linux/security/integrity/iint.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2008 IBM Corporation
   3 *
   4 * Authors:
   5 * Mimi Zohar <zohar@us.ibm.com>
   6 *
   7 * This program is free software; you can redistribute it and/or
   8 * modify it under the terms of the GNU General Public License as
   9 * published by the Free Software Foundation, version 2 of the
  10 * License.
  11 *
  12 * File: integrity_iint.c
  13 *      - implements the integrity hooks: integrity_inode_alloc,
  14 *        integrity_inode_free
  15 *      - cache integrity information associated with an inode
  16 *        using a rbtree tree.
  17 */
  18#include <linux/slab.h>
  19#include <linux/module.h>
  20#include <linux/spinlock.h>
  21#include <linux/rbtree.h>
  22#include "integrity.h"
  23
  24static struct rb_root integrity_iint_tree = RB_ROOT;
  25static DEFINE_SPINLOCK(integrity_iint_lock);
  26static struct kmem_cache *iint_cache __read_mostly;
  27
  28int iint_initialized;
  29
  30/*
  31 * __integrity_iint_find - return the iint associated with an inode
  32 */
  33static struct integrity_iint_cache *__integrity_iint_find(struct inode *inode)
  34{
  35        struct integrity_iint_cache *iint;
  36        struct rb_node *n = integrity_iint_tree.rb_node;
  37
  38        assert_spin_locked(&integrity_iint_lock);
  39
  40        while (n) {
  41                iint = rb_entry(n, struct integrity_iint_cache, rb_node);
  42
  43                if (inode < iint->inode)
  44                        n = n->rb_left;
  45                else if (inode > iint->inode)
  46                        n = n->rb_right;
  47                else
  48                        break;
  49        }
  50        if (!n)
  51                return NULL;
  52
  53        return iint;
  54}
  55
  56/*
  57 * integrity_iint_find - return the iint associated with an inode
  58 */
  59struct integrity_iint_cache *integrity_iint_find(struct inode *inode)
  60{
  61        struct integrity_iint_cache *iint;
  62
  63        if (!IS_IMA(inode))
  64                return NULL;
  65
  66        spin_lock(&integrity_iint_lock);
  67        iint = __integrity_iint_find(inode);
  68        spin_unlock(&integrity_iint_lock);
  69
  70        return iint;
  71}
  72
  73static void iint_free(struct integrity_iint_cache *iint)
  74{
  75        iint->version = 0;
  76        iint->flags = 0UL;
  77        iint->evm_status = INTEGRITY_UNKNOWN;
  78        kmem_cache_free(iint_cache, iint);
  79}
  80
  81/**
  82 * integrity_inode_alloc - allocate an iint associated with an inode
  83 * @inode: pointer to the inode
  84 */
  85int integrity_inode_alloc(struct inode *inode)
  86{
  87        struct rb_node **p;
  88        struct rb_node *new_node, *parent = NULL;
  89        struct integrity_iint_cache *new_iint, *test_iint;
  90        int rc;
  91
  92        new_iint = kmem_cache_alloc(iint_cache, GFP_NOFS);
  93        if (!new_iint)
  94                return -ENOMEM;
  95
  96        new_iint->inode = inode;
  97        new_node = &new_iint->rb_node;
  98
  99        mutex_lock(&inode->i_mutex);    /* i_flags */
 100        spin_lock(&integrity_iint_lock);
 101
 102        p = &integrity_iint_tree.rb_node;
 103        while (*p) {
 104                parent = *p;
 105                test_iint = rb_entry(parent, struct integrity_iint_cache,
 106                                     rb_node);
 107                rc = -EEXIST;
 108                if (inode < test_iint->inode)
 109                        p = &(*p)->rb_left;
 110                else if (inode > test_iint->inode)
 111                        p = &(*p)->rb_right;
 112                else
 113                        goto out_err;
 114        }
 115
 116        inode->i_flags |= S_IMA;
 117        rb_link_node(new_node, parent, p);
 118        rb_insert_color(new_node, &integrity_iint_tree);
 119
 120        spin_unlock(&integrity_iint_lock);
 121        mutex_unlock(&inode->i_mutex);  /* i_flags */
 122
 123        return 0;
 124out_err:
 125        spin_unlock(&integrity_iint_lock);
 126        mutex_unlock(&inode->i_mutex);  /* i_flags */
 127        iint_free(new_iint);
 128
 129        return rc;
 130}
 131
 132/**
 133 * integrity_inode_free - called on security_inode_free
 134 * @inode: pointer to the inode
 135 *
 136 * Free the integrity information(iint) associated with an inode.
 137 */
 138void integrity_inode_free(struct inode *inode)
 139{
 140        struct integrity_iint_cache *iint;
 141
 142        if (!IS_IMA(inode))
 143                return;
 144
 145        spin_lock(&integrity_iint_lock);
 146        iint = __integrity_iint_find(inode);
 147        rb_erase(&iint->rb_node, &integrity_iint_tree);
 148        spin_unlock(&integrity_iint_lock);
 149
 150        iint_free(iint);
 151}
 152
 153static void init_once(void *foo)
 154{
 155        struct integrity_iint_cache *iint = foo;
 156
 157        memset(iint, 0, sizeof *iint);
 158        iint->version = 0;
 159        iint->flags = 0UL;
 160        mutex_init(&iint->mutex);
 161        iint->evm_status = INTEGRITY_UNKNOWN;
 162}
 163
 164static int __init integrity_iintcache_init(void)
 165{
 166        iint_cache =
 167            kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache),
 168                              0, SLAB_PANIC, init_once);
 169        iint_initialized = 1;
 170        return 0;
 171}
 172security_initcall(integrity_iintcache_init);
 173
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.