!12728 Backport "ima: Avoid blocking in RCU read-side critical section" (7adc3f58) · Commits · EulixOS / Software / Kernel

include/linux/lsm_hook_defs.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -390,7 +390,7 @@ LSM_HOOK(int, 0, key_getsecurity, struct key key, char *buffer)

		#ifdef CONFIG_AUDIT
		LSM_HOOK(int, 0, audit_rule_init, u32 field, u32 op, char *rulestr,
		void **lsmrule)
		void **lsmrule, gfp_t gfp)
		LSM_HOOK(int, 0, audit_rule_known, struct audit_krule *krule)
		LSM_HOOK(int, 0, audit_rule_match, u32 secid, u32 field, u32 op, void *lsmrule)
		LSM_HOOK(void, LSM_RET_VOID, audit_rule_free, void *lsmrule)

+3 −2

Original line number	Diff line number	Diff line
		@@ -1953,7 +1953,8 @@ static inline int security_key_getsecurity(struct key key, char *_buffer)

		#ifdef CONFIG_AUDIT
		#ifdef CONFIG_SECURITY
		int security_audit_rule_init(u32 field, u32 op, char rulestr, void *lsmrule);
		int security_audit_rule_init(u32 field, u32 op, char rulestr, void *lsmrule,
		gfp_t gfp);
		int security_audit_rule_known(struct audit_krule *krule);
		int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
		void security_audit_rule_free(void *lsmrule);
		@@ -1961,7 +1962,7 @@ void security_audit_rule_free(void *lsmrule);
		#else

		static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
		void **lsmrule)
		void **lsmrule, gfp_t gfp)
		{
		return 0;
		}

+3 −2

Original line number	Diff line number	Diff line
		@@ -529,7 +529,8 @@ static struct audit_entry audit_data_to_entry(struct audit_rule_data data,
		entry->rule.buflen += f_val;
		f->lsm_str = str;
		err = security_audit_rule_init(f->type, f->op, str,
		(void **)&f->lsm_rule);
		(void **)&f->lsm_rule,
		GFP_KERNEL);
		/* Keep currently invalid fields around in case they
		* become valid after a policy reload. */
		if (err == -EINVAL) {
		@@ -799,7 +800,7 @@ static inline int audit_dupe_lsm_field(struct audit_field *df,

		/* our own (refreshed) copy of lsm_rule */
		ret = security_audit_rule_init(df->type, df->op, df->lsm_str,
		(void **)&df->lsm_rule);
		(void **)&df->lsm_rule, GFP_KERNEL);
		/* Keep currently invalid fields around in case they
		* become valid after a policy reload. */
		if (ret == -EINVAL) {

+3 −3

Original line number	Diff line number	Diff line
		@@ -217,7 +217,7 @@ void aa_audit_rule_free(void *vrule)
		}
		}

		int aa_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule)
		int aa_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule, gfp_t gfp)
		{
		struct aa_audit_rule *rule;

		@@ -230,14 +230,14 @@ int aa_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule)
		return -EINVAL;
		}

		rule = kzalloc(sizeof(struct aa_audit_rule), GFP_KERNEL);
		rule = kzalloc(sizeof(struct aa_audit_rule), gfp);

		if (!rule)
		return -ENOMEM;

		/* Currently rules are treated as coming from the root ns */
		rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr,
		GFP_KERNEL, true, false);
		gfp, true, false);
		if (IS_ERR(rule->label)) {
		int err = PTR_ERR(rule->label);
		aa_audit_rule_free(rule);

+1 −1

Original line number	Diff line number	Diff line
		@@ -193,7 +193,7 @@ static inline int complain_error(int error)
		}

		void aa_audit_rule_free(void *vrule);
		int aa_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule);
		int aa_audit_rule_init(u32 field, u32 op, char rulestr, void *vrule, gfp_t gfp);
		int aa_audit_rule_known(struct audit_krule *rule);
		int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);