TOMOYO: Use mutex_lock_interruptible.
Some of TOMOYO's functions may sleep after mutex_lock(). If OOM-killer selected a process which is waiting at mutex_lock(), the to-be-killed process can't be killed. Thus, replace mutex_lock() with mutex_lock_interruptible() so that the to-be-killed process can immediately return from TOMOYO's functions. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
2b9e4688fa
commit
2928238142
6 changed files with 37 additions and 24 deletions
|
@ -874,13 +874,13 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_domain_info * const domain)
|
||||||
static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
|
static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
|
||||||
int profile)
|
int profile)
|
||||||
{
|
{
|
||||||
static DEFINE_MUTEX(lock);
|
|
||||||
struct tomoyo_profile *ptr = NULL;
|
struct tomoyo_profile *ptr = NULL;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (profile >= TOMOYO_MAX_PROFILES)
|
if (profile >= TOMOYO_MAX_PROFILES)
|
||||||
return NULL;
|
return NULL;
|
||||||
mutex_lock(&lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
return NULL;
|
||||||
ptr = tomoyo_profile_ptr[profile];
|
ptr = tomoyo_profile_ptr[profile];
|
||||||
if (ptr)
|
if (ptr)
|
||||||
goto ok;
|
goto ok;
|
||||||
|
@ -895,7 +895,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
|
||||||
mb(); /* Avoid out-of-order execution. */
|
mb(); /* Avoid out-of-order execution. */
|
||||||
tomoyo_profile_ptr[profile] = ptr;
|
tomoyo_profile_ptr[profile] = ptr;
|
||||||
ok:
|
ok:
|
||||||
mutex_unlock(&lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
return ptr;
|
return ptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1090,7 +1090,8 @@ static int tomoyo_update_manager_entry(const char *manager,
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
|
list_for_each_entry_rcu(ptr, &tomoyo_policy_manager_list, list) {
|
||||||
if (ptr->manager != saved_manager)
|
if (ptr->manager != saved_manager)
|
||||||
continue;
|
continue;
|
||||||
|
@ -1107,6 +1108,7 @@ static int tomoyo_update_manager_entry(const char *manager,
|
||||||
error = 0;
|
error = 0;
|
||||||
}
|
}
|
||||||
mutex_unlock(&tomoyo_policy_lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
|
out:
|
||||||
tomoyo_put_name(saved_manager);
|
tomoyo_put_name(saved_manager);
|
||||||
kfree(entry);
|
kfree(entry);
|
||||||
return error;
|
return error;
|
||||||
|
@ -1287,7 +1289,8 @@ static int tomoyo_delete_domain(char *domainname)
|
||||||
|
|
||||||
name.name = domainname;
|
name.name = domainname;
|
||||||
tomoyo_fill_path_info(&name);
|
tomoyo_fill_path_info(&name);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
return 0;
|
||||||
/* Is there an active domain? */
|
/* Is there an active domain? */
|
||||||
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
|
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
|
||||||
/* Never delete tomoyo_kernel_domain */
|
/* Never delete tomoyo_kernel_domain */
|
||||||
|
|
|
@ -662,7 +662,6 @@ extern struct list_head tomoyo_pattern_list;
|
||||||
extern struct list_head tomoyo_no_rewrite_list;
|
extern struct list_head tomoyo_no_rewrite_list;
|
||||||
extern struct list_head tomoyo_policy_manager_list;
|
extern struct list_head tomoyo_policy_manager_list;
|
||||||
extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
|
extern struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
|
||||||
extern struct mutex tomoyo_name_list_lock;
|
|
||||||
|
|
||||||
/* Lock for protecting policy. */
|
/* Lock for protecting policy. */
|
||||||
extern struct mutex tomoyo_policy_lock;
|
extern struct mutex tomoyo_policy_lock;
|
||||||
|
|
|
@ -154,7 +154,8 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
|
||||||
goto out;
|
goto out;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {
|
list_for_each_entry_rcu(ptr, &tomoyo_domain_initializer_list, list) {
|
||||||
if (ptr->is_not != is_not ||
|
if (ptr->is_not != is_not ||
|
||||||
ptr->domainname != saved_domainname ||
|
ptr->domainname != saved_domainname ||
|
||||||
|
@ -374,7 +375,8 @@ static int tomoyo_update_domain_keeper_entry(const char *domainname,
|
||||||
goto out;
|
goto out;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
|
list_for_each_entry_rcu(ptr, &tomoyo_domain_keeper_list, list) {
|
||||||
if (ptr->is_not != is_not ||
|
if (ptr->is_not != is_not ||
|
||||||
ptr->domainname != saved_domainname ||
|
ptr->domainname != saved_domainname ||
|
||||||
|
@ -566,7 +568,8 @@ static int tomoyo_update_alias_entry(const char *original_name,
|
||||||
goto out;
|
goto out;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
|
list_for_each_entry_rcu(ptr, &tomoyo_alias_list, list) {
|
||||||
if (ptr->original_name != saved_original_name ||
|
if (ptr->original_name != saved_original_name ||
|
||||||
ptr->aliased_name != saved_aliased_name)
|
ptr->aliased_name != saved_aliased_name)
|
||||||
|
@ -656,7 +659,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
|
||||||
const u8 profile)
|
const u8 profile)
|
||||||
{
|
{
|
||||||
struct tomoyo_domain_info *entry;
|
struct tomoyo_domain_info *entry;
|
||||||
struct tomoyo_domain_info *domain;
|
struct tomoyo_domain_info *domain = NULL;
|
||||||
const struct tomoyo_path_info *saved_domainname;
|
const struct tomoyo_path_info *saved_domainname;
|
||||||
bool found = false;
|
bool found = false;
|
||||||
|
|
||||||
|
@ -666,7 +669,8 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
|
||||||
if (!saved_domainname)
|
if (!saved_domainname)
|
||||||
return NULL;
|
return NULL;
|
||||||
entry = kzalloc(sizeof(*entry), GFP_NOFS);
|
entry = kzalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
|
list_for_each_entry_rcu(domain, &tomoyo_domain_list, list) {
|
||||||
if (domain->is_deleted ||
|
if (domain->is_deleted ||
|
||||||
tomoyo_pathcmp(saved_domainname, domain->domainname))
|
tomoyo_pathcmp(saved_domainname, domain->domainname))
|
||||||
|
@ -685,6 +689,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
|
||||||
found = true;
|
found = true;
|
||||||
}
|
}
|
||||||
mutex_unlock(&tomoyo_policy_lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
|
out:
|
||||||
tomoyo_put_name(saved_domainname);
|
tomoyo_put_name(saved_domainname);
|
||||||
kfree(entry);
|
kfree(entry);
|
||||||
return found ? domain : NULL;
|
return found ? domain : NULL;
|
||||||
|
|
|
@ -176,7 +176,8 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
|
list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list, list) {
|
||||||
if (ptr->filename != saved_filename)
|
if (ptr->filename != saved_filename)
|
||||||
continue;
|
continue;
|
||||||
|
@ -192,6 +193,7 @@ static int tomoyo_update_globally_readable_entry(const char *filename,
|
||||||
error = 0;
|
error = 0;
|
||||||
}
|
}
|
||||||
mutex_unlock(&tomoyo_policy_lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
|
out:
|
||||||
tomoyo_put_name(saved_filename);
|
tomoyo_put_name(saved_filename);
|
||||||
kfree(entry);
|
kfree(entry);
|
||||||
return error;
|
return error;
|
||||||
|
@ -323,7 +325,8 @@ static int tomoyo_update_file_pattern_entry(const char *pattern,
|
||||||
goto out;
|
goto out;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
|
list_for_each_entry_rcu(ptr, &tomoyo_pattern_list, list) {
|
||||||
if (saved_pattern != ptr->pattern)
|
if (saved_pattern != ptr->pattern)
|
||||||
continue;
|
continue;
|
||||||
|
@ -476,7 +479,8 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
|
||||||
return error;
|
return error;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
|
list_for_each_entry_rcu(ptr, &tomoyo_no_rewrite_list, list) {
|
||||||
if (ptr->pattern != saved_pattern)
|
if (ptr->pattern != saved_pattern)
|
||||||
continue;
|
continue;
|
||||||
|
@ -492,6 +496,7 @@ static int tomoyo_update_no_rewrite_entry(const char *pattern,
|
||||||
error = 0;
|
error = 0;
|
||||||
}
|
}
|
||||||
mutex_unlock(&tomoyo_policy_lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
|
out:
|
||||||
tomoyo_put_name(saved_pattern);
|
tomoyo_put_name(saved_pattern);
|
||||||
kfree(entry);
|
kfree(entry);
|
||||||
return error;
|
return error;
|
||||||
|
@ -822,7 +827,8 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
|
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
|
||||||
struct tomoyo_path_acl *acl =
|
struct tomoyo_path_acl *acl =
|
||||||
container_of(ptr, struct tomoyo_path_acl, head);
|
container_of(ptr, struct tomoyo_path_acl, head);
|
||||||
|
@ -867,6 +873,7 @@ static int tomoyo_update_path_acl(const u8 type, const char *filename,
|
||||||
error = 0;
|
error = 0;
|
||||||
}
|
}
|
||||||
mutex_unlock(&tomoyo_policy_lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
|
out:
|
||||||
kfree(entry);
|
kfree(entry);
|
||||||
tomoyo_put_name(saved_filename);
|
tomoyo_put_name(saved_filename);
|
||||||
return error;
|
return error;
|
||||||
|
@ -908,7 +915,8 @@ static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
|
||||||
goto out;
|
goto out;
|
||||||
if (!is_delete)
|
if (!is_delete)
|
||||||
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
entry = kmalloc(sizeof(*entry), GFP_NOFS);
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
goto out;
|
||||||
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
|
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list) {
|
||||||
struct tomoyo_path2_acl *acl =
|
struct tomoyo_path2_acl *acl =
|
||||||
container_of(ptr, struct tomoyo_path2_acl, head);
|
container_of(ptr, struct tomoyo_path2_acl, head);
|
||||||
|
|
|
@ -151,7 +151,8 @@ static void tomoyo_del_name(const struct tomoyo_name_entry *ptr)
|
||||||
|
|
||||||
static void tomoyo_collect_entry(void)
|
static void tomoyo_collect_entry(void)
|
||||||
{
|
{
|
||||||
mutex_lock(&tomoyo_policy_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
return;
|
||||||
{
|
{
|
||||||
struct tomoyo_globally_readable_file_entry *ptr;
|
struct tomoyo_globally_readable_file_entry *ptr;
|
||||||
list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
|
list_for_each_entry_rcu(ptr, &tomoyo_globally_readable_list,
|
||||||
|
@ -275,8 +276,6 @@ static void tomoyo_collect_entry(void)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
mutex_unlock(&tomoyo_policy_lock);
|
|
||||||
mutex_lock(&tomoyo_name_list_lock);
|
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
for (i = 0; i < TOMOYO_MAX_HASH; i++) {
|
for (i = 0; i < TOMOYO_MAX_HASH; i++) {
|
||||||
|
@ -294,7 +293,7 @@ static void tomoyo_collect_entry(void)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
mutex_unlock(&tomoyo_name_list_lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void tomoyo_kfree_entry(void)
|
static void tomoyo_kfree_entry(void)
|
||||||
|
|
|
@ -240,8 +240,6 @@ void tomoyo_memory_free(void *ptr)
|
||||||
* "const struct tomoyo_path_info *".
|
* "const struct tomoyo_path_info *".
|
||||||
*/
|
*/
|
||||||
struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
|
struct list_head tomoyo_name_list[TOMOYO_MAX_HASH];
|
||||||
/* Lock for protecting tomoyo_name_list . */
|
|
||||||
DEFINE_MUTEX(tomoyo_name_list_lock);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* tomoyo_get_name - Allocate permanent memory for string data.
|
* tomoyo_get_name - Allocate permanent memory for string data.
|
||||||
|
@ -263,7 +261,8 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
|
||||||
len = strlen(name) + 1;
|
len = strlen(name) + 1;
|
||||||
hash = full_name_hash((const unsigned char *) name, len - 1);
|
hash = full_name_hash((const unsigned char *) name, len - 1);
|
||||||
head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)];
|
head = &tomoyo_name_list[hash_long(hash, TOMOYO_HASH_BITS)];
|
||||||
mutex_lock(&tomoyo_name_list_lock);
|
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||||
|
return NULL;
|
||||||
list_for_each_entry(ptr, head, list) {
|
list_for_each_entry(ptr, head, list) {
|
||||||
if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name))
|
if (hash != ptr->entry.hash || strcmp(name, ptr->entry.name))
|
||||||
continue;
|
continue;
|
||||||
|
@ -290,7 +289,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
|
||||||
tomoyo_fill_path_info(&ptr->entry);
|
tomoyo_fill_path_info(&ptr->entry);
|
||||||
list_add_tail(&ptr->list, head);
|
list_add_tail(&ptr->list, head);
|
||||||
out:
|
out:
|
||||||
mutex_unlock(&tomoyo_name_list_lock);
|
mutex_unlock(&tomoyo_policy_lock);
|
||||||
return ptr ? &ptr->entry : NULL;
|
return ptr ? &ptr->entry : NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue