diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 06:27:40 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-12-16 12:16:47 -0500 |
commit | b65a9cfc2c38eebc33533280b8ad5841caee8b6e (patch) | |
tree | d6e5b713615cc5e65c900162ab09235ae4847909 /fs | |
parent | 0552f879d45cecc35d8e372a591fc5ed863bca58 (diff) | |
download | lwn-b65a9cfc2c38eebc33533280b8ad5841caee8b6e.tar.gz lwn-b65a9cfc2c38eebc33533280b8ad5841caee8b6e.zip |
Untangling ima mess, part 2: deal with counters
* do ima_get_count() in __dentry_open()
* stop doing that in followups
* move ima_path_check() to right after nameidata_to_filp()
* don't bump counters on it
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/cachefiles/rdwr.c | 2 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 7 | ||||
-rw-r--r-- | fs/namei.c | 56 | ||||
-rw-r--r-- | fs/nfsd/vfs.c | 2 | ||||
-rw-r--r-- | fs/open.c | 2 |
5 files changed, 28 insertions, 41 deletions
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c index a6c8c6fe8df9..1d8332563863 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c @@ -11,7 +11,6 @@ #include <linux/mount.h> #include <linux/file.h> -#include <linux/ima.h> #include "internal.h" /* @@ -923,7 +922,6 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) if (IS_ERR(file)) { ret = PTR_ERR(file); } else { - ima_counts_get(file); ret = -EIO; if (file->f_op->write) { pos = (loff_t) page->index << PAGE_SHIFT; diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index c6ac85d6c701..101fe4c7b1ee 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c @@ -35,7 +35,6 @@ #include <linux/key.h> #include <linux/parser.h> #include <linux/fs_stack.h> -#include <linux/ima.h> #include "ecryptfs_kernel.h" /** @@ -119,7 +118,6 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) const struct cred *cred = current_cred(); struct ecryptfs_inode_info *inode_info = ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); - int opened_lower_file = 0; int rc = 0; mutex_lock(&inode_info->lower_file_mutex); @@ -136,12 +134,9 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) "for lower_dentry [0x%p] and lower_mnt [0x%p]; " "rc = [%d]\n", lower_dentry, lower_mnt, rc); inode_info->lower_file = NULL; - } else - opened_lower_file = 1; + } } mutex_unlock(&inode_info->lower_file_mutex); - if (opened_lower_file) - ima_counts_get(inode_info->lower_file); return rc; } diff --git a/fs/namei.c b/fs/namei.c index 0f0fcccab19f..c530e5d32f12 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1461,14 +1461,7 @@ int may_open(struct path *path, int acc_mode, int flag) /* * Ensure there are no outstanding leases on the file. */ - error = break_lease(inode, flag); - if (error) - return error; - - return ima_path_check(path, acc_mode ? - acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) : - ACC_MODE(flag) & (MAY_READ | MAY_WRITE), - IMA_COUNT_UPDATE); + return break_lease(inode, flag); } static int handle_truncate(struct path *path) @@ -1688,13 +1681,17 @@ do_last: goto exit; } filp = nameidata_to_filp(&nd, open_flag); - if (IS_ERR(filp)) - ima_counts_put(&nd.path, - acc_mode & (MAY_READ | MAY_WRITE | - MAY_EXEC)); mnt_drop_write(nd.path.mnt); if (nd.root.mnt) path_put(&nd.root); + if (!IS_ERR(filp)) { + error = ima_path_check(&filp->f_path, filp->f_mode & + (MAY_READ | MAY_WRITE | MAY_EXEC), 0); + if (error) { + fput(filp); + filp = ERR_PTR(error); + } + } return filp; } @@ -1748,27 +1745,24 @@ ok: goto exit; } filp = nameidata_to_filp(&nd, open_flag); - if (IS_ERR(filp)) { - ima_counts_put(&nd.path, - acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC)); - if (will_truncate) - mnt_drop_write(nd.path.mnt); - if (nd.root.mnt) - path_put(&nd.root); - return filp; - } - - if (acc_mode & MAY_WRITE) - vfs_dq_init(nd.path.dentry->d_inode); - - if (will_truncate) { - error = handle_truncate(&nd.path); + if (!IS_ERR(filp)) { + error = ima_path_check(&filp->f_path, filp->f_mode & + (MAY_READ | MAY_WRITE | MAY_EXEC), 0); if (error) { - mnt_drop_write(nd.path.mnt); fput(filp); - if (nd.root.mnt) - path_put(&nd.root); - return ERR_PTR(error); + filp = ERR_PTR(error); + } + } + if (!IS_ERR(filp)) { + if (acc_mode & MAY_WRITE) + vfs_dq_init(nd.path.dentry->d_inode); + + if (will_truncate) { + error = handle_truncate(&nd.path); + if (error) { + fput(filp); + filp = ERR_PTR(error); + } } } /* diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index a293f0273263..c9942b39654e 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -744,8 +744,6 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, int type, flags, current_cred()); if (IS_ERR(*filp)) host_err = PTR_ERR(*filp); - else - ima_counts_get(*filp); out_nfserr: err = nfserrno(host_err); out: diff --git a/fs/open.c b/fs/open.c index d95651e8be9e..ca69241796bd 100644 --- a/fs/open.c +++ b/fs/open.c @@ -30,6 +30,7 @@ #include <linux/audit.h> #include <linux/falloc.h> #include <linux/fs_struct.h> +#include <linux/ima.h> #include "internal.h" @@ -857,6 +858,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, if (error) goto cleanup_all; } + ima_counts_get(f); f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); |