(メッセージはありません)
@@ -94,6 +94,20 @@ | ||
94 | 94 | #define CS_INODE_HOOK_HAS_MNT |
95 | 95 | #endif |
96 | 96 | |
97 | +#if !defined(CONFIG_CAITSITH_DEBUG) | |
98 | +#define cs_debug_trace(pos) do { } while (0) | |
99 | +#else | |
100 | +#define cs_debug_trace(pos) \ | |
101 | + do { \ | |
102 | + static bool done; \ | |
103 | + if (!done) { \ | |
104 | + printk(KERN_INFO \ | |
105 | + "CAITSITH: Debug trace: " pos " of 4\n"); \ | |
106 | + done = true; \ | |
107 | + } \ | |
108 | + } while (0) | |
109 | +#endif | |
110 | + | |
97 | 111 | /** |
98 | 112 | * cs_clear_execve - Release memory used by do_execve(). |
99 | 113 | * |
@@ -146,17 +160,7 @@ | ||
146 | 160 | * immediately after do_execve() has failed. |
147 | 161 | */ |
148 | 162 | if (ptr->pid && (ptr->cs_flags & CS_TASK_IS_IN_EXECVE)) { |
149 | -#ifdef CONFIG_CAITSITH_DEBUG | |
150 | - static bool done; | |
151 | - if (!done) { | |
152 | - printk(KERN_INFO "CAITSITH: Decrementing " | |
153 | - "cs_in_execve_tasks counter " | |
154 | - "because some \"struct task_struct\" has " | |
155 | - "exit()ed immediately after do_execve() has " | |
156 | - "failed.\n"); | |
157 | - done = true; | |
158 | - } | |
159 | -#endif | |
163 | + cs_debug_trace("1"); | |
160 | 164 | atomic_dec(&cs_in_execve_tasks); |
161 | 165 | } |
162 | 166 | #else |
@@ -167,17 +171,7 @@ | ||
167 | 171 | * immediately after do_execve() has failed. |
168 | 172 | */ |
169 | 173 | if (ptr->pid && ptr->cred) { |
170 | -#ifdef CONFIG_CAITSITH_DEBUG | |
171 | - static bool done; | |
172 | - if (!done) { | |
173 | - printk(KERN_INFO "CAITSITH: Dropping refcount on " | |
174 | - "\"struct cred\" in \"struct linux_binprm\" " | |
175 | - "because some \"struct task_struct\" has " | |
176 | - "exit()ed immediately after do_execve() has " | |
177 | - "failed.\n"); | |
178 | - done = true; | |
179 | - } | |
180 | -#endif | |
174 | + cs_debug_trace("1"); | |
181 | 175 | put_cred(ptr->cred); |
182 | 176 | atomic_dec(&cs_in_execve_tasks); |
183 | 177 | } |
@@ -187,27 +181,11 @@ | ||
187 | 181 | * drop refcount obtained by get_pid() in cs_find_task_security(). |
188 | 182 | */ |
189 | 183 | if (ptr->pid) { |
190 | -#ifdef CONFIG_CAITSITH_DEBUG | |
191 | - static bool done; | |
192 | - if (!done) { | |
193 | - printk(KERN_INFO "CAITSITH: Dropping refcount on " | |
194 | - "\"struct pid\".\n"); | |
195 | - done = true; | |
196 | - } | |
197 | -#endif | |
184 | + cs_debug_trace("2"); | |
198 | 185 | put_pid(ptr->pid); |
199 | 186 | } |
200 | 187 | if (r) { |
201 | -#ifdef CONFIG_CAITSITH_DEBUG | |
202 | - static bool done; | |
203 | - if (!done) { | |
204 | - printk(KERN_INFO "CAITSITH: Releasing memory in " | |
205 | - "\"struct cs_request_info\" because some " | |
206 | - "\"struct task_struct\" has exit()ed " | |
207 | - "immediately after do_execve() has failed.\n"); | |
208 | - done = true; | |
209 | - } | |
210 | -#endif | |
188 | + cs_debug_trace("3"); | |
211 | 189 | kfree(r->handler_path); |
212 | 190 | kfree(r); |
213 | 191 | } |
@@ -2741,15 +2719,7 @@ | ||
2741 | 2719 | if (task == current && |
2742 | 2720 | (ptr->cs_flags & CS_TASK_IS_IN_EXECVE) && |
2743 | 2721 | !current->in_execve) { |
2744 | -#ifdef CONFIG_CAITSITH_DEBUG | |
2745 | - static bool done; | |
2746 | - if (!done) { | |
2747 | - printk(KERN_INFO "CAITSITH: Reverting domain " | |
2748 | - "transition because do_execve() has " | |
2749 | - "failed.\n"); | |
2750 | - done = true; | |
2751 | - } | |
2752 | -#endif | |
2722 | + cs_debug_trace("4"); | |
2753 | 2723 | cs_clear_execve(-1, ptr); |
2754 | 2724 | } |
2755 | 2725 | #else |
@@ -2785,15 +2755,7 @@ | ||
2785 | 2755 | */ |
2786 | 2756 | if (task == current && ptr->cred && |
2787 | 2757 | atomic_read(&ptr->cred->usage) == 1) { |
2788 | -#ifdef CONFIG_CAITSITH_DEBUG | |
2789 | - static bool done; | |
2790 | - if (!done) { | |
2791 | - printk(KERN_INFO "CAITSITH: Reverting domain " | |
2792 | - "transition because do_execve() has " | |
2793 | - "failed.\n"); | |
2794 | - done = true; | |
2795 | - } | |
2796 | -#endif | |
2758 | + cs_debug_trace("4"); | |
2797 | 2759 | cs_clear_execve(-1, ptr); |
2798 | 2760 | } |
2799 | 2761 | #endif |
@@ -52,6 +52,20 @@ | ||
52 | 52 | /* Original hooks. */ |
53 | 53 | static struct security_operations original_security_ops; |
54 | 54 | |
55 | +#if !defined(CONFIG_CAITSITH_DEBUG) | |
56 | +#define cs_debug_trace(pos) do { } while (0) | |
57 | +#else | |
58 | +#define cs_debug_trace(pos) \ | |
59 | + do { \ | |
60 | + static bool done; \ | |
61 | + if (!done) { \ | |
62 | + printk(KERN_INFO \ | |
63 | + "CAITSITH: Debug trace: " pos " of 4\n"); \ | |
64 | + done = true; \ | |
65 | + } \ | |
66 | + } while (0) | |
67 | +#endif | |
68 | + | |
55 | 69 | /** |
56 | 70 | * cs_clear_execve - Release memory used by do_execve(). |
57 | 71 | * |
@@ -91,17 +105,7 @@ | ||
91 | 105 | * immediately after do_execve() has failed. |
92 | 106 | */ |
93 | 107 | if (ptr->pid && (ptr->cs_flags & CS_TASK_IS_IN_EXECVE)) { |
94 | -#ifdef CONFIG_CAITSITH_DEBUG | |
95 | - static bool done; | |
96 | - if (!done) { | |
97 | - printk(KERN_INFO "CAITSITH: Decrementing " | |
98 | - "cs_in_execve_tasks counter " | |
99 | - "because some \"struct task_struct\" has " | |
100 | - "exit()ed immediately after do_execve() has " | |
101 | - "failed.\n"); | |
102 | - done = true; | |
103 | - } | |
104 | -#endif | |
108 | + cs_debug_trace("1"); | |
105 | 109 | atomic_dec(&cs_in_execve_tasks); |
106 | 110 | } |
107 | 111 | /* |
@@ -109,27 +113,11 @@ | ||
109 | 113 | * drop refcount obtained by get_pid() in cs_find_task_security(). |
110 | 114 | */ |
111 | 115 | if (ptr->pid) { |
112 | -#ifdef CONFIG_CAITSITH_DEBUG | |
113 | - static bool done; | |
114 | - if (!done) { | |
115 | - printk(KERN_INFO "CAITSITH: Dropping refcount on " | |
116 | - "\"struct pid\".\n"); | |
117 | - done = true; | |
118 | - } | |
119 | -#endif | |
116 | + cs_debug_trace("2"); | |
120 | 117 | put_pid(ptr->pid); |
121 | 118 | } |
122 | 119 | if (r) { |
123 | -#ifdef CONFIG_CAITSITH_DEBUG | |
124 | - static bool done; | |
125 | - if (!done) { | |
126 | - printk(KERN_INFO "CAITSITH: Releasing memory in " | |
127 | - "\"struct cs_execve\" because some " | |
128 | - "\"struct task_struct\" has exit()ed " | |
129 | - "immediately after do_execve() has failed.\n"); | |
130 | - done = true; | |
131 | - } | |
132 | -#endif | |
120 | + cs_debug_trace("3"); | |
133 | 121 | kfree(r->handler_path); |
134 | 122 | kfree(r); |
135 | 123 | } |
@@ -1215,9 +1203,9 @@ | ||
1215 | 1203 | add_security_ops(op, lsm_list); \ |
1216 | 1204 | else { \ |
1217 | 1205 | struct security_operations *ops = \ |
1218 | - container_of(lsm_list, \ | |
1219 | - struct security_operations, \ | |
1220 | - list[0]); \ | |
1206 | + list_first_entry(&lsm_list[lsm_##op], \ | |
1207 | + typeof(*ops), \ | |
1208 | + list[lsm_##op]); \ | |
1221 | 1209 | original_security_ops.op = ops->op; \ |
1222 | 1210 | smp_wmb(); \ |
1223 | 1211 | ops->op = cs_##op; \ |
@@ -1428,15 +1416,7 @@ | ||
1428 | 1416 | if (task == current && |
1429 | 1417 | (ptr->cs_flags & CS_TASK_IS_IN_EXECVE) && |
1430 | 1418 | !current->in_execve) { |
1431 | -#ifdef CONFIG_CAITSITH_DEBUG | |
1432 | - static bool done; | |
1433 | - if (!done) { | |
1434 | - printk(KERN_INFO "CAITSITH: Reverting domain " | |
1435 | - "transition because do_execve() has " | |
1436 | - "failed.\n"); | |
1437 | - done = true; | |
1438 | - } | |
1439 | -#endif | |
1419 | + cs_debug_trace("4"); | |
1440 | 1420 | cs_clear_execve(-1, ptr); |
1441 | 1421 | } |
1442 | 1422 | return ptr; |