tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge tag 'tomoyo-pr-20211222' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1

Browse Source 
Pull tomoyo fixes from Tetsuo Handa:
 "Two overhead reduction patches for testing/fuzzing environment"

* tag 'tomoyo-pr-20211222' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1:
  tomoyo: use hweight16() in tomoyo_domain_quota_is_ok()
  tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
This commit is contained in:
Linus Torvalds
2021-12-22 10:06:32 -08:00
parent e19e226345 f702e11076
commit c9ea870c6e
1 changed files with 14 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/tomoyo/util.c
+14 -17
View File
@@ -1051,10 +1051,11 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
return false;
if (!domain)
return true;
if (READ_ONCE(domain->flags[TOMOYO_DIF_QUOTA_WARNED]))
return false;
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list,
srcu_read_lock_held(&tomoyo_ss)) {
u16 perm;
u8 i;
if (ptr->is_deleted)
continue;
@@ -1065,23 +1066,23 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
*/
switch (ptr->type) {
case TOMOYO_TYPE_PATH_ACL:
data_race(perm = container_of(ptr, struct tomoyo_path_acl, head)->perm);
perm = data_race(container_of(ptr, struct tomoyo_path_acl, head)->perm);
break;
case TOMOYO_TYPE_PATH2_ACL:
data_race(perm = container_of(ptr, struct tomoyo_path2_acl, head)->perm);
perm = data_race(container_of(ptr, struct tomoyo_path2_acl, head)->perm);
break;
case TOMOYO_TYPE_PATH_NUMBER_ACL:
data_race(perm = container_of(ptr, struct tomoyo_path_number_acl, head)
perm = data_race(container_of(ptr, struct tomoyo_path_number_acl, head)
->perm);
break;
case TOMOYO_TYPE_MKDEV_ACL:
data_race(perm = container_of(ptr, struct tomoyo_mkdev_acl, head)->perm);
perm = data_race(container_of(ptr, struct tomoyo_mkdev_acl, head)->perm);
break;
case TOMOYO_TYPE_INET_ACL:
data_race(perm = container_of(ptr, struct tomoyo_inet_acl, head)->perm);
perm = data_race(container_of(ptr, struct tomoyo_inet_acl, head)->perm);
break;
case TOMOYO_TYPE_UNIX_ACL:
data_race(perm = container_of(ptr, struct tomoyo_unix_acl, head)->perm);
perm = data_race(container_of(ptr, struct tomoyo_unix_acl, head)->perm);
break;
case TOMOYO_TYPE_MANUAL_TASK_ACL:
perm = 0;
@@ -1089,21 +1090,17 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
default:
perm = 1;
}
for (i = 0; i < 16; i++)
if (perm & (1 << i))
count++;
count += hweight16(perm);
}
if (count < tomoyo_profile(domain->ns, domain->profile)->
pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])
return true;
if (!domain->flags[TOMOYO_DIF_QUOTA_WARNED]) {
domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
/* r->granted = false; */
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
WRITE_ONCE(domain->flags[TOMOYO_DIF_QUOTA_WARNED], true);
/* r->granted = false; */
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
domain->domainname->name);
pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
domain->domainname->name);
#endif
}
return false;
}