SMACK: Add new lock for adding entry in smack master list

"smk_set_access()" function adds a new rule entry in subject label specific
list(rule_list) and in global rule list(smack_rule_list) both. Mutex lock
(rule_lock) is used to avoid simultaneous updates. But this lock is subject
label specific lock. If 2 processes tries to add different rules(i.e with
different subject labels) simultaneously, then both the processes can take
the "rule_lock" respectively. So it will cause a problem while adding
entries in master rule list.
Now a new mutex lock(smack_master_list_lock) has been taken to add entry in
smack_rule_list to avoid simultaneous updates of different rules.

Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Vishal Goel 2016-11-23 10:46:57 +05:30 committed by Casey Schaufler
parent 0c96d1f532
commit 2e962e2fec

View File

@ -67,6 +67,7 @@ enum smk_inos {
/* /*
* List locks * List locks
*/ */
static DEFINE_MUTEX(smack_master_list_lock);
static DEFINE_MUTEX(smack_cipso_lock); static DEFINE_MUTEX(smack_cipso_lock);
static DEFINE_MUTEX(smack_ambient_lock); static DEFINE_MUTEX(smack_ambient_lock);
static DEFINE_MUTEX(smk_net4addr_lock); static DEFINE_MUTEX(smk_net4addr_lock);
@ -262,12 +263,16 @@ static int smk_set_access(struct smack_parsed_rule *srp,
* it needs to get added for reporting. * it needs to get added for reporting.
*/ */
if (global) { if (global) {
mutex_unlock(rule_lock);
smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); smlp = kzalloc(sizeof(*smlp), GFP_KERNEL);
if (smlp != NULL) { if (smlp != NULL) {
smlp->smk_rule = sp; smlp->smk_rule = sp;
mutex_lock(&smack_master_list_lock);
list_add_rcu(&smlp->list, &smack_rule_list); list_add_rcu(&smlp->list, &smack_rule_list);
mutex_unlock(&smack_master_list_lock);
} else } else
rc = -ENOMEM; rc = -ENOMEM;
return rc;
} }
} }