From 2e962e2fec5c35b91e3b541e2b8373504bf91e27 Mon Sep 17 00:00:00 2001 From: Vishal Goel Date: Wed, 23 Nov 2016 10:46:57 +0530 Subject: SMACK: Add new lock for adding entry in smack master list "smk_set_access()" function adds a new rule entry in subject label specific list(rule_list) and in global rule list(smack_rule_list) both. Mutex lock (rule_lock) is used to avoid simultaneous updates. But this lock is subject label specific lock. If 2 processes tries to add different rules(i.e with different subject labels) simultaneously, then both the processes can take the "rule_lock" respectively. So it will cause a problem while adding entries in master rule list. Now a new mutex lock(smack_master_list_lock) has been taken to add entry in smack_rule_list to avoid simultaneous updates of different rules. Signed-off-by: Vishal Goel Signed-off-by: Himanshu Shukla Signed-off-by: Casey Schaufler --- security/smack/smackfs.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'security/smack/smackfs.c') diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 13743a01b35b..366b8356f75b 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -67,6 +67,7 @@ enum smk_inos { /* * List locks */ +static DEFINE_MUTEX(smack_master_list_lock); static DEFINE_MUTEX(smack_cipso_lock); static DEFINE_MUTEX(smack_ambient_lock); static DEFINE_MUTEX(smk_net4addr_lock); @@ -262,12 +263,16 @@ static int smk_set_access(struct smack_parsed_rule *srp, * it needs to get added for reporting. */ if (global) { + mutex_unlock(rule_lock); smlp = kzalloc(sizeof(*smlp), GFP_KERNEL); if (smlp != NULL) { smlp->smk_rule = sp; + mutex_lock(&smack_master_list_lock); list_add_rcu(&smlp->list, &smack_rule_list); + mutex_unlock(&smack_master_list_lock); } else rc = -ENOMEM; + return rc; } } -- cgit v1.2.3