Skip to content

Commit d15ffbb

Browse files
author
Al Viro
committed
ima_fs: get rid of lookup-by-dentry stuff
lookup_template_data_hash_algo() machinery is used to locate the matching ima_algo_array[] element at read time; securityfs allows to stash that into inode->i_private at object creation time, so there's no need to bother Acked-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
1 parent 22260a9 commit d15ffbb

1 file changed

Lines changed: 16 additions & 66 deletions

File tree

security/integrity/ima/ima_fs.c

Lines changed: 16 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -116,28 +116,6 @@ void ima_putc(struct seq_file *m, void *data, int datalen)
116116
seq_putc(m, *(char *)data++);
117117
}
118118

119-
static struct dentry **ascii_securityfs_measurement_lists __ro_after_init;
120-
static struct dentry **binary_securityfs_measurement_lists __ro_after_init;
121-
static int securityfs_measurement_list_count __ro_after_init;
122-
123-
static void lookup_template_data_hash_algo(int *algo_idx, enum hash_algo *algo,
124-
struct seq_file *m,
125-
struct dentry **lists)
126-
{
127-
struct dentry *dentry;
128-
int i;
129-
130-
dentry = file_dentry(m->file);
131-
132-
for (i = 0; i < securityfs_measurement_list_count; i++) {
133-
if (dentry == lists[i]) {
134-
*algo_idx = i;
135-
*algo = ima_algo_array[i].algo;
136-
break;
137-
}
138-
}
139-
}
140-
141119
/* print format:
142120
* 32bit-le=pcr#
143121
* char[n]=template digest
@@ -160,9 +138,10 @@ int ima_measurements_show(struct seq_file *m, void *v)
160138
algo_idx = ima_sha1_idx;
161139
algo = HASH_ALGO_SHA1;
162140

163-
if (m->file != NULL)
164-
lookup_template_data_hash_algo(&algo_idx, &algo, m,
165-
binary_securityfs_measurement_lists);
141+
if (m->file != NULL) {
142+
algo_idx = (unsigned long)file_inode(m->file)->i_private;
143+
algo = ima_algo_array[algo_idx].algo;
144+
}
166145

167146
/* get entry */
168147
e = qe->entry;
@@ -256,9 +235,10 @@ static int ima_ascii_measurements_show(struct seq_file *m, void *v)
256235
algo_idx = ima_sha1_idx;
257236
algo = HASH_ALGO_SHA1;
258237

259-
if (m->file != NULL)
260-
lookup_template_data_hash_algo(&algo_idx, &algo, m,
261-
ascii_securityfs_measurement_lists);
238+
if (m->file != NULL) {
239+
algo_idx = (unsigned long)file_inode(m->file)->i_private;
240+
algo = ima_algo_array[algo_idx].algo;
241+
}
262242

263243
/* get entry */
264244
e = qe->entry;
@@ -412,57 +392,33 @@ static const struct seq_operations ima_policy_seqops = {
412392
};
413393
#endif
414394

415-
static void __init remove_securityfs_measurement_lists(struct dentry **lists)
416-
{
417-
kfree(lists);
418-
}
419-
420395
static int __init create_securityfs_measurement_lists(void)
421396
{
422-
char file_name[NAME_MAX + 1];
423-
struct dentry *dentry;
424-
u16 algo;
425-
int i;
426-
427-
securityfs_measurement_list_count = NR_BANKS(ima_tpm_chip);
397+
int count = NR_BANKS(ima_tpm_chip);
428398

429399
if (ima_sha1_idx >= NR_BANKS(ima_tpm_chip))
430-
securityfs_measurement_list_count++;
400+
count++;
431401

432-
ascii_securityfs_measurement_lists =
433-
kcalloc(securityfs_measurement_list_count, sizeof(struct dentry *),
434-
GFP_KERNEL);
435-
if (!ascii_securityfs_measurement_lists)
436-
return -ENOMEM;
437-
438-
binary_securityfs_measurement_lists =
439-
kcalloc(securityfs_measurement_list_count, sizeof(struct dentry *),
440-
GFP_KERNEL);
441-
if (!binary_securityfs_measurement_lists)
442-
return -ENOMEM;
443-
444-
for (i = 0; i < securityfs_measurement_list_count; i++) {
445-
algo = ima_algo_array[i].algo;
402+
for (int i = 0; i < count; i++) {
403+
u16 algo = ima_algo_array[i].algo;
404+
char file_name[NAME_MAX + 1];
405+
struct dentry *dentry;
446406

447407
sprintf(file_name, "ascii_runtime_measurements_%s",
448408
hash_algo_name[algo]);
449409
dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP,
450-
ima_dir, NULL,
410+
ima_dir, (void *)(uintptr_t)i,
451411
&ima_ascii_measurements_ops);
452412
if (IS_ERR(dentry))
453413
return PTR_ERR(dentry);
454414

455-
ascii_securityfs_measurement_lists[i] = dentry;
456-
457415
sprintf(file_name, "binary_runtime_measurements_%s",
458416
hash_algo_name[algo]);
459417
dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP,
460-
ima_dir, NULL,
418+
ima_dir, (void *)(uintptr_t)i,
461419
&ima_measurements_ops);
462420
if (IS_ERR(dentry))
463421
return PTR_ERR(dentry);
464-
465-
binary_securityfs_measurement_lists[i] = dentry;
466422
}
467423

468424
return 0;
@@ -543,9 +499,6 @@ int __init ima_fs_init(void)
543499
struct dentry *dentry;
544500
int ret;
545501

546-
ascii_securityfs_measurement_lists = NULL;
547-
binary_securityfs_measurement_lists = NULL;
548-
549502
ima_dir = securityfs_create_dir("ima", integrity_dir);
550503
if (IS_ERR(ima_dir))
551504
return PTR_ERR(ima_dir);
@@ -600,9 +553,6 @@ int __init ima_fs_init(void)
600553

601554
return 0;
602555
out:
603-
remove_securityfs_measurement_lists(ascii_securityfs_measurement_lists);
604-
remove_securityfs_measurement_lists(binary_securityfs_measurement_lists);
605-
securityfs_measurement_list_count = 0;
606556
securityfs_remove(ima_symlink);
607557
securityfs_remove(ima_dir);
608558

0 commit comments

Comments
 (0)