Commit 890275b5 authored by Mimi Zohar's avatar Mimi Zohar

IMA: maintain i_readcount in the VFS layer

ima_counts_get() updated the readcount and invalidated the PCR,
as necessary. Only update the i_readcount in the VFS layer.
Move the PCR invalidation checks to ima_file_check(), where it
belongs.

Maintaining the i_readcount in the VFS layer, will allow other
subsystems to use i_readcount.
Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Acked-by: default avatarEric Paris <eparis@redhat.com>
parent a5c96ebf
...@@ -190,7 +190,8 @@ struct file *alloc_file(struct path *path, fmode_t mode, ...@@ -190,7 +190,8 @@ struct file *alloc_file(struct path *path, fmode_t mode,
file_take_write(file); file_take_write(file);
WARN_ON(mnt_clone_write(path->mnt)); WARN_ON(mnt_clone_write(path->mnt));
} }
ima_counts_get(file); if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
i_readcount_inc(path->dentry->d_inode);
return file; return file;
} }
EXPORT_SYMBOL(alloc_file); EXPORT_SYMBOL(alloc_file);
...@@ -251,6 +252,8 @@ static void __fput(struct file *file) ...@@ -251,6 +252,8 @@ static void __fput(struct file *file)
fops_put(file->f_op); fops_put(file->f_op);
put_pid(file->f_owner.pid); put_pid(file->f_owner.pid);
file_sb_list_del(file); file_sb_list_del(file);
if ((file->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
i_readcount_dec(inode);
if (file->f_mode & FMODE_WRITE) if (file->f_mode & FMODE_WRITE)
drop_file_write_access(file); drop_file_write_access(file);
file->f_path.dentry = NULL; file->f_path.dentry = NULL;
......
...@@ -688,7 +688,8 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, ...@@ -688,7 +688,8 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
if (error) if (error)
goto cleanup_all; goto cleanup_all;
} }
ima_counts_get(f); if ((f->f_mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
i_readcount_inc(inode);
f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
......
...@@ -20,7 +20,6 @@ extern void ima_inode_free(struct inode *inode); ...@@ -20,7 +20,6 @@ extern void ima_inode_free(struct inode *inode);
extern int ima_file_check(struct file *file, int mask); extern int ima_file_check(struct file *file, int mask);
extern void ima_file_free(struct file *file); extern void ima_file_free(struct file *file);
extern int ima_file_mmap(struct file *file, unsigned long prot); extern int ima_file_mmap(struct file *file, unsigned long prot);
extern void ima_counts_get(struct file *file);
#else #else
static inline int ima_bprm_check(struct linux_binprm *bprm) static inline int ima_bprm_check(struct linux_binprm *bprm)
...@@ -53,10 +52,5 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot) ...@@ -53,10 +52,5 @@ static inline int ima_file_mmap(struct file *file, unsigned long prot)
return 0; return 0;
} }
static inline void ima_counts_get(struct file *file)
{
return;
}
#endif /* CONFIG_IMA_H */ #endif /* CONFIG_IMA_H */
#endif /* _LINUX_IMA_H */ #endif /* _LINUX_IMA_H */
...@@ -141,8 +141,6 @@ void ima_inode_free(struct inode *inode) ...@@ -141,8 +141,6 @@ void ima_inode_free(struct inode *inode)
printk(KERN_INFO "%s: readcount: %u\n", __func__, printk(KERN_INFO "%s: readcount: %u\n", __func__,
atomic_read(&inode->i_readcount)); atomic_read(&inode->i_readcount));
atomic_set(&inode->i_readcount, 0);
if (!IS_IMA(inode)) if (!IS_IMA(inode))
return; return;
......
...@@ -86,17 +86,16 @@ static bool ima_limit_imbalance(struct file *file) ...@@ -86,17 +86,16 @@ static bool ima_limit_imbalance(struct file *file)
} }
/* /*
* ima_counts_get - increment file counts * ima_rdwr_violation_check
* *
* Maintain read/write counters for all files, but only * Only invalidate the PCR for measured files:
* invalidate the PCR for measured files:
* - Opening a file for write when already open for read, * - Opening a file for write when already open for read,
* results in a time of measure, time of use (ToMToU) error. * results in a time of measure, time of use (ToMToU) error.
* - Opening a file for read when already open for write, * - Opening a file for read when already open for write,
* could result in a file measurement error. * could result in a file measurement error.
* *
*/ */
void ima_counts_get(struct file *file) static void ima_rdwr_violation_check(struct file *file)
{ {
struct dentry *dentry = file->f_path.dentry; struct dentry *dentry = file->f_path.dentry;
struct inode *inode = dentry->d_inode; struct inode *inode = dentry->d_inode;
...@@ -104,13 +103,10 @@ void ima_counts_get(struct file *file) ...@@ -104,13 +103,10 @@ void ima_counts_get(struct file *file)
int rc; int rc;
bool send_tomtou = false, send_writers = false; bool send_tomtou = false, send_writers = false;
if (!S_ISREG(inode->i_mode)) if (!S_ISREG(inode->i_mode) || !ima_initialized)
return; return;
spin_lock(&inode->i_lock); mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */
if (!ima_initialized)
goto out;
if (mode & FMODE_WRITE) { if (mode & FMODE_WRITE) {
if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) if (atomic_read(&inode->i_readcount) && IS_IMA(inode))
...@@ -125,11 +121,7 @@ void ima_counts_get(struct file *file) ...@@ -125,11 +121,7 @@ void ima_counts_get(struct file *file)
if (atomic_read(&inode->i_writecount) > 0) if (atomic_read(&inode->i_writecount) > 0)
send_writers = true; send_writers = true;
out: out:
/* remember the vfs deals with i_writecount */ mutex_unlock(&inode->i_mutex);
if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ)
atomic_inc(&inode->i_readcount);
spin_unlock(&inode->i_lock);
if (send_tomtou) if (send_tomtou)
ima_add_violation(inode, dentry->d_name.name, "invalid_pcr", ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
...@@ -158,7 +150,6 @@ static void ima_dec_counts(struct inode *inode, struct file *file) ...@@ -158,7 +150,6 @@ static void ima_dec_counts(struct inode *inode, struct file *file)
} }
return; return;
} }
atomic_dec(&inode->i_readcount);
} }
} }
...@@ -203,8 +194,7 @@ static void ima_file_free_noiint(struct inode *inode, struct file *file) ...@@ -203,8 +194,7 @@ static void ima_file_free_noiint(struct inode *inode, struct file *file)
* ima_file_free - called on __fput() * ima_file_free - called on __fput()
* @file: pointer to file structure being freed * @file: pointer to file structure being freed
* *
* Flag files that changed, based on i_version; * Flag files that changed, based on i_version
* and decrement the i_readcount.
*/ */
void ima_file_free(struct file *file) void ima_file_free(struct file *file)
{ {
...@@ -318,6 +308,7 @@ int ima_file_check(struct file *file, int mask) ...@@ -318,6 +308,7 @@ int ima_file_check(struct file *file, int mask)
{ {
int rc; int rc;
ima_rdwr_violation_check(file);
rc = process_measurement(file, file->f_dentry->d_name.name, rc = process_measurement(file, file->f_dentry->d_name.name,
mask & (MAY_READ | MAY_WRITE | MAY_EXEC), mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
FILE_CHECK); FILE_CHECK);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment