commit 54bb6552bd9405dc7685653157a4ec260c77a71c · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ima: initialize ima before inodes can be allocated

ima wants to create an inode information struct (iint) when inodes are
allocated. This means that at least the part of ima which does this
allocation (the allocation is filled with information later) should
before any inodes are created. To accomplish this we split the ima
initialization routine placing the kmem cache allocator inside a
security_initcall() function. Since this makes use of radix trees we also
need to make sure that is initialized before security_initcall().

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

authored by Eric Paris and committed by Al Viro 16 years ago 54bb6552 8eb988c7

+4 -9

4 changed files

expand all

unified split

init

main.c

security

integrity

ima

ima.h

ima_iint.c

ima_main.c

+1 -1

init/main.c

··· 657 657 proc_caches_init(); 658 658 buffer_init(); 659 659 key_init(); 660 + radix_tree_init(); 660 661 security_init(); 661 662 vfs_caches_init(totalram_pages); 662 - radix_tree_init(); 663 663 signals_init(); 664 664 /* rootfs populating might need page-writeback */ 665 665 page_writeback_init();

-1

security/integrity/ima/ima.h

··· 65 65 const char *cause, int result, int info); 66 66 67 67 /* Internal IMA function definitions */ 68 - void ima_iintcache_init(void); 69 68 int ima_init(void); 70 69 void ima_cleanup(void); 71 70 int ima_fs_init(void);

+3 -6

security/integrity/ima/ima_iint.c

··· 52 52 struct ima_iint_cache *iint = NULL; 53 53 int rc = 0; 54 54 55 - if (!ima_initialized) 56 - return 0; 57 - 58 55 iint = kmem_cache_alloc(iint_cache, GFP_NOFS); 59 56 if (!iint) 60 57 return -ENOMEM; ··· 115 118 { 116 119 struct ima_iint_cache *iint; 117 120 118 - if (!ima_initialized) 119 - return; 120 121 spin_lock(&ima_iint_lock); 121 122 iint = radix_tree_delete(&ima_iint_store, (unsigned long)inode); 122 123 spin_unlock(&ima_iint_lock); ··· 136 141 kref_set(&iint->refcount, 1); 137 142 } 138 143 139 - void __init ima_iintcache_init(void) 144 + static int __init ima_iintcache_init(void) 140 145 { 141 146 iint_cache = 142 147 kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0, 143 148 SLAB_PANIC, init_once); 149 + return 0; 144 150 } 151 + security_initcall(ima_iintcache_init);

-1

security/integrity/ima/ima_main.c

··· 321 321 { 322 322 int error; 323 323 324 - ima_iintcache_init(); 325 324 error = ima_init(); 326 325 ima_initialized = 1; 327 326 return error;