diff options
author | Dmitry Kasatkin | 2011-10-19 11:04:40 +0200 |
---|---|---|
committer | Mimi Zohar | 2012-09-07 20:57:45 +0200 |
commit | bf2276d10ce58ff44ab8857266a6718024496af6 (patch) | |
tree | 7be39c026fd30856248f68c964d0f1e2ae703c25 /security/integrity/ima | |
parent | ima: add appraise action keywords and default rules (diff) | |
download | kernel-qcow2-linux-bf2276d10ce58ff44ab8857266a6718024496af6.tar.gz kernel-qcow2-linux-bf2276d10ce58ff44ab8857266a6718024496af6.tar.xz kernel-qcow2-linux-bf2276d10ce58ff44ab8857266a6718024496af6.zip |
ima: allocating iint improvements
With IMA-appraisal's removal of the iint mutex and taking the i_mutex
instead, allocating the iint becomes a lot simplier, as we don't need
to be concerned with two processes racing to allocate the iint. This
patch cleans up and improves performance for allocating the iint.
- removed redundant double i_mutex locking
- combined iint allocation with tree search
Changelog v2:
- removed the rwlock/read_lock changes from this patch
Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r-- | security/integrity/ima/ima_main.c | 13 |
1 files changed, 4 insertions, 9 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 6eb28d47e74b..df6521296051 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -162,19 +162,14 @@ static int process_measurement(struct file *file, const unsigned char *filename, if (!action) return 0; -retry: - iint = integrity_iint_find(inode); - if (!iint) { - rc = integrity_inode_alloc(inode); - if (!rc || rc == -EEXIST) - goto retry; - return rc; - } - must_appraise = action & IMA_APPRAISE; mutex_lock(&inode->i_mutex); + iint = integrity_inode_get(inode); + if (!iint) + goto out; + /* Determine if already appraised/measured based on bitmask * (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED) */ iint->flags |= action; |