summaryrefslogtreecommitdiffstats
path: root/security/integrity/ima
diff options
context:
space:
mode:
authorDmitry Kasatkin2011-10-19 11:04:40 +0200
committerMimi Zohar2012-09-07 20:57:45 +0200
commitbf2276d10ce58ff44ab8857266a6718024496af6 (patch)
tree7be39c026fd30856248f68c964d0f1e2ae703c25 /security/integrity/ima
parentima: add appraise action keywords and default rules (diff)
downloadkernel-qcow2-linux-bf2276d10ce58ff44ab8857266a6718024496af6.tar.gz
kernel-qcow2-linux-bf2276d10ce58ff44ab8857266a6718024496af6.tar.xz
kernel-qcow2-linux-bf2276d10ce58ff44ab8857266a6718024496af6.zip
ima: allocating iint improvements
With IMA-appraisal's removal of the iint mutex and taking the i_mutex instead, allocating the iint becomes a lot simplier, as we don't need to be concerned with two processes racing to allocate the iint. This patch cleans up and improves performance for allocating the iint. - removed redundant double i_mutex locking - combined iint allocation with tree search Changelog v2: - removed the rwlock/read_lock changes from this patch Signed-off-by: Dmitry Kasatkin <dmitry.kasatkin@intel.com> Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r--security/integrity/ima/ima_main.c13
1 files changed, 4 insertions, 9 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 6eb28d47e74b..df6521296051 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -162,19 +162,14 @@ static int process_measurement(struct file *file, const unsigned char *filename,
if (!action)
return 0;
-retry:
- iint = integrity_iint_find(inode);
- if (!iint) {
- rc = integrity_inode_alloc(inode);
- if (!rc || rc == -EEXIST)
- goto retry;
- return rc;
- }
-
must_appraise = action & IMA_APPRAISE;
mutex_lock(&inode->i_mutex);
+ iint = integrity_inode_get(inode);
+ if (!iint)
+ goto out;
+
/* Determine if already appraised/measured based on bitmask
* (IMA_MEASURE, IMA_MEASURED, IMA_APPRAISE, IMA_APPRAISED) */
iint->flags |= action;