ima_file_free() checks 'iint_initialized' unnecessarily, because S_IMA flag would not be set if iint was not allocated. At the same time integrity cache is allocated with SLAB_PANIC and kernel will panic if allocation fails during kernel initialization. So on running system iint_initialized is always true and can be removed.
This patch uses lately introduced ima_policy_flag to test if IMA is enabled by policy. Changes in v3: * not limiting test to IMA_APPRAISE (spotted by Roberto Sassu) Changes in v2: * 'iint_initialized' removal patch merged to this patch (requested by Mimi) Signed-off-by: Dmitry Kasatkin <[email protected]> --- security/integrity/iint.c | 3 --- security/integrity/ima/ima_main.c | 2 +- security/integrity/integrity.h | 3 --- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/security/integrity/iint.c b/security/integrity/iint.c index a521edf..cc3eb4d 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -25,8 +25,6 @@ static struct rb_root integrity_iint_tree = RB_ROOT; static DEFINE_RWLOCK(integrity_iint_lock); static struct kmem_cache *iint_cache __read_mostly; -int iint_initialized; - /* * __integrity_iint_find - return the iint associated with an inode */ @@ -166,7 +164,6 @@ static int __init integrity_iintcache_init(void) iint_cache = kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), 0, SLAB_PANIC, init_once); - iint_initialized = 1; return 0; } security_initcall(integrity_iintcache_init); diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 62f59ec..72faf0b 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -143,7 +143,7 @@ void ima_file_free(struct file *file) struct inode *inode = file_inode(file); struct integrity_iint_cache *iint; - if (!iint_initialized || !S_ISREG(inode->i_mode)) + if (!ima_policy_flag || !S_ISREG(inode->i_mode)) return; iint = integrity_iint_find(inode); diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index aafb468..f51ad65 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -169,6 +169,3 @@ static inline void integrity_audit_msg(int audit_msgno, struct inode *inode, { } #endif - -/* set during initialization */ -extern int iint_initialized; -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
