summaryrefslogtreecommitdiff
path: root/security/smack
diff options
context:
space:
mode:
authorVishal Goel <vishal.goel@samsung.com>2016-11-23 10:46:57 +0530
committerCasey Schaufler <casey@schaufler-ca.com>2017-01-10 09:47:20 -0800
commit2e962e2fec5c35b91e3b541e2b8373504bf91e27 (patch)
tree60f9eec5feb6f7b45fe43f80f9ee81a5a22c4905 /security/smack
parent0c96d1f5328e834048480e4696e6867992115c33 (diff)
SMACK: Add new lock for adding entry in smack master list
"smk_set_access()" function adds a new rule entry in subject label specific list(rule_list) and in global rule list(smack_rule_list) both. Mutex lock (rule_lock) is used to avoid simultaneous updates. But this lock is subject label specific lock. If 2 processes tries to add different rules(i.e with different subject labels) simultaneously, then both the processes can take the "rule_lock" respectively. So it will cause a problem while adding entries in master rule list. Now a new mutex lock(smack_master_list_lock) has been taken to add entry in smack_rule_list to avoid simultaneous updates of different rules. Signed-off-by: Vishal Goel <vishal.goel@samsung.com> Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smackfs.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 13743a01b35b..366b8356f75b 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -67,6 +67,7 @@ enum smk_inos {
/*
* List locks
*/
+static DEFINE_MUTEX(smack_master_list_lock);
static DEFINE_MUTEX(smack_cipso_lock);
static DEFINE_MUTEX(smack_ambient_lock);
static DEFINE_MUTEX(smk_net4addr_lock);
@@ -262,12 +263,16 @@ static int smk_set_access(struct smack_parsed_rule *srp,
* it needs to get added for reporting.
*/
if (global) {
+ mutex_unlock(rule_lock);
smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
if (smlp != NULL) {
smlp->smk_rule = sp;
+ mutex_lock(&smack_master_list_lock);
list_add_rcu(&smlp->list, &smack_rule_list);
+ mutex_unlock(&smack_master_list_lock);
} else
rc = -ENOMEM;
+ return rc;
}
}