提交 c9d9ac52 编写于 作者: M Mimi Zohar 提交者: James Morris

integrity: move ima_counts_get

Based on discussion on lkml (Andrew Morton and Eric Paris),
move ima_counts_get down a layer into shmem/hugetlb__file_setup().
Resolves drm shmem_file_setup() usage case as well.

HD comment:
  I still think you're doing this at the wrong level, but recognize
  that you probably won't be persuaded until a few more users of
  alloc_file() emerge, all wanting your ima_counts_get().

  Resolving GEM's shmem_file_setup() is an improvement, so I'll say
Acked-by: NHugh Dickins <hugh.dickins@tiscali.co.uk>
Signed-off-by: NMimi Zohar <zohar@us.ibm.com>
Signed-off-by: NJames Morris <jmorris@namei.org>
上级 b9fc745d
...@@ -30,6 +30,7 @@ ...@@ -30,6 +30,7 @@
#include <linux/dnotify.h> #include <linux/dnotify.h>
#include <linux/statfs.h> #include <linux/statfs.h>
#include <linux/security.h> #include <linux/security.h>
#include <linux/ima.h>
#include <asm/uaccess.h> #include <asm/uaccess.h>
...@@ -997,6 +998,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag) ...@@ -997,6 +998,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag)
&hugetlbfs_file_operations); &hugetlbfs_file_operations);
if (!file) if (!file)
goto out_dentry; /* inode is already attached */ goto out_dentry; /* inode is already attached */
ima_counts_get(file);
return file; return file;
......
...@@ -384,7 +384,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) ...@@ -384,7 +384,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
error = PTR_ERR(file); error = PTR_ERR(file);
if (IS_ERR(file)) if (IS_ERR(file))
goto no_file; goto no_file;
ima_counts_get(file);
id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni); id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
if (id < 0) { if (id < 0) {
......
...@@ -2659,6 +2659,7 @@ struct file *shmem_file_setup(char *name, loff_t size, unsigned long flags) ...@@ -2659,6 +2659,7 @@ struct file *shmem_file_setup(char *name, loff_t size, unsigned long flags)
if (error) if (error)
goto close_file; goto close_file;
#endif #endif
ima_counts_get(file);
return file; return file;
close_file: close_file:
...@@ -2684,7 +2685,6 @@ int shmem_zero_setup(struct vm_area_struct *vma) ...@@ -2684,7 +2685,6 @@ int shmem_zero_setup(struct vm_area_struct *vma)
if (IS_ERR(file)) if (IS_ERR(file))
return PTR_ERR(file); return PTR_ERR(file);
ima_counts_get(file);
if (vma->vm_file) if (vma->vm_file)
fput(vma->vm_file); fput(vma->vm_file);
vma->vm_file = file; vma->vm_file = file;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册