commit 54bb6552bd9405dc7685653157a4ec260c77a71c · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ima: initialize ima before inodes can be allocated

ima wants to create an inode information struct (iint) when inodes are
allocated. This means that at least the part of ima which does this
allocation (the allocation is filled with information later) should
before any inodes are created. To accomplish this we split the ima
initialization routine placing the kmem cache allocator inside a
security_initcall() function. Since this makes use of radix trees we also
need to make sure that is initialized before security_initcall().

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

authored by Eric Paris and committed by Al Viro 16 years ago 54bb6552 8eb988c7

+4 -9

4 changed files

expand all

unified split

init

main.c

security

integrity

ima

ima.h

ima_iint.c

ima_main.c

+1 -1

init/main.c

··· 657 proc_caches_init(); 658 buffer_init(); 659 key_init(); 660 security_init(); 661 vfs_caches_init(totalram_pages); 662 - radix_tree_init(); 663 signals_init(); 664 /* rootfs populating might need page-writeback */ 665 page_writeback_init();

··· 657 proc_caches_init(); 658 buffer_init(); 659 key_init(); 660 + radix_tree_init(); 661 security_init(); 662 vfs_caches_init(totalram_pages); 663 signals_init(); 664 /* rootfs populating might need page-writeback */ 665 page_writeback_init();

-1

security/integrity/ima/ima.h

··· 65 const char *cause, int result, int info); 66 67 /* Internal IMA function definitions */ 68 - void ima_iintcache_init(void); 69 int ima_init(void); 70 void ima_cleanup(void); 71 int ima_fs_init(void);

··· 65 const char *cause, int result, int info); 66 67 /* Internal IMA function definitions */ 68 int ima_init(void); 69 void ima_cleanup(void); 70 int ima_fs_init(void);

+3 -6

security/integrity/ima/ima_iint.c

··· 52 struct ima_iint_cache *iint = NULL; 53 int rc = 0; 54 55 - if (!ima_initialized) 56 - return 0; 57 - 58 iint = kmem_cache_alloc(iint_cache, GFP_NOFS); 59 if (!iint) 60 return -ENOMEM; ··· 115 { 116 struct ima_iint_cache *iint; 117 118 - if (!ima_initialized) 119 - return; 120 spin_lock(&ima_iint_lock); 121 iint = radix_tree_delete(&ima_iint_store, (unsigned long)inode); 122 spin_unlock(&ima_iint_lock); ··· 136 kref_set(&iint->refcount, 1); 137 } 138 139 - void __init ima_iintcache_init(void) 140 { 141 iint_cache = 142 kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0, 143 SLAB_PANIC, init_once); 144 }

··· 52 struct ima_iint_cache *iint = NULL; 53 int rc = 0; 54 55 iint = kmem_cache_alloc(iint_cache, GFP_NOFS); 56 if (!iint) 57 return -ENOMEM; ··· 118 { 119 struct ima_iint_cache *iint; 120 121 spin_lock(&ima_iint_lock); 122 iint = radix_tree_delete(&ima_iint_store, (unsigned long)inode); 123 spin_unlock(&ima_iint_lock); ··· 141 kref_set(&iint->refcount, 1); 142 } 143 144 + static int __init ima_iintcache_init(void) 145 { 146 iint_cache = 147 kmem_cache_create("iint_cache", sizeof(struct ima_iint_cache), 0, 148 SLAB_PANIC, init_once); 149 + return 0; 150 } 151 + security_initcall(ima_iintcache_init);

-1

security/integrity/ima/ima_main.c

··· 321 { 322 int error; 323 324 - ima_iintcache_init(); 325 error = ima_init(); 326 ima_initialized = 1; 327 return error;

··· 321 { 322 int error; 323 324 error = ima_init(); 325 ima_initialized = 1; 326 return error;