diff options
author | Stephen Rothwell <sfr@canb.auug.org.au> | 2018-05-30 15:14:07 +1000 |
---|---|---|
committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2018-05-30 15:14:07 +1000 |
commit | dcb8bd3e5f427c238c7799c16dc515b0ab9fd0bc (patch) | |
tree | 69383c2ecacbcee778119527cdf5df7f414ae73e /security | |
parent | 112405b19d7e6c64986adf50a47c537e176c37b9 (diff) | |
parent | 430837708c219dfb25d148808078f15add2ea71c (diff) | |
download | linux-next-dcb8bd3e5f427c238c7799c16dc515b0ab9fd0bc.tar.gz |
Merge remote-tracking branch 'apparmor/apparmor-next'
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/audit.c | 90 | ||||
-rw-r--r-- | security/apparmor/domain.c | 2 | ||||
-rw-r--r-- | security/apparmor/include/audit.h | 6 | ||||
-rw-r--r-- | security/apparmor/include/label.h | 2 | ||||
-rw-r--r-- | security/apparmor/include/path.h | 32 | ||||
-rw-r--r-- | security/apparmor/include/secid.h | 15 | ||||
-rw-r--r-- | security/apparmor/label.c | 14 | ||||
-rw-r--r-- | security/apparmor/lib.c | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 44 | ||||
-rw-r--r-- | security/apparmor/match.c | 2 | ||||
-rw-r--r-- | security/apparmor/mount.c | 2 | ||||
-rw-r--r-- | security/apparmor/policy.c | 4 | ||||
-rw-r--r-- | security/apparmor/secid.c | 221 |
13 files changed, 370 insertions, 66 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 8f9ecac7f8de..eeaddfe0c0fb 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -19,7 +19,7 @@ #include "include/audit.h" #include "include/policy.h" #include "include/policy_ns.h" - +#include "include/secid.h" const char *const audit_mode_names[] = { "normal", @@ -163,3 +163,91 @@ int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, return aad(sa)->error; } + +struct aa_audit_rule { + struct aa_label *label; +}; + +void aa_audit_rule_free(void *vrule) +{ + struct aa_audit_rule *rule = vrule; + + if (rule) { + if (!IS_ERR(rule->label)) + aa_put_label(rule->label); + kfree(rule); + } +} + +int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) +{ + struct aa_audit_rule *rule; + + switch (field) { + case AUDIT_SUBJ_ROLE: + if (op != Audit_equal && op != Audit_not_equal) + return -EINVAL; + break; + default: + return -EINVAL; + } + + rule = kzalloc(sizeof(struct aa_audit_rule), GFP_KERNEL); + + if (!rule) + return -ENOMEM; + + /* Currently rules are treated as coming from the root ns */ + rule->label = aa_label_parse(&root_ns->unconfined->label, rulestr, + GFP_KERNEL, true, false); + if (IS_ERR(rule->label)) { + aa_audit_rule_free(rule); + return PTR_ERR(rule->label); + } + + *vrule = rule; + return 0; +} + +int aa_audit_rule_known(struct audit_krule *rule) +{ + int i; + + for (i = 0; i < rule->field_count; i++) { + struct audit_field *f = &rule->fields[i]; + + switch (f->type) { + case AUDIT_SUBJ_ROLE: + return 1; + } + } + + return 0; +} + +int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, + struct audit_context *actx) +{ + struct aa_audit_rule *rule = vrule; + struct aa_label *label; + int found = 0; + + label = aa_secid_to_label(sid); + + if (!label) + return -ENOENT; + + if (aa_label_is_subset(label, rule->label)) + found = 1; + + switch (field) { + case AUDIT_SUBJ_ROLE: + switch (op) { + case Audit_equal: + return found; + case Audit_not_equal: + return !found; + } + } + return 0; +} diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index 590b7e8cd21c..098d546d8253 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c @@ -839,7 +839,7 @@ static struct aa_label *handle_onexec(struct aa_label *label, cond, unsafe)); } else { - /* TODO: determine how much we want to losen this */ + /* TODO: determine how much we want to loosen this */ error = fn_for_each_in_ns(label, profile, profile_onexec(profile, onexec, stack, bprm, buffer, cond, unsafe)); diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h index 9c9be9c98c15..b8c8b1066b0a 100644 --- a/security/apparmor/include/audit.h +++ b/security/apparmor/include/audit.h @@ -189,4 +189,10 @@ static inline int complain_error(int error) return error; } +void aa_audit_rule_free(void *vrule); +int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); +int aa_audit_rule_known(struct audit_krule *rule); +int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, + struct audit_context *actx); + #endif /* __AA_AUDIT_H */ diff --git a/security/apparmor/include/label.h b/security/apparmor/include/label.h index d871e7ff0952..7ce5fe73ae7f 100644 --- a/security/apparmor/include/label.h +++ b/security/apparmor/include/label.h @@ -281,7 +281,7 @@ void __aa_labelset_update_subtree(struct aa_ns *ns); void aa_label_free(struct aa_label *label); void aa_label_kref(struct kref *kref); -bool aa_label_init(struct aa_label *label, int size); +bool aa_label_init(struct aa_label *label, int size, gfp_t gfp); struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp); bool aa_label_is_subset(struct aa_label *set, struct aa_label *sub); diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h index e042b994f2b8..a35c0a75bcc0 100644 --- a/security/apparmor/include/path.h +++ b/security/apparmor/include/path.h @@ -43,10 +43,10 @@ struct aa_buffers { DECLARE_PER_CPU(struct aa_buffers, aa_buffers); -#define ASSIGN(FN, X, N) ((X) = FN(N)) -#define EVAL1(FN, X) ASSIGN(FN, X, 0) /*X = FN(0)*/ -#define EVAL2(FN, X, Y...) do { ASSIGN(FN, X, 1); EVAL1(FN, Y); } while (0) -#define EVAL(FN, X...) CONCATENATE(EVAL, COUNT_ARGS(X))(FN, X) +#define ASSIGN(FN, A, X, N) ((X) = FN(A, N)) +#define EVAL1(FN, A, X) ASSIGN(FN, A, X, 0) /*X = FN(0)*/ +#define EVAL2(FN, A, X, Y...) do { ASSIGN(FN, A, X, 1); EVAL1(FN, A, Y); } while (0) +#define EVAL(FN, A, X...) CONCATENATE(EVAL, COUNT_ARGS(X))(FN, A, X) #define for_each_cpu_buffer(I) for ((I) = 0; (I) < MAX_PATH_BUFFERS; (I)++) @@ -56,26 +56,24 @@ DECLARE_PER_CPU(struct aa_buffers, aa_buffers); #define AA_BUG_PREEMPT_ENABLED(X) /* nop */ #endif -#define __get_buffer(N) ({ \ - struct aa_buffers *__cpu_var; \ +#define __get_buffer(C, N) ({ \ AA_BUG_PREEMPT_ENABLED("__get_buffer without preempt disabled"); \ - __cpu_var = this_cpu_ptr(&aa_buffers); \ - __cpu_var->buf[(N)]; }) + (C)->buf[(N)]; }) -#define __get_buffers(X...) EVAL(__get_buffer, X) +#define __get_buffers(C, X...) EVAL(__get_buffer, C, X) #define __put_buffers(X, Y...) ((void)&(X)) -#define get_buffers(X...) \ -do { \ - preempt_disable(); \ - __get_buffers(X); \ +#define get_buffers(X...) \ +do { \ + struct aa_buffers *__cpu_var = get_cpu_ptr(&aa_buffers); \ + __get_buffers(__cpu_var, X); \ } while (0) -#define put_buffers(X, Y...) \ -do { \ - __put_buffers(X, Y); \ - preempt_enable(); \ +#define put_buffers(X, Y...) \ +do { \ + __put_buffers(X, Y); \ + put_cpu_ptr(&aa_buffers); \ } while (0) #endif /* __AA_PATH_H */ diff --git a/security/apparmor/include/secid.h b/security/apparmor/include/secid.h index 95ed86a0f1e2..686de8e50a79 100644 --- a/security/apparmor/include/secid.h +++ b/security/apparmor/include/secid.h @@ -3,7 +3,7 @@ * * This file contains AppArmor security identifier (secid) definitions * - * Copyright 2009-2010 Canonical Ltd. + * Copyright 2009-2018 Canonical Ltd. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -14,13 +14,22 @@ #ifndef __AA_SECID_H #define __AA_SECID_H +#include <linux/slab.h> #include <linux/types.h> +struct aa_label; + /* secid value that will not be allocated */ #define AA_SECID_INVALID 0 -#define AA_SECID_ALLOC AA_SECID_INVALID -u32 aa_alloc_secid(void); +struct aa_label *aa_secid_to_label(u32 secid); +int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen); +int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid); +void apparmor_release_secctx(char *secdata, u32 seclen); + + +u32 aa_alloc_secid(struct aa_label *label, gfp_t gfp); void aa_free_secid(u32 secid); +void aa_secid_update(u32 secid, struct aa_label *label); #endif /* __AA_SECID_H */ diff --git a/security/apparmor/label.c b/security/apparmor/label.c index 523250e34837..a17574df611b 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -128,7 +128,7 @@ static int ns_cmp(struct aa_ns *a, struct aa_ns *b) } /** - * profile_cmp - profile comparision for set ordering + * profile_cmp - profile comparison for set ordering * @a: profile to compare (NOT NULL) * @b: profile to compare (NOT NULL) * @@ -157,7 +157,7 @@ static int profile_cmp(struct aa_profile *a, struct aa_profile *b) } /** - * vec_cmp - label comparision for set ordering + * vec_cmp - label comparison for set ordering * @a: label to compare (NOT NULL) * @vec: vector of profiles to compare (NOT NULL) * @n: length of @vec @@ -402,12 +402,12 @@ static void label_free_or_put_new(struct aa_label *label, struct aa_label *new) aa_put_label(new); } -bool aa_label_init(struct aa_label *label, int size) +bool aa_label_init(struct aa_label *label, int size, gfp_t gfp) { AA_BUG(!label); AA_BUG(size < 1); - label->secid = aa_alloc_secid(); + label->secid = aa_alloc_secid(label, gfp); if (label->secid == AA_SECID_INVALID) return false; @@ -441,7 +441,7 @@ struct aa_label *aa_label_alloc(int size, struct aa_proxy *proxy, gfp_t gfp) if (!new) goto fail; - if (!aa_label_init(new, size)) + if (!aa_label_init(new, size, gfp)) goto fail; if (!proxy) { @@ -463,7 +463,7 @@ fail: /** - * label_cmp - label comparision for set ordering + * label_cmp - label comparison for set ordering * @a: label to compare (NOT NULL) * @b: label to compare (NOT NULL) * @@ -2011,7 +2011,7 @@ out: /** * __label_update - insert updated version of @label into labelset - * @label - the label to update/repace + * @label - the label to update/replace * * Returns: new label that is up to date * else NULL on failure diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c index 068a9f471f77..a7b3f681b80e 100644 --- a/security/apparmor/lib.c +++ b/security/apparmor/lib.c @@ -408,7 +408,7 @@ int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target, * @request: requested perms * @deny: Returns: explicit deny set * @sa: initialized audit structure (MAY BE NULL if not auditing) - * @cb: callback fn for tpye specific fields (MAY BE NULL) + * @cb: callback fn for type specific fields (MAY BE NULL) * * Returns: 0 if permission else error code * diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ce2b89e9ad94..dab5409f2608 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -39,6 +39,7 @@ #include "include/policy_ns.h" #include "include/procattr.h" #include "include/mount.h" +#include "include/secid.h" /* Flag indicating whether initialization completed */ int apparmor_initialized; @@ -710,6 +711,13 @@ static void apparmor_bprm_committed_creds(struct linux_binprm *bprm) return; } +static void apparmor_task_getsecid(struct task_struct *p, u32 *secid) +{ + struct aa_label *label = aa_get_task_label(p); + *secid = label->secid; + aa_put_label(label); +} + static int apparmor_task_setrlimit(struct task_struct *task, unsigned int resource, struct rlimit *new_rlim) { @@ -1186,8 +1194,20 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(task_free, apparmor_task_free), LSM_HOOK_INIT(task_alloc, apparmor_task_alloc), + LSM_HOOK_INIT(task_getsecid, apparmor_task_getsecid), LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), LSM_HOOK_INIT(task_kill, apparmor_task_kill), + +#ifdef CONFIG_AUDIT + LSM_HOOK_INIT(audit_rule_init, aa_audit_rule_init), + LSM_HOOK_INIT(audit_rule_known, aa_audit_rule_known), + LSM_HOOK_INIT(audit_rule_match, aa_audit_rule_match), + LSM_HOOK_INIT(audit_rule_free, aa_audit_rule_free), +#endif + + LSM_HOOK_INIT(secid_to_secctx, apparmor_secid_to_secctx), + LSM_HOOK_INIT(secctx_to_secid, apparmor_secctx_to_secid), + LSM_HOOK_INIT(release_secctx, apparmor_release_secctx), }; /* @@ -1378,14 +1398,12 @@ static int param_set_audit(const char *val, const struct kernel_param *kp) if (apparmor_initialized && !policy_admin_capable(NULL)) return -EPERM; - for (i = 0; i < AUDIT_MAX_INDEX; i++) { - if (strcmp(val, audit_mode_names[i]) == 0) { - aa_g_audit = i; - return 0; - } - } + i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val); + if (i < 0) + return -EINVAL; - return -EINVAL; + aa_g_audit = i; + return 0; } static int param_get_mode(char *buffer, const struct kernel_param *kp) @@ -1409,14 +1427,12 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) if (apparmor_initialized && !policy_admin_capable(NULL)) return -EPERM; - for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { - if (strcmp(val, aa_profile_mode_names[i]) == 0) { - aa_g_profile_mode = i; - return 0; - } - } + i = match_string(aa_profile_mode_names, APPARMOR_MODE_NAMES_MAX_INDEX, val); + if (i < 0) + return -EINVAL; - return -EINVAL; + aa_g_profile_mode = i; + return 0; } /* diff --git a/security/apparmor/match.c b/security/apparmor/match.c index 280eba082c7b..55f2ee505a01 100644 --- a/security/apparmor/match.c +++ b/security/apparmor/match.c @@ -472,7 +472,7 @@ unsigned int aa_dfa_match(struct aa_dfa *dfa, unsigned int start, /** * aa_dfa_next - step one character to the next state in the dfa - * @dfa: the dfa to tranverse (NOT NULL) + * @dfa: the dfa to traverse (NOT NULL) * @state: the state to start in * @c: the input character to transition on * diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index 6e8c7ac0b33d..c1da22482bfb 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -121,7 +121,7 @@ static void audit_cb(struct audit_buffer *ab, void *va) * @src_name: src_name of object being mediated (MAYBE_NULL) * @type: type of filesystem (MAYBE_NULL) * @trans: name of trans (MAYBE NULL) - * @flags: filesystem idependent mount flags + * @flags: filesystem independent mount flags * @data: filesystem mount flags * @request: permissions requested * @perms: the permissions computed for the request (NOT NULL) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index c07493ce2376..b367fef33d03 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -268,7 +268,7 @@ struct aa_profile *aa_alloc_profile(const char *hname, struct aa_proxy *proxy, if (!aa_policy_init(&profile->base, NULL, hname, gfp)) goto fail; - if (!aa_label_init(&profile->label, 1)) + if (!aa_label_init(&profile->label, 1, gfp)) goto fail; /* update being set needed by fs interface */ @@ -1085,7 +1085,7 @@ fail: * Remove a profile or sub namespace from the current namespace, so that * they can not be found anymore and mark them as replaced by unconfined * - * NOTE: removing confinement does not restore rlimits to preconfinemnet values + * NOTE: removing confinement does not restore rlimits to preconfinement values * * Returns: size of data consume else error code if fails */ diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c index 3a3edbad0b21..c2f0c1571156 100644 --- a/security/apparmor/secid.c +++ b/security/apparmor/secid.c @@ -3,7 +3,7 @@ * * This file contains AppArmor security identifier (secid) manipulation fns * - * Copyright 2009-2010 Canonical Ltd. + * Copyright 2009-2017 Canonical Ltd. * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License as @@ -11,37 +11,220 @@ * License. * * - * AppArmor allocates a unique secid for every profile loaded. If a profile - * is replaced it receives the secid of the profile it is replacing. - * - * The secid value of 0 is invalid. + * AppArmor allocates a unique secid for every label used. If a label + * is replaced it receives the secid of the label it is replacing. */ -#include <linux/spinlock.h> #include <linux/errno.h> #include <linux/err.h> +#include <linux/gfp.h> +#include <linux/slab.h> +#include <linux/spinlock.h> +#include "include/cred.h" +#include "include/lib.h" #include "include/secid.h" +#include "include/label.h" +#include "include/policy_ns.h" -/* global counter from which secids are allocated */ -static u32 global_secid; +/* + * secids - do not pin labels with a refcount. They rely on the label + * properly updating/freeing them + * + * A singly linked free list is used to track secids that have been + * freed and reuse them before allocating new ones + */ + +#define FREE_LIST_HEAD 1 + +static RADIX_TREE(aa_secids_map, GFP_ATOMIC); static DEFINE_SPINLOCK(secid_lock); +static u32 alloced_secid = FREE_LIST_HEAD; +static u32 free_list = FREE_LIST_HEAD; +static unsigned long free_count; + +/* + * TODO: allow policy to reserve a secid range? + * TODO: add secid pinning + * TODO: use secid_update in label replace + */ + +#define SECID_MAX U32_MAX + +/* TODO: mark free list as exceptional */ +static void *to_ptr(u32 secid) +{ + return (void *) + ((((unsigned long) secid) << RADIX_TREE_EXCEPTIONAL_SHIFT)); +} + +static u32 to_secid(void *ptr) +{ + return (u32) (((unsigned long) ptr) >> RADIX_TREE_EXCEPTIONAL_SHIFT); +} + + +/* TODO: tag free_list entries to mark them as different */ +static u32 __pop(struct aa_label *label) +{ + u32 secid = free_list; + void __rcu **slot; + void *entry; + + if (free_list == FREE_LIST_HEAD) + return AA_SECID_INVALID; + + slot = radix_tree_lookup_slot(&aa_secids_map, secid); + AA_BUG(!slot); + entry = radix_tree_deref_slot_protected(slot, &secid_lock); + free_list = to_secid(entry); + radix_tree_replace_slot(&aa_secids_map, slot, label); + free_count--; + + return secid; +} + +static void __push(u32 secid) +{ + void __rcu **slot; + + slot = radix_tree_lookup_slot(&aa_secids_map, secid); + AA_BUG(!slot); + radix_tree_replace_slot(&aa_secids_map, slot, to_ptr(free_list)); + free_list = secid; + free_count++; +} + +static struct aa_label * __secid_update(u32 secid, struct aa_label *label) +{ + struct aa_label *old; + void __rcu **slot; + + slot = radix_tree_lookup_slot(&aa_secids_map, secid); + AA_BUG(!slot); + old = radix_tree_deref_slot_protected(slot, &secid_lock); + radix_tree_replace_slot(&aa_secids_map, slot, label); + + return old; +} + +/** + * aa_secid_update - update a secid mapping to a new label + * @secid: secid to update + * @label: label the secid will now map to + */ +void aa_secid_update(u32 secid, struct aa_label *label) +{ + struct aa_label *old; + unsigned long flags; + + spin_lock_irqsave(&secid_lock, flags); + old = __secid_update(secid, label); + spin_unlock_irqrestore(&secid_lock, flags); +} + +/** + * + * see label for inverse aa_label_to_secid + */ +struct aa_label *aa_secid_to_label(u32 secid) +{ + struct aa_label *label; + + rcu_read_lock(); + label = radix_tree_lookup(&aa_secids_map, secid); + rcu_read_unlock(); + + return label; +} + +int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) +{ + /* TODO: cache secctx and ref count so we don't have to recreate */ + struct aa_label *label = aa_secid_to_label(secid); + int len; + + AA_BUG(!secdata); + AA_BUG(!seclen); + + if (!label) + return -EINVAL; + + if (secdata) + len = aa_label_asxprint(secdata, root_ns, label, + FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | + FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT, + GFP_ATOMIC); + else + len = aa_label_snxprint(NULL, 0, root_ns, label, + FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | + FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT); + if (len < 0) + return -ENOMEM; + + *seclen = len; + + return 0; +} + + +int apparmor_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) +{ + struct aa_label *label; + + label = aa_label_strn_parse(&root_ns->unconfined->label, secdata, + seclen, GFP_KERNEL, false, false); + if (IS_ERR(label)) + return PTR_ERR(label); + *secid = label->secid; + + return 0; +} + +void apparmor_release_secctx(char *secdata, u32 seclen) +{ + kfree(secdata); +} -/* TODO FIXME: add secid to profile mapping, and secid recycling */ /** * aa_alloc_secid - allocate a new secid for a profile */ -u32 aa_alloc_secid(void) +u32 aa_alloc_secid(struct aa_label *label, gfp_t gfp) { + unsigned long flags; u32 secid; - /* - * TODO FIXME: secid recycling - part of profile mapping table - */ - spin_lock(&secid_lock); - secid = (++global_secid); - spin_unlock(&secid_lock); + /* racey, but at worst causes new allocation instead of reuse */ + if (free_list == FREE_LIST_HEAD) { + bool preload = 0; + int res; + +retry: + if (gfpflags_allow_blocking(gfp) && !radix_tree_preload(gfp)) + preload = 1; + spin_lock_irqsave(&secid_lock, flags); + if (alloced_secid != SECID_MAX) { + secid = ++alloced_secid; + res = radix_tree_insert(&aa_secids_map, secid, label); + AA_BUG(res == -EEXIST); + } else { + secid = AA_SECID_INVALID; + } + spin_unlock_irqrestore(&secid_lock, flags); + if (preload) + radix_tree_preload_end(); + } else { + spin_lock_irqsave(&secid_lock, flags); + /* remove entry from free list */ + secid = __pop(label); + if (secid == AA_SECID_INVALID) { + spin_unlock_irqrestore(&secid_lock, flags); + goto retry; + } + spin_unlock_irqrestore(&secid_lock, flags); + } + return secid; } @@ -51,5 +234,9 @@ u32 aa_alloc_secid(void) */ void aa_free_secid(u32 secid) { - ; /* NOP ATM */ + unsigned long flags; + + spin_lock_irqsave(&secid_lock, flags); + __push(secid); + spin_unlock_irqrestore(&secid_lock, flags); } |