Re: [PATCH 2/3] integrity: move ima_counts_get

Hugh Dickins <hugh.dickins@xxxxxxxxxxxxx> · Thu, 21 May 2009 22:19:09 +0100 (BST)

On Tue, 19 May 2009, Mimi Zohar wrote:

> Based on discussion on lkml (Andrew Morton and Eric Paris),
> move ima_counts_get down a layer into shmem/hugetlb__file_setup().
> Resolves drm shmem_file_setup() usage case as well.
> 
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>

I still think you're doing this at the wrong level, but recognize
that you probably won't be persuaded until a few more users of
alloc_file() emerge, all wanting your ima_counts_get().

Resolving GEM's shmem_file_setup() is an improvement, so I'll say

Acked-by: Hugh Dickins <hugh.dickins@xxxxxxxxxxxxx>

> ---
> diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
> index 153d968..ccc62de 100644
> --- a/fs/hugetlbfs/inode.c
> +++ b/fs/hugetlbfs/inode.c
> @@ -30,6 +30,7 @@
>  #include <linux/dnotify.h>
>  #include <linux/statfs.h>
>  #include <linux/security.h>
> +#include <linux/ima.h>
>  
>  #include <asm/uaccess.h>
>  
> @@ -997,6 +998,7 @@ struct file *hugetlb_file_setup(const char *name, size_t size, int acctflag)
>  			&hugetlbfs_file_operations);
>  	if (!file)
>  		goto out_dentry; /* inode is already attached */
> +	ima_counts_get(file);
>  
>  	return file;
>  
> diff --git a/ipc/shm.c b/ipc/shm.c
> index 47b4642..5608183 100644
> --- a/ipc/shm.c
> +++ b/ipc/shm.c
> @@ -384,7 +384,6 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params)
>  	error = PTR_ERR(file);
>  	if (IS_ERR(file))
>  		goto no_file;
> -	ima_counts_get(file);
>  
>  	id = ipc_addid(&shm_ids(ns), &shp->shm_perm, ns->shm_ctlmni);
>  	if (id < 0) {
> diff --git a/mm/shmem.c b/mm/shmem.c
> index a817f75..0132fbd 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2659,6 +2659,7 @@ struct file *shmem_file_setup(char *name, loff_t size, unsigned long flags)
>  	if (error)
>  		goto close_file;
>  #endif
> +	ima_counts_get(file);
>  	return file;
>  
>  close_file:
> @@ -2684,7 +2685,6 @@ int shmem_zero_setup(struct vm_area_struct *vma)
>  	if (IS_ERR(file))
>  		return PTR_ERR(file);
>  
> -	ima_counts_get(file);
>  	if (vma->vm_file)
>  		fput(vma->vm_file);
>  	vma->vm_file = file;
> -- 
> 1.6.0.6
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html