(メッセージはありません)
trunk/caitsith-patch/caitsith/lsm.c (diff) trunk/caitsith-patch/caitsith/mclsm.c (diff)| @@ -94,6 +94,20 @@ | ||
| 94 | 94 | #define CS_INODE_HOOK_HAS_MNT |
| 95 | 95 | #endif |
| 96 | 96 | |
| 97 | +#if !defined(CONFIG_CAITSITH_DEBUG) | |
| 98 | +#define cs_debug_trace(pos) do { } while (0) | |
| 99 | +#else | |
| 100 | +#define cs_debug_trace(pos) \ | |
| 101 | + do { \ | |
| 102 | + static bool done; \ | |
| 103 | + if (!done) { \ | |
| 104 | + printk(KERN_INFO \ | |
| 105 | + "CAITSITH: Debug trace: " pos " of 4\n"); \ | |
| 106 | + done = true; \ | |
| 107 | + } \ | |
| 108 | + } while (0) | |
| 109 | +#endif | |
| 110 | + | |
| 97 | 111 | /** |
| 98 | 112 | * cs_clear_execve - Release memory used by do_execve(). |
| 99 | 113 | * |
| @@ -146,17 +160,7 @@ | ||
| 146 | 160 | * immediately after do_execve() has failed. |
| 147 | 161 | */ |
| 148 | 162 | if (ptr->pid && (ptr->cs_flags & CS_TASK_IS_IN_EXECVE)) { |
| 149 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 150 | - static bool done; | |
| 151 | - if (!done) { | |
| 152 | - printk(KERN_INFO "CAITSITH: Decrementing " | |
| 153 | - "cs_in_execve_tasks counter " | |
| 154 | - "because some \"struct task_struct\" has " | |
| 155 | - "exit()ed immediately after do_execve() has " | |
| 156 | - "failed.\n"); | |
| 157 | - done = true; | |
| 158 | - } | |
| 159 | -#endif | |
| 163 | + cs_debug_trace("1"); | |
| 160 | 164 | atomic_dec(&cs_in_execve_tasks); |
| 161 | 165 | } |
| 162 | 166 | #else |
| @@ -167,17 +171,7 @@ | ||
| 167 | 171 | * immediately after do_execve() has failed. |
| 168 | 172 | */ |
| 169 | 173 | if (ptr->pid && ptr->cred) { |
| 170 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 171 | - static bool done; | |
| 172 | - if (!done) { | |
| 173 | - printk(KERN_INFO "CAITSITH: Dropping refcount on " | |
| 174 | - "\"struct cred\" in \"struct linux_binprm\" " | |
| 175 | - "because some \"struct task_struct\" has " | |
| 176 | - "exit()ed immediately after do_execve() has " | |
| 177 | - "failed.\n"); | |
| 178 | - done = true; | |
| 179 | - } | |
| 180 | -#endif | |
| 174 | + cs_debug_trace("1"); | |
| 181 | 175 | put_cred(ptr->cred); |
| 182 | 176 | atomic_dec(&cs_in_execve_tasks); |
| 183 | 177 | } |
| @@ -187,27 +181,11 @@ | ||
| 187 | 181 | * drop refcount obtained by get_pid() in cs_find_task_security(). |
| 188 | 182 | */ |
| 189 | 183 | if (ptr->pid) { |
| 190 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 191 | - static bool done; | |
| 192 | - if (!done) { | |
| 193 | - printk(KERN_INFO "CAITSITH: Dropping refcount on " | |
| 194 | - "\"struct pid\".\n"); | |
| 195 | - done = true; | |
| 196 | - } | |
| 197 | -#endif | |
| 184 | + cs_debug_trace("2"); | |
| 198 | 185 | put_pid(ptr->pid); |
| 199 | 186 | } |
| 200 | 187 | if (r) { |
| 201 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 202 | - static bool done; | |
| 203 | - if (!done) { | |
| 204 | - printk(KERN_INFO "CAITSITH: Releasing memory in " | |
| 205 | - "\"struct cs_request_info\" because some " | |
| 206 | - "\"struct task_struct\" has exit()ed " | |
| 207 | - "immediately after do_execve() has failed.\n"); | |
| 208 | - done = true; | |
| 209 | - } | |
| 210 | -#endif | |
| 188 | + cs_debug_trace("3"); | |
| 211 | 189 | kfree(r->handler_path); |
| 212 | 190 | kfree(r); |
| 213 | 191 | } |
| @@ -2741,15 +2719,7 @@ | ||
| 2741 | 2719 | if (task == current && |
| 2742 | 2720 | (ptr->cs_flags & CS_TASK_IS_IN_EXECVE) && |
| 2743 | 2721 | !current->in_execve) { |
| 2744 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 2745 | - static bool done; | |
| 2746 | - if (!done) { | |
| 2747 | - printk(KERN_INFO "CAITSITH: Reverting domain " | |
| 2748 | - "transition because do_execve() has " | |
| 2749 | - "failed.\n"); | |
| 2750 | - done = true; | |
| 2751 | - } | |
| 2752 | -#endif | |
| 2722 | + cs_debug_trace("4"); | |
| 2753 | 2723 | cs_clear_execve(-1, ptr); |
| 2754 | 2724 | } |
| 2755 | 2725 | #else |
| @@ -2785,15 +2755,7 @@ | ||
| 2785 | 2755 | */ |
| 2786 | 2756 | if (task == current && ptr->cred && |
| 2787 | 2757 | atomic_read(&ptr->cred->usage) == 1) { |
| 2788 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 2789 | - static bool done; | |
| 2790 | - if (!done) { | |
| 2791 | - printk(KERN_INFO "CAITSITH: Reverting domain " | |
| 2792 | - "transition because do_execve() has " | |
| 2793 | - "failed.\n"); | |
| 2794 | - done = true; | |
| 2795 | - } | |
| 2796 | -#endif | |
| 2758 | + cs_debug_trace("4"); | |
| 2797 | 2759 | cs_clear_execve(-1, ptr); |
| 2798 | 2760 | } |
| 2799 | 2761 | #endif |
| @@ -52,6 +52,20 @@ | ||
| 52 | 52 | /* Original hooks. */ |
| 53 | 53 | static struct security_operations original_security_ops; |
| 54 | 54 | |
| 55 | +#if !defined(CONFIG_CAITSITH_DEBUG) | |
| 56 | +#define cs_debug_trace(pos) do { } while (0) | |
| 57 | +#else | |
| 58 | +#define cs_debug_trace(pos) \ | |
| 59 | + do { \ | |
| 60 | + static bool done; \ | |
| 61 | + if (!done) { \ | |
| 62 | + printk(KERN_INFO \ | |
| 63 | + "CAITSITH: Debug trace: " pos " of 4\n"); \ | |
| 64 | + done = true; \ | |
| 65 | + } \ | |
| 66 | + } while (0) | |
| 67 | +#endif | |
| 68 | + | |
| 55 | 69 | /** |
| 56 | 70 | * cs_clear_execve - Release memory used by do_execve(). |
| 57 | 71 | * |
| @@ -91,17 +105,7 @@ | ||
| 91 | 105 | * immediately after do_execve() has failed. |
| 92 | 106 | */ |
| 93 | 107 | if (ptr->pid && (ptr->cs_flags & CS_TASK_IS_IN_EXECVE)) { |
| 94 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 95 | - static bool done; | |
| 96 | - if (!done) { | |
| 97 | - printk(KERN_INFO "CAITSITH: Decrementing " | |
| 98 | - "cs_in_execve_tasks counter " | |
| 99 | - "because some \"struct task_struct\" has " | |
| 100 | - "exit()ed immediately after do_execve() has " | |
| 101 | - "failed.\n"); | |
| 102 | - done = true; | |
| 103 | - } | |
| 104 | -#endif | |
| 108 | + cs_debug_trace("1"); | |
| 105 | 109 | atomic_dec(&cs_in_execve_tasks); |
| 106 | 110 | } |
| 107 | 111 | /* |
| @@ -109,27 +113,11 @@ | ||
| 109 | 113 | * drop refcount obtained by get_pid() in cs_find_task_security(). |
| 110 | 114 | */ |
| 111 | 115 | if (ptr->pid) { |
| 112 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 113 | - static bool done; | |
| 114 | - if (!done) { | |
| 115 | - printk(KERN_INFO "CAITSITH: Dropping refcount on " | |
| 116 | - "\"struct pid\".\n"); | |
| 117 | - done = true; | |
| 118 | - } | |
| 119 | -#endif | |
| 116 | + cs_debug_trace("2"); | |
| 120 | 117 | put_pid(ptr->pid); |
| 121 | 118 | } |
| 122 | 119 | if (r) { |
| 123 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 124 | - static bool done; | |
| 125 | - if (!done) { | |
| 126 | - printk(KERN_INFO "CAITSITH: Releasing memory in " | |
| 127 | - "\"struct cs_execve\" because some " | |
| 128 | - "\"struct task_struct\" has exit()ed " | |
| 129 | - "immediately after do_execve() has failed.\n"); | |
| 130 | - done = true; | |
| 131 | - } | |
| 132 | -#endif | |
| 120 | + cs_debug_trace("3"); | |
| 133 | 121 | kfree(r->handler_path); |
| 134 | 122 | kfree(r); |
| 135 | 123 | } |
| @@ -1215,9 +1203,9 @@ | ||
| 1215 | 1203 | add_security_ops(op, lsm_list); \ |
| 1216 | 1204 | else { \ |
| 1217 | 1205 | struct security_operations *ops = \ |
| 1218 | - container_of(lsm_list, \ | |
| 1219 | - struct security_operations, \ | |
| 1220 | - list[0]); \ | |
| 1206 | + list_first_entry(&lsm_list[lsm_##op], \ | |
| 1207 | + typeof(*ops), \ | |
| 1208 | + list[lsm_##op]); \ | |
| 1221 | 1209 | original_security_ops.op = ops->op; \ |
| 1222 | 1210 | smp_wmb(); \ |
| 1223 | 1211 | ops->op = cs_##op; \ |
| @@ -1428,15 +1416,7 @@ | ||
| 1428 | 1416 | if (task == current && |
| 1429 | 1417 | (ptr->cs_flags & CS_TASK_IS_IN_EXECVE) && |
| 1430 | 1418 | !current->in_execve) { |
| 1431 | -#ifdef CONFIG_CAITSITH_DEBUG | |
| 1432 | - static bool done; | |
| 1433 | - if (!done) { | |
| 1434 | - printk(KERN_INFO "CAITSITH: Reverting domain " | |
| 1435 | - "transition because do_execve() has " | |
| 1436 | - "failed.\n"); | |
| 1437 | - done = true; | |
| 1438 | - } | |
| 1439 | -#endif | |
| 1419 | + cs_debug_trace("4"); | |
| 1440 | 1420 | cs_clear_execve(-1, ptr); |
| 1441 | 1421 | } |
| 1442 | 1422 | return ptr; |
