Commit c5c928c6 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'tomoyo-fixes-for-5.5' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1 

Pull tomoyo fixes from Tetsuo Handa:
 "Two bug fixes:

   - Suppress RCU warning at list_for_each_entry_rcu()

   - Don't use fancy names on sockets"

* tag 'tomoyo-fixes-for-5.5' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1:
  tomoyo: Suppress RCU warning at list_for_each_entry_rcu().
  tomoyo: Don't use nifty names on sockets.
parents fd698849 6bd5ce60

security/tomoyo/common.c

+6 −3
Original line number Diff line number Diff line
@@ -951,7 +951,8 @@ static bool tomoyo_manager(void) 
	exe = tomoyo_get_exe();

	if (!exe)

		return false;

	list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.policy_list[TOMOYO_ID_MANAGER], head.list) {

	list_for_each_entry_rcu(ptr, &tomoyo_kernel_namespace.policy_list[TOMOYO_ID_MANAGER], head.list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (!ptr->head.is_deleted &&

		    (!tomoyo_pathcmp(domainname, ptr->manager) ||

		     !strcmp(exe, ptr->manager->name))) {
@@ -1095,7 +1096,8 @@ static int tomoyo_delete_domain(char *domainname) 
	if (mutex_lock_interruptible(&tomoyo_policy_lock))

		return -EINTR;

	/* Is there an active domain? */

	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {

	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list,

				srcu_read_lock_held(&tomoyo_ss)) {

		/* Never delete tomoyo_kernel_domain */

		if (domain == &tomoyo_kernel_domain)

			continue;
@@ -2778,7 +2780,8 @@ void tomoyo_check_profile(void) 


	tomoyo_policy_loaded = true;

	pr_info("TOMOYO: 2.6.0\n");

	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {

	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list,

				srcu_read_lock_held(&tomoyo_ss)) {

		const u8 profile = domain->profile;

		struct tomoyo_policy_namespace *ns = domain->ns;

security/tomoyo/domain.c

+10 −5
Original line number Diff line number Diff line
@@ -41,7 +41,8 @@ int tomoyo_update_policy(struct tomoyo_acl_head *new_entry, const int size, 


	if (mutex_lock_interruptible(&tomoyo_policy_lock))

		return -ENOMEM;

	list_for_each_entry_rcu(entry, list, list) {

	list_for_each_entry_rcu(entry, list, list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)

			continue;

		if (!check_duplicate(entry, new_entry))
@@ -119,7 +120,8 @@ int tomoyo_update_domain(struct tomoyo_acl_info *new_entry, const int size, 
	}

	if (mutex_lock_interruptible(&tomoyo_policy_lock))

		goto out;

	list_for_each_entry_rcu(entry, list, list) {

	list_for_each_entry_rcu(entry, list, list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (entry->is_deleted == TOMOYO_GC_IN_PROGRESS)

			continue;

		if (!tomoyo_same_acl_head(entry, new_entry) ||
@@ -166,7 +168,8 @@ void tomoyo_check_acl(struct tomoyo_request_info *r, 
	u16 i = 0;



retry:

	list_for_each_entry_rcu(ptr, list, list) {

	list_for_each_entry_rcu(ptr, list, list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (ptr->is_deleted || ptr->type != r->param_type)

			continue;

		if (!check_entry(r, ptr))
@@ -298,7 +301,8 @@ static inline bool tomoyo_scan_transition 
{

	const struct tomoyo_transition_control *ptr;



	list_for_each_entry_rcu(ptr, list, head.list) {

	list_for_each_entry_rcu(ptr, list, head.list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (ptr->head.is_deleted || ptr->type != type)

			continue;

		if (ptr->domainname) {
@@ -735,7 +739,8 @@ retry: 


		/* Check 'aggregator' directive. */

		candidate = &exename;

		list_for_each_entry_rcu(ptr, list, head.list) {

		list_for_each_entry_rcu(ptr, list, head.list,

					srcu_read_lock_held(&tomoyo_ss)) {

			if (ptr->head.is_deleted ||

			    !tomoyo_path_matches_pattern(&exename,

							 ptr->original_name))

security/tomoyo/group.c

+6 −3
Original line number Diff line number Diff line
@@ -133,7 +133,8 @@ tomoyo_path_matches_group(const struct tomoyo_path_info *pathname, 
{

	struct tomoyo_path_group *member;



	list_for_each_entry_rcu(member, &group->member_list, head.list) {

	list_for_each_entry_rcu(member, &group->member_list, head.list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (member->head.is_deleted)

			continue;

		if (!tomoyo_path_matches_pattern(pathname, member->member_name))
@@ -161,7 +162,8 @@ bool tomoyo_number_matches_group(const unsigned long min, 
	struct tomoyo_number_group *member;

	bool matched = false;



	list_for_each_entry_rcu(member, &group->member_list, head.list) {

	list_for_each_entry_rcu(member, &group->member_list, head.list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (member->head.is_deleted)

			continue;

		if (min > member->number.values[1] ||
@@ -191,7 +193,8 @@ bool tomoyo_address_matches_group(const bool is_ipv6, const __be32 *address, 
	bool matched = false;

	const u8 size = is_ipv6 ? 16 : 4;



	list_for_each_entry_rcu(member, &group->member_list, head.list) {

	list_for_each_entry_rcu(member, &group->member_list, head.list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (member->head.is_deleted)

			continue;

		if (member->address.is_ipv6 != is_ipv6)

security/tomoyo/realpath.c

+1 −31
Original line number Diff line number Diff line
@@ -217,31 +217,6 @@ out: 
	return ERR_PTR(-ENOMEM);

}



/**

 * tomoyo_get_socket_name - Get the name of a socket.

 *

 * @path:   Pointer to "struct path".

 * @buffer: Pointer to buffer to return value in.

 * @buflen: Sizeof @buffer.

 *

 * Returns the buffer.

 */

static char *tomoyo_get_socket_name(const struct path *path, char * const buffer,

				    const int buflen)

{

	struct inode *inode = d_backing_inode(path->dentry);

	struct socket *sock = inode ? SOCKET_I(inode) : NULL;

	struct sock *sk = sock ? sock->sk : NULL;



	if (sk) {

		snprintf(buffer, buflen, "socket:[family=%u:type=%u:protocol=%u]",

			 sk->sk_family, sk->sk_type, sk->sk_protocol);

	} else {

		snprintf(buffer, buflen, "socket:[unknown]");

	}

	return buffer;

}



/**

 * tomoyo_realpath_from_path - Returns realpath(3) of the given pathname but ignores chroot'ed root.

 *
@@ -279,12 +254,7 @@ char *tomoyo_realpath_from_path(const struct path *path) 
			break;

		/* To make sure that pos is '\0' terminated. */

		buf[buf_len - 1] = '\0';

		/* Get better name for socket. */

		if (sb->s_magic == SOCKFS_MAGIC) {

			pos = tomoyo_get_socket_name(path, buf, buf_len - 1);

			goto encode;

		}

		/* For "pipe:[\$]". */

		/* For "pipe:[\$]" and "socket:[\$]". */

		if (dentry->d_op && dentry->d_op->d_dname) {

			pos = dentry->d_op->d_dname(dentry, buf, buf_len - 1);

			goto encode;

security/tomoyo/util.c

+4 −2
Original line number Diff line number Diff line
@@ -594,7 +594,8 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname) 


	name.name = domainname;

	tomoyo_fill_path_info(&name);

	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {

	list_for_each_entry_rcu(domain, &tomoyo_domain_list, list,

				srcu_read_lock_held(&tomoyo_ss)) {

		if (!domain->is_deleted &&

		    !tomoyo_pathcmp(&name, domain->domainname))

			return domain;
@@ -1028,7 +1029,8 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) 
		return false;

	if (!domain)

		return true;

	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {

	list_for_each_entry_rcu(ptr, &domain->acl_info_list, list,

				srcu_read_lock_held(&tomoyo_ss)) {

		u16 perm;

		u8 i;

CRA Git | Maintained and supported by SUSTech CRA and CCSE