Home » Mailing list archives » linux-kernel » 2007 » December » 4

Re: [PATCH] (2.6.24-rc3-mm2) -mm Smack mutex cleanup

Previous thread: man-pages-2.69 is released by Michael Kerrisk on Monday, December 3, 2007 - 1:40 pm. (1 message)

Next thread: [PATCH 1/1] : hwmon - new chip driver for TI ADS7828 A-D by Steve Hardy on Monday, December 3, 2007 - 1:59 pm. (3 messages)
[view original message]
From: Casey Schaufler <casey@...>
To: <akpm@...>, <torvalds@...>
Cc: <linux-kernel@...>, <linux-security-module@...>
Subject: [PATCH] (2.6.24-rc3-mm2) -mm Smack mutex cleanup
Date: Monday, December 3, 2007 - 2:39 pm

From: Casey Schaufler <casey@schaufler-ca.com>


Clean out unnecessary mutex initializations for Smack list locks.

Once this is done, there is no need for them to be shared among

multiple files, so pull them out of the header file and put them

in the files where they belong.


Pull unnecessary locking from smack_inode_setsecurity, it used

to be required when the assignment was not guaranteed to be a

scalar value but isn't now.


Change uses of __capable(current,...) to capable(...).

Take out an inappropriate cast. Use container_of() instead

of doing the same calculation by hand.

Fix comment spelling errors.


Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>


---


Tested with stamp-2007-11-30-16-39


 security/smack/smack.h        |    3 --

 security/smack/smack_access.c |    3 ++

 security/smack/smack_lsm.c    |   34 +++++++++-----------------------

 security/smack/smackfs.c      |    6 +++++

 4 files changed, 19 insertions(+), 27 deletions(-)


diff -uprN -X linux-2.6.24-rc3-mm2-base/Documentation/dontdiff linux-2.6.24-rc3-mm2-base/security/smack/smack_access.c linux-2.6.24-rc3-mm2-smack/security/smack/smack_access.c

--- linux-2.6.24-rc3-mm2-base/security/smack/smack_access.c	2007-11-27 16:47:05.000000000 -0800

+++ linux-2.6.24-rc3-mm2-smack/security/smack/smack_access.c	2007-11-28 11:46:01.000000000 -0800

@@ -58,6 +58,7 @@ struct smack_known smack_known_invalid =

 };


 struct smack_known *smack_known = &smack_known_invalid;

+

 /*

  * The initial value needs to be bigger than any of the

  * known values above.

@@ -173,6 +174,8 @@ int smk_curacc(char *obj_label, u32 mode

 	return rc;

 }


+DEFINE_MUTEX(smack_known_lock);

+

 /**

  * smk_import_entry - import a label, return the list entry

  * @string: a text string that might be a Smack label

diff -uprN -X linux-2.6.24-rc3-mm2-base/Documentation/dontdiff linux-2.6.24-rc3-mm2-base/security/smack/smackfs.c linux-2.6.24-rc3-mm2-smack/security/smack/smackfs.c

--- linux-2.6.24-rc3-mm2-base/security/smac...
[ message continues ]
[view original message]
From: Jiri Slaby <jirislaby@...>
To: <casey@...>
Cc: <akpm@...>, <torvalds@...>, <linux-kernel@...>, <linux-security-module@...>
Subject: Re: [PATCH] (2.6.24-rc3-mm2) -mm Smack mutex cleanup
Date: Monday, December 3, 2007 - 7:20 pm

Ok, it still might be atomic as a variable change, but it will break scenarios

such as


mutex_lock(&nsp->smk_lock);

create(nsp->smk_inode);

cook_a_dinner();

get_info(nsp->smk_inode);

mutex_unlock(&nsp->smk_lock);


While cook_a_dinner(), smack_inode_setsecurity() is called and the attribute

changed...


Doesn't this matter?

--
[view original message]
From: Casey Schaufler <casey@...>
To: Jiri Slaby <jirislaby@...>, <casey@...>
Cc: <akpm@...>, <torvalds@...>, <linux-kernel@...>, <linux-security-module@...>
Subject: Re: [PATCH] (2.6.24-rc3-mm2) -mm Smack mutex cleanup
Date: Tuesday, December 4, 2007 - 1:04 am

The only place dinner can get cooked is during d_instantiate, and

you can't call inode_security until after that's finished. No,

it doesn't matter.


Casey Schaufler

casey@schaufler-ca.com

--
Previous thread: man-pages-2.69 is released by Michael Kerrisk on Monday, December 3, 2007 - 1:40 pm. (1 message)

Next thread: [PATCH 1/1] : hwmon - new chip driver for TI ADS7828 A-D by Steve Hardy on Monday, December 3, 2007 - 1:59 pm. (3 messages)