Commit 2c50b964 authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar

ima: remove unnecessary i_mutex locking from ima_rdwr_violation_check()

Before 2.6.39 inode->i_readcount was maintained by IMA. It was not atomic
and protected using spinlock. For 2.6.39, i_readcount was converted to
atomic and maintaining was moved VFS layer. Spinlock for some unclear
reason was replaced by i_mutex.

After analyzing the code, we came to conclusion that i_mutex locking is
unnecessary, especially when an IMA policy has not been defined.

This patch removes i_mutex locking from ima_rdwr_violation_check().
Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent b6b8a371
...@@ -88,8 +88,6 @@ static void ima_rdwr_violation_check(struct file *file) ...@@ -88,8 +88,6 @@ static void ima_rdwr_violation_check(struct file *file)
if (!S_ISREG(inode->i_mode) || !ima_initialized) if (!S_ISREG(inode->i_mode) || !ima_initialized)
return; return;
mutex_lock(&inode->i_mutex); /* file metadata: permissions, xattr */
if (mode & FMODE_WRITE) { if (mode & FMODE_WRITE) {
if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
struct integrity_iint_cache *iint; struct integrity_iint_cache *iint;
...@@ -104,8 +102,6 @@ static void ima_rdwr_violation_check(struct file *file) ...@@ -104,8 +102,6 @@ static void ima_rdwr_violation_check(struct file *file)
send_writers = true; send_writers = true;
} }
mutex_unlock(&inode->i_mutex);
if (!send_tomtou && !send_writers) if (!send_tomtou && !send_writers)
return; return;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment