-70-g09d2 From edb20fb5be2ff6943920aca4ccab0f4fdacddb9c Mon Sep 17 00:00:00 2001 From: James Morris Date: Wed, 22 Mar 2006 00:09:20 -0800 Subject: [PATCH] SELinux: fix hard link count for selinuxfs root directory A further fix is needed for selinuxfs link count management, to ensure that the count is correct for the parent directory when a subdirectory is created. This is only required for the root directory currently, but the code has been updated for the general case. Signed-off-by: James Morris Acked-by: Stephen Smalley Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/selinuxfs.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'security/selinux/selinuxfs.c') diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f321c0c49f4..f5d78365488 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1166,12 +1166,12 @@ out: return ret; } -static int sel_make_dir(struct super_block *sb, struct dentry *dentry) +static int sel_make_dir(struct inode *dir, struct dentry *dentry) { int ret = 0; struct inode *inode; - inode = sel_make_inode(sb, S_IFDIR | S_IRUGO | S_IXUGO); + inode = sel_make_inode(dir->i_sb, S_IFDIR | S_IRUGO | S_IXUGO); if (!inode) { ret = -ENOMEM; goto out; @@ -1181,6 +1181,8 @@ static int sel_make_dir(struct super_block *sb, struct dentry *dentry) /* directory inodes start off with i_nlink == 2 (for "." entry) */ inode->i_nlink++; d_add(dentry, inode); + /* bump link count on parent directory, too */ + dir->i_nlink++; out: return ret; } @@ -1189,7 +1191,7 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) { int ret; struct dentry *dentry; - struct inode *inode; + struct inode *inode, *root_inode; struct inode_security_struct *isec; static struct tree_descr selinux_files[] = { @@ -1212,13 +1214,15 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) if (ret) goto err; + root_inode = sb->s_root->d_inode; + dentry = d_alloc_name(sb->s_root, BOOL_DIR_NAME); if (!dentry) { ret = -ENOMEM; goto err; } - ret = sel_make_dir(sb, dentry); + ret = sel_make_dir(root_inode, dentry); if (ret) goto err; @@ -1250,7 +1254,7 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) goto err; } - ret = sel_make_dir(sb, dentry); + ret = sel_make_dir(root_inode, dentry); if (ret) goto err; -- cgit v1.2.3-70-g09d2