IMA: remove IMA imbalance checking
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Tue, 2 Nov 2010 14:14:22 +0000 (10:14 -0400)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Thu, 10 Feb 2011 12:51:44 +0000 (07:51 -0500)
Now that i_readcount is maintained by the VFS layer, remove the
imbalance checking in IMA. Cleans up the IMA code nicely.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Eric Paris <eparis@redhat.com>
security/integrity/ima/ima_iint.c
security/integrity/ima/ima_main.c

index 68efe3b..4ae7304 100644 (file)
@@ -137,10 +137,6 @@ void ima_inode_free(struct inode *inode)
 {
        struct ima_iint_cache *iint;
 
-       if (atomic_read(&inode->i_readcount))
-               printk(KERN_INFO "%s: readcount: %u\n", __func__,
-                      atomic_read(&inode->i_readcount));
-
        if (!IS_IMA(inode))
                return;
 
index 69b4856..2df9021 100644 (file)
@@ -36,55 +36,6 @@ static int __init hash_setup(char *str)
 }
 __setup("ima_hash=", hash_setup);
 
-struct ima_imbalance {
-       struct hlist_node node;
-       unsigned long fsmagic;
-};
-
-/*
- * ima_limit_imbalance - emit one imbalance message per filesystem type
- *
- * Maintain list of filesystem types that do not measure files properly.
- * Return false if unknown, true if known.
- */
-static bool ima_limit_imbalance(struct file *file)
-{
-       static DEFINE_SPINLOCK(ima_imbalance_lock);
-       static HLIST_HEAD(ima_imbalance_list);
-
-       struct super_block *sb = file->f_dentry->d_sb;
-       struct ima_imbalance *entry;
-       struct hlist_node *node;
-       bool found = false;
-
-       rcu_read_lock();
-       hlist_for_each_entry_rcu(entry, node, &ima_imbalance_list, node) {
-               if (entry->fsmagic == sb->s_magic) {
-                       found = true;
-                       break;
-               }
-       }
-       rcu_read_unlock();
-       if (found)
-               goto out;
-
-       entry = kmalloc(sizeof(*entry), GFP_NOFS);
-       if (!entry)
-               goto out;
-       entry->fsmagic = sb->s_magic;
-       spin_lock(&ima_imbalance_lock);
-       /*
-        * we could have raced and something else might have added this fs
-        * to the list, but we don't really care
-        */
-       hlist_add_head_rcu(&entry->node, &ima_imbalance_list);
-       spin_unlock(&ima_imbalance_lock);
-       printk(KERN_INFO "IMA: unmeasured files on fsmagic: %lX\n",
-              entry->fsmagic);
-out:
-       return found;
-}
-
 /*
  * ima_rdwr_violation_check
  *
@@ -131,65 +82,20 @@ out:
                                  "open_writers");
 }
 
-/*
- * Decrement ima counts
- */
-static void ima_dec_counts(struct inode *inode, struct file *file)
-{
-       mode_t mode = file->f_mode;
-
-       assert_spin_locked(&inode->i_lock);
-
-       if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
-               if (unlikely(atomic_read(&inode->i_readcount) == 0)) {
-                       if (!ima_limit_imbalance(file)) {
-                               printk(KERN_INFO "%s: open/free imbalance (r:%u)\n",
-                                      __func__,
-                                      atomic_read(&inode->i_readcount));
-                               dump_stack();
-                       }
-                       return;
-               }
-       }
-}
-
 static void ima_check_last_writer(struct ima_iint_cache *iint,
                                  struct inode *inode,
                                  struct file *file)
 {
        mode_t mode = file->f_mode;
 
-       BUG_ON(!mutex_is_locked(&iint->mutex));
-       assert_spin_locked(&inode->i_lock);
-
+       mutex_lock(&iint->mutex);
        if (mode & FMODE_WRITE &&
            atomic_read(&inode->i_writecount) == 1 &&
            iint->version != inode->i_version)
                iint->flags &= ~IMA_MEASURED;
-}
-
-static void ima_file_free_iint(struct ima_iint_cache *iint, struct inode *inode,
-                              struct file *file)
-{
-       mutex_lock(&iint->mutex);
-       spin_lock(&inode->i_lock);
-
-       ima_dec_counts(inode, file);
-       ima_check_last_writer(iint, inode, file);
-
-       spin_unlock(&inode->i_lock);
        mutex_unlock(&iint->mutex);
 }
 
-static void ima_file_free_noiint(struct inode *inode, struct file *file)
-{
-       spin_lock(&inode->i_lock);
-
-       ima_dec_counts(inode, file);
-
-       spin_unlock(&inode->i_lock);
-}
-
 /**
  * ima_file_free - called on __fput()
  * @file: pointer to file structure being freed
@@ -205,12 +111,10 @@ void ima_file_free(struct file *file)
                return;
 
        iint = ima_iint_find(inode);
+       if (!iint)
+               return;
 
-       if (iint)
-               ima_file_free_iint(iint, inode, file);
-       else
-               ima_file_free_noiint(inode, file);
-
+       ima_check_last_writer(iint, inode, file);
 }
 
 static int process_measurement(struct file *file, const unsigned char *filename,