Skip to content

Commit c9ea870

Browse files
committed
Merge tag 'tomoyo-pr-20211222' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1
Pull tomoyo fixes from Tetsuo Handa: "Two overhead reduction patches for testing/fuzzing environment" * tag 'tomoyo-pr-20211222' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: use hweight16() in tomoyo_domain_quota_is_ok() tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
2 parents e19e226 + f702e11 commit c9ea870

File tree

1 file changed

+14
-17
lines changed

1 file changed

+14
-17
lines changed

security/tomoyo/util.c

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1051,10 +1051,11 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
10511051
return false;
10521052
if (!domain)
10531053
return true;
1054+
if (READ_ONCE(domain->flags[TOMOYO_DIF_QUOTA_WARNED]))
1055+
return false;
10541056
list_for_each_entry_rcu(ptr, &domain->acl_info_list, list,
10551057
srcu_read_lock_held(&tomoyo_ss)) {
10561058
u16 perm;
1057-
u8 i;
10581059

10591060
if (ptr->is_deleted)
10601061
continue;
@@ -1065,45 +1066,41 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
10651066
*/
10661067
switch (ptr->type) {
10671068
case TOMOYO_TYPE_PATH_ACL:
1068-
data_race(perm = container_of(ptr, struct tomoyo_path_acl, head)->perm);
1069+
perm = data_race(container_of(ptr, struct tomoyo_path_acl, head)->perm);
10691070
break;
10701071
case TOMOYO_TYPE_PATH2_ACL:
1071-
data_race(perm = container_of(ptr, struct tomoyo_path2_acl, head)->perm);
1072+
perm = data_race(container_of(ptr, struct tomoyo_path2_acl, head)->perm);
10721073
break;
10731074
case TOMOYO_TYPE_PATH_NUMBER_ACL:
1074-
data_race(perm = container_of(ptr, struct tomoyo_path_number_acl, head)
1075+
perm = data_race(container_of(ptr, struct tomoyo_path_number_acl, head)
10751076
->perm);
10761077
break;
10771078
case TOMOYO_TYPE_MKDEV_ACL:
1078-
data_race(perm = container_of(ptr, struct tomoyo_mkdev_acl, head)->perm);
1079+
perm = data_race(container_of(ptr, struct tomoyo_mkdev_acl, head)->perm);
10791080
break;
10801081
case TOMOYO_TYPE_INET_ACL:
1081-
data_race(perm = container_of(ptr, struct tomoyo_inet_acl, head)->perm);
1082+
perm = data_race(container_of(ptr, struct tomoyo_inet_acl, head)->perm);
10821083
break;
10831084
case TOMOYO_TYPE_UNIX_ACL:
1084-
data_race(perm = container_of(ptr, struct tomoyo_unix_acl, head)->perm);
1085+
perm = data_race(container_of(ptr, struct tomoyo_unix_acl, head)->perm);
10851086
break;
10861087
case TOMOYO_TYPE_MANUAL_TASK_ACL:
10871088
perm = 0;
10881089
break;
10891090
default:
10901091
perm = 1;
10911092
}
1092-
for (i = 0; i < 16; i++)
1093-
if (perm & (1 << i))
1094-
count++;
1093+
count += hweight16(perm);
10951094
}
10961095
if (count < tomoyo_profile(domain->ns, domain->profile)->
10971096
pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])
10981097
return true;
1099-
if (!domain->flags[TOMOYO_DIF_QUOTA_WARNED]) {
1100-
domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
1101-
/* r->granted = false; */
1102-
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
1098+
WRITE_ONCE(domain->flags[TOMOYO_DIF_QUOTA_WARNED], true);
1099+
/* r->granted = false; */
1100+
tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
11031101
#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
1104-
pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
1105-
domain->domainname->name);
1102+
pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
1103+
domain->domainname->name);
11061104
#endif
1107-
}
11081105
return false;
11091106
}

0 commit comments

Comments
 (0)