Davidlohr Bueso
dave****@stgol*****
Wed Feb 25 04:42:46 JST 2015
The mm->exe_file is currently serialized with mmap_sem (shared) in order to both safely (1) read the file and (2) compute the realpath by calling tomoyo_realpath_from_path, making it an absolute overkill. Good users will, on the other hand, make use of the more standard get_mm_exe_file(), requiring only holding the mmap_sem to read the value, and relying on reference Signed-off-by: Davidlohr Bueso <dbues****@suse*****> --- Changes from v2: remove cleanups and cp initialization. security/tomoyo/util.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 2952ba5..29f3b65 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -948,16 +948,19 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename, */ const char *tomoyo_get_exe(void) { - struct mm_struct *mm = current->mm; - const char *cp = NULL; + struct file *exe_file; + const char *cp; + struct mm_struct *mm = current->mm; - if (!mm) - return NULL; - down_read(&mm->mmap_sem); - if (mm->exe_file) - cp = tomoyo_realpath_from_path(&mm->exe_file->f_path); - up_read(&mm->mmap_sem); - return cp; + if (!mm) + return NULL; + exe_file = get_mm_exe_file(mm); + if (!exe_file) + return NULL; + + cp = tomoyo_realpath_from_path(&exe_file->f_path); + fput(exe_file); + return cp; } /** -- 2.1.4
TOMOYO
Fork