renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-21 11:44:01 +08:00
Code

Detect kernel thread correctly, and ignore harmless data race.

Browse Source 
tomoyo: recognize kernel threads correctly
   tomoyo: ignore data race while checking quota
 
  security/tomoyo/file.c    |   16 ++++++++--------
  security/tomoyo/network.c |   10 +++++-----
  security/tomoyo/util.c    |   24 ++++++++++++------------
  3 files changed, 25 insertions(+), 25 deletions(-)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJgKc61AAoJEEJfEo0MZPUq1qkQAKqABDH28UI/T1lq8YWQ/geC
 Z5SIisZ6IS8ovNonEmO13g6j7N45Dul7oIgA81GbL8D0CJFdQaixz6WKTepy4clz
 6KOnwKimezA3sLyKEJFUywu3VT8w3kb2bUb10gbqRTOiB0xNH/Ix8lnbLu5XWzKM
 /gVmDNqRIdjr864bRTygJZxJcn+KXpkfK/Oc02+xx1AzG8ajc5AjJh8oRQq4PsQn
 dUQLdGyHmVY66NIn19ErV9OVEnbcZIQoKNRnnKvCPJLkZRheqNoVFWwW4ZqhznV1
 9MWRcx626pDUDDkP5a72vVPLmMi1zqHk4I70cu865Tpm2NwjovztX1Ru6z2aWfKd
 GTqt3ajOzjWBPoGVAoTdrvcBena2cljMK6q0+DXT8dr2z/LKFdYVNK4t/ioMywXy
 6CS56bVzWevBtUpXypwsjxtk4Fi4w+NWw4GnnPTiaiSKnOEcOIdPU4VFMVan14Mx
 pMkzKrGt2YBKUVYcyaz67lfU3/lhqxtMt0oOuaMhXYM+YpaBbRcNztPTJXfyYRHJ
 PLKyPX/G343WFjDD0qnhbYixtbAJzjIjo7NB0ZGXYTbpYYNm4TaLztYiE0bQ8X5e
 fxIma4Ua65E8dmpUa1JinZ7peL7cEJErOYHC4so/VNQ9B44BUgJJOf8Mh0WU32mN
 fGQCkWGLFWgVVDLs5/V/
 =WxKO
 -----END PGP SIGNATURE-----

Merge tag 'tomoyo-pr-20210215' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1

Pull tomoyo updates from Tetsuo Handa:
 "Detect kernel thread correctly, and ignore harmless data race"

* tag 'tomoyo-pr-20210215' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1:
  tomoyo: recognize kernel threads correctly
  tomoyo: ignore data race while checking quota
This commit is contained in:
Linus Torvalds 2021-02-21 16:52:06 -08:00
commit e210761fb3
3 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
security/tomoyo/file.c
View File

@ -362,14 +362,14 @@ static bool tomoyo_merge_path_acl(struct tomoyo_acl_info *a,
{ {
u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head) u16 * const a_perm = &container_of(a, struct tomoyo_path_acl, head)
->perm; ->perm;
u16 perm = *a_perm; u16 perm = READ_ONCE(*a_perm);
const u16 b_perm = container_of(b, struct tomoyo_path_acl, head)->perm; const u16 b_perm = container_of(b, struct tomoyo_path_acl, head)->perm;
if (is_delete) if (is_delete)
perm &= ~b_perm; perm &= ~b_perm;
else else
perm |= b_perm; perm |= b_perm;
*a_perm = perm; WRITE_ONCE(*a_perm, perm);
return !perm; return !perm;
} }
@ -437,7 +437,7 @@ static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,
{ {
u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl, u8 *const a_perm = &container_of(a, struct tomoyo_mkdev_acl,
head)->perm; head)->perm;
u8 perm = *a_perm; u8 perm = READ_ONCE(*a_perm);
const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head) const u8 b_perm = container_of(b, struct tomoyo_mkdev_acl, head)
->perm; ->perm;
@ -445,7 +445,7 @@ static bool tomoyo_merge_mkdev_acl(struct tomoyo_acl_info *a,
perm &= ~b_perm; perm &= ~b_perm;
else else
perm |= b_perm; perm |= b_perm;
*a_perm = perm; WRITE_ONCE(*a_perm, perm);
return !perm; return !perm;
} }
@ -517,14 +517,14 @@ static bool tomoyo_merge_path2_acl(struct tomoyo_acl_info *a,
{ {
u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head) u8 * const a_perm = &container_of(a, struct tomoyo_path2_acl, head)
->perm; ->perm;
u8 perm = *a_perm; u8 perm = READ_ONCE(*a_perm);
const u8 b_perm = container_of(b, struct tomoyo_path2_acl, head)->perm; const u8 b_perm = container_of(b, struct tomoyo_path2_acl, head)->perm;
if (is_delete) if (is_delete)
perm &= ~b_perm; perm &= ~b_perm;
else else
perm |= b_perm; perm |= b_perm;
*a_perm = perm; WRITE_ONCE(*a_perm, perm);
return !perm; return !perm;
} }
@ -655,7 +655,7 @@ static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a,
{ {
u8 * const a_perm = &container_of(a, struct tomoyo_path_number_acl, u8 * const a_perm = &container_of(a, struct tomoyo_path_number_acl,
head)->perm; head)->perm;
u8 perm = *a_perm; u8 perm = READ_ONCE(*a_perm);
const u8 b_perm = container_of(b, struct tomoyo_path_number_acl, head) const u8 b_perm = container_of(b, struct tomoyo_path_number_acl, head)
->perm; ->perm;
@ -663,7 +663,7 @@ static bool tomoyo_merge_path_number_acl(struct tomoyo_acl_info *a,
perm &= ~b_perm; perm &= ~b_perm;
else else
perm |= b_perm; perm |= b_perm;
*a_perm = perm; WRITE_ONCE(*a_perm, perm);
return !perm; return !perm;
} }

10
security/tomoyo/network.c
View File

@ -233,14 +233,14 @@ static bool tomoyo_merge_inet_acl(struct tomoyo_acl_info *a,
{ {
u8 * const a_perm = u8 * const a_perm =
&container_of(a, struct tomoyo_inet_acl, head)->perm; &container_of(a, struct tomoyo_inet_acl, head)->perm;
u8 perm = *a_perm; u8 perm = READ_ONCE(*a_perm);
const u8 b_perm = container_of(b, struct tomoyo_inet_acl, head)->perm; const u8 b_perm = container_of(b, struct tomoyo_inet_acl, head)->perm;
if (is_delete) if (is_delete)
perm &= ~b_perm; perm &= ~b_perm;
else else
perm |= b_perm; perm |= b_perm;
*a_perm = perm; WRITE_ONCE(*a_perm, perm);
return !perm; return !perm;
} }
@ -259,14 +259,14 @@ static bool tomoyo_merge_unix_acl(struct tomoyo_acl_info *a,
{ {
u8 * const a_perm = u8 * const a_perm =
&container_of(a, struct tomoyo_unix_acl, head)->perm; &container_of(a, struct tomoyo_unix_acl, head)->perm;
u8 perm = *a_perm; u8 perm = READ_ONCE(*a_perm);
const u8 b_perm = container_of(b, struct tomoyo_unix_acl, head)->perm; const u8 b_perm = container_of(b, struct tomoyo_unix_acl, head)->perm;
if (is_delete) if (is_delete)
perm &= ~b_perm; perm &= ~b_perm;
else else
perm |= b_perm; perm |= b_perm;
*a_perm = perm; WRITE_ONCE(*a_perm, perm);
return !perm; return !perm;
} }
@ -613,7 +613,7 @@ static int tomoyo_check_unix_address(struct sockaddr *addr,
static bool tomoyo_kernel_service(void) static bool tomoyo_kernel_service(void)
{ {
/* Nothing to do if I am a kernel service. */ /* Nothing to do if I am a kernel service. */
return uaccess_kernel(); return (current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD;
} }
/** /**

24
security/tomoyo/util.c
View File

@ -1058,30 +1058,30 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
if (ptr->is_deleted) if (ptr->is_deleted)
continue; continue;
/*
* Reading perm bitmap might race with tomoyo_merge_*() because
* caller does not hold tomoyo_policy_lock mutex. But exceeding
* max_learning_entry parameter by a few entries does not harm.
*/
switch (ptr->type) { switch (ptr->type) {
case TOMOYO_TYPE_PATH_ACL: case TOMOYO_TYPE_PATH_ACL:
perm = container_of(ptr, struct tomoyo_path_acl, head) data_race(perm = container_of(ptr, struct tomoyo_path_acl, head)->perm);
->perm;
break; break;
case TOMOYO_TYPE_PATH2_ACL: case TOMOYO_TYPE_PATH2_ACL:
perm = container_of(ptr, struct tomoyo_path2_acl, head) data_race(perm = container_of(ptr, struct tomoyo_path2_acl, head)->perm);
->perm;
break; break;
case TOMOYO_TYPE_PATH_NUMBER_ACL: case TOMOYO_TYPE_PATH_NUMBER_ACL:
perm = container_of(ptr, struct tomoyo_path_number_acl, data_race(perm = container_of(ptr, struct tomoyo_path_number_acl, head)
head)->perm; ->perm);
break; break;
case TOMOYO_TYPE_MKDEV_ACL: case TOMOYO_TYPE_MKDEV_ACL:
perm = container_of(ptr, struct tomoyo_mkdev_acl, data_race(perm = container_of(ptr, struct tomoyo_mkdev_acl, head)->perm);
head)->perm;
break; break;
case TOMOYO_TYPE_INET_ACL: case TOMOYO_TYPE_INET_ACL:
perm = container_of(ptr, struct tomoyo_inet_acl, data_race(perm = container_of(ptr, struct tomoyo_inet_acl, head)->perm);
head)->perm;
break; break;
case TOMOYO_TYPE_UNIX_ACL: case TOMOYO_TYPE_UNIX_ACL:
perm = container_of(ptr, struct tomoyo_unix_acl, data_race(perm = container_of(ptr, struct tomoyo_unix_acl, head)->perm);
head)->perm;
break; break;
case TOMOYO_TYPE_MANUAL_TASK_ACL: case TOMOYO_TYPE_MANUAL_TASK_ACL:
perm = 0; perm = 0;