From: Eric Paris <eparis@redhat.com>
To: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org
Cc: hch@infradead.org, zohar@us.ibm.com, warthog9@kernel.org,
david@fromorbit.com, jmorris@namei.org, kyle@mcmartin.ca,
hpa@zytor.com, akpm@linux-foundation.org,
torvalds@linux-foundation.org, mingo@elte.hu, eparis@redhat.com,
viro@zeniv.linux.org.uk
Subject: [PATCH 08/11] IMA: only allocate iint when needed
Date: Mon, 25 Oct 2010 14:42:05 -0400 [thread overview]
Message-ID: <20101025184205.20504.74605.stgit@paris.rdu.redhat.com> (raw)
In-Reply-To: <20101025184118.20504.24290.stgit@paris.rdu.redhat.com>
IMA always allocates an integrity structure to hold information about every
inode, but only needed this structure to tract the number of readers and
writers currently accessing a given inode. Since that information was moved
into struct inode instead of the integrity struct this patch stops allocating
the integrity stucture until it is needed. Thus greatly reducing memory usage.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/integrity/ima/ima_main.c | 94 +++++++++++++++++++++++++------------
security/security.c | 10 ----
2 files changed, 65 insertions(+), 39 deletions(-)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 2a77b14..5e3229c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -141,33 +141,62 @@ out:
/*
* Decrement ima counts
*/
-static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
- struct file *file)
+static void ima_dec_counts(struct inode *inode, struct file *file)
{
mode_t mode = file->f_mode;
- bool dump = false;
- BUG_ON(!mutex_is_locked(&iint->mutex));
assert_spin_locked(&inode->i_lock);
if ((mode & (FMODE_READ | FMODE_WRITE)) == FMODE_READ) {
- if (unlikely(inode->i_readcount == 0))
- dump = true;
+ if (unlikely(inode->i_readcount == 0)) {
+ if (!ima_limit_imbalance(file)) {
+ printk(KERN_INFO "%s: open/free imbalance (r:%u)\n",
+ __func__, inode->i_readcount);
+ dump_stack();
+ }
+ return;
+ }
inode->i_readcount--;
}
- if (mode & FMODE_WRITE) {
- if (atomic_read(&inode->i_writecount) <= 0)
- dump = true;
- if (atomic_read(&inode->i_writecount) == 1 &&
- iint->version != inode->i_version)
- iint->flags &= ~IMA_MEASURED;
- }
+}
- if (dump && !ima_limit_imbalance(file)) {
- printk(KERN_INFO "%s: open/free imbalance (r:%u)\n",
- __func__, inode->i_readcount);
- dump_stack();
- }
+static void ima_check_last_writer(struct ima_iint_cache *iint,
+ struct inode *inode,
+ struct file *file)
+{
+ mode_t mode = file->f_mode;
+
+ BUG_ON(!mutex_is_locked(&iint->mutex));
+ assert_spin_locked(&inode->i_lock);
+
+ if (mode & FMODE_WRITE &&
+ atomic_read(&inode->i_writecount) == 1 &&
+ iint->version != inode->i_version)
+ iint->flags &= ~IMA_MEASURED;
+}
+
+static void ima_file_free_iint(struct ima_iint_cache *iint, struct inode *inode,
+ struct file *file)
+{
+ mutex_lock(&iint->mutex);
+ spin_lock(&inode->i_lock);
+
+ ima_dec_counts(inode, file);
+ ima_check_last_writer(iint, inode, file);
+
+ spin_unlock(&inode->i_lock);
+ mutex_unlock(&iint->mutex);
+
+ kref_put(&iint->refcount, iint_free);
+}
+
+static void ima_file_free_noiint(struct inode *inode, struct file *file)
+{
+ spin_lock(&inode->i_lock);
+
+ ima_dec_counts(inode, file);
+
+ spin_unlock(&inode->i_lock);
}
/**
@@ -175,7 +204,7 @@ static void ima_dec_counts(struct ima_iint_cache *iint, struct inode *inode,
* @file: pointer to file structure being freed
*
* Flag files that changed, based on i_version;
- * and decrement the iint readcount/writecount.
+ * and decrement the i_readcount.
*/
void ima_file_free(struct file *file)
{
@@ -185,17 +214,12 @@ void ima_file_free(struct file *file)
if (!iint_initialized || !S_ISREG(inode->i_mode))
return;
iint = ima_iint_find_get(inode);
- if (!iint)
- return;
- mutex_lock(&iint->mutex);
- spin_lock(&inode->i_lock);
-
- ima_dec_counts(iint, inode, file);
+ if (iint)
+ ima_file_free_iint(iint, inode, file);
+ else
+ ima_file_free_noiint(inode, file);
- spin_unlock(&inode->i_lock);
- mutex_unlock(&iint->mutex);
- kref_put(&iint->refcount, iint_free);
}
static int process_measurement(struct file *file, const unsigned char *filename,
@@ -207,11 +231,21 @@ static int process_measurement(struct file *file, const unsigned char *filename,
if (!ima_initialized || !S_ISREG(inode->i_mode))
return 0;
+
+ rc = ima_must_measure(NULL, inode, mask, function);
+ if (rc != 0)
+ return rc;
+retry:
iint = ima_iint_find_get(inode);
- if (!iint)
- return -ENOMEM;
+ if (!iint) {
+ rc = ima_inode_alloc(inode);
+ if (!rc || rc == -EEXIST)
+ goto retry;
+ return rc;
+ }
mutex_lock(&iint->mutex);
+
rc = ima_must_measure(iint, inode, mask, function);
if (rc != 0)
goto out;
diff --git a/security/security.c b/security/security.c
index ad5ca29..259d3ad 100644
--- a/security/security.c
+++ b/security/security.c
@@ -325,16 +325,8 @@ EXPORT_SYMBOL(security_sb_parse_opts_str);
int security_inode_alloc(struct inode *inode)
{
- int ret;
-
inode->i_security = NULL;
- ret = security_ops->inode_alloc_security(inode);
- if (ret)
- return ret;
- ret = ima_inode_alloc(inode);
- if (ret)
- security_inode_free(inode);
- return ret;
+ return security_ops->inode_alloc_security(inode);
}
void security_inode_free(struct inode *inode)
next prev parent reply other threads:[~2010-10-25 18:42 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-25 18:41 [PATCH 01/11] IMA: use rbtree instead of radix tree for inode information cache Eric Paris
2010-10-25 18:41 ` [PATCH 02/11] IMA: drop the inode opencount since it isn't needed for operation Eric Paris
2010-10-25 18:41 ` [PATCH 03/11] IMA: use unsigned int instead of long for counters Eric Paris
2010-10-25 18:41 ` [PATCH 04/11] IMA: convert internal flags from long to char Eric Paris
2010-10-25 18:41 ` [PATCH 05/11] IMA: use inode->i_lock to protect read and write counters Eric Paris
2010-10-25 18:41 ` [PATCH 06/11] IMA: use i_writecount rather than a private counter Eric Paris
2010-10-25 19:27 ` John Stoffel
2010-10-25 21:52 ` Eric Paris
2010-10-25 22:25 ` H. Peter Anvin
2010-10-25 22:29 ` Eric Paris
2010-10-26 13:57 ` John Stoffel
2010-10-26 13:53 ` John Stoffel
2010-10-26 22:08 ` H. Peter Anvin
2010-10-25 18:41 ` [PATCH 07/11] IMA: move read counter into struct inode Eric Paris
2010-10-25 18:42 ` Eric Paris [this message]
2010-10-25 18:42 ` [PATCH 09/11] IMA: drop refcnt from ima_iint_cache since it isn't needed Eric Paris
2010-10-25 18:42 ` [PATCH 10/11] IMA: explicit IMA i_flag to remove global lock on inode_delete Eric Paris
2010-10-25 18:42 ` [PATCH 11/11] IMA: fix the ToMToU logic Eric Paris
2010-10-25 19:21 ` [PATCH 01/11] IMA: use rbtree instead of radix tree for inode information cache John Stoffel
2010-10-25 19:38 ` J.H.
2010-10-25 20:55 ` Linus Torvalds
2010-10-25 20:57 ` Christoph Hellwig
2010-10-25 21:11 ` Linus Torvalds
2010-10-26 14:01 ` John Stoffel
2010-10-26 15:22 ` Linus Torvalds
2010-10-26 15:30 ` Eric Paris
2010-10-26 15:53 ` John Stoffel
2010-10-26 18:13 ` Al Viro
2010-10-27 13:35 ` James Morris
2010-10-26 14:07 ` John Stoffel
2010-10-25 21:34 ` Eric Paris
2010-10-26 13:45 ` John Stoffel
2010-10-25 23:22 ` Dave Chinner
2010-10-26 0:12 ` Eric Paris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101025184205.20504.74605.stgit@paris.rdu.redhat.com \
--to=eparis@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=kyle@mcmartin.ca \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=warthog9@kernel.org \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).