Tetsuo Handa
pengu****@I-lov*****
Wed Feb 25 20:40:07 JST 2015
Davidlohr Bueso wrote: > The mm->exe_file is currently serialized with mmap_sem (shared) in order > to both safely (1) read the file and (2) compute the realpath by calling > tomoyo_realpath_from_path, making it an absolute overkill. Good users will, > on the other hand, make use of the more standard get_mm_exe_file(), requiring > only holding the mmap_sem to read the value, and relying on reference > > Signed-off-by: Davidlohr Bueso <dbues****@suse*****> Acked-by: Tetsuo Handa <pengu****@I-lov*****> James, will you apply to linux-security.git#next ? I'm not using publicly accessible git tree for sending pull requests. > --- > > Changes from v2: remove cleanups and cp initialization. > > security/tomoyo/util.c | 21 ++++++++++++--------- > 1 file changed, 12 insertions(+), 9 deletions(-) > > diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c > index 2952ba5..29f3b65 100644 > --- a/security/tomoyo/util.c > +++ b/security/tomoyo/util.c > @@ -948,16 +948,19 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, > */ > const char *tomoyo_get_exe(void) > { > - struct mm_struct *mm = current->mm; > - const char *cp = NULL; > + struct file *exe_file; > + const char *cp; > + struct mm_struct *mm = current->mm; > > - if (!mm) > - return NULL; > - down_read(&mm->mmap_sem); > - if (mm->exe_file) > - cp = tomoyo_realpath_from_path(&mm->exe_file->f_path); > - up_read(&mm->mmap_sem); > - return cp; > + if (!mm) > + return NULL; > + exe_file = get_mm_exe_file(mm); > + if (!exe_file) > + return NULL; > + > + cp = tomoyo_realpath_from_path(&exe_file->f_path); > + fput(exe_file); > + return cp; > } > > /** > -- > 2.1.4 >
TOMOYO
Fork