On 15-10-19 18:28:22, Mimi Zohar wrote: > On Mon, 2015-10-19 at 14:21 -0400, Mimi Zohar wrote: > > On Fri, 2015-10-16 at 22:31 +0300, Petko Manolov wrote: > > > > diff --git a/security/integrity/ima/ima_fs.c > > > b/security/integrity/ima/ima_fs.c > > > index 816d175..a3cf5c0 100644 > > > --- a/security/integrity/ima/ima_fs.c > > > +++ b/security/integrity/ima/ima_fs.c > > > @@ -25,6 +25,8 @@ > > > > > > #include "ima.h" > > > > > > +static DEFINE_MUTEX(ima_write_mutex); > > > + > > > static int valid_policy = 1; > > > #define TMPBUFLEN 12 > > > static ssize_t ima_show_htable_value(char __user *buf, size_t count, > > > @@ -261,6 +263,11 @@ static ssize_t ima_write_policy(struct file *file, > > > const char __user *buf, > > > { > > > char *data = NULL; > > > ssize_t result; > > > + int res; > > > + > > > + res = mutex_lock_interruptible(&ima_write_mutex); > > > + if (res) > > > + return res; > > > > > > if (datalen >= PAGE_SIZE) > > > datalen = PAGE_SIZE - 1; > > > @@ -286,6 +293,8 @@ out: > > > if (result < 0) > > > valid_policy = 0; > > > kfree(data); > > > + mutex_unlock(&ima_write_mutex); > > > + > > > return result; > > > } > > > > > > @@ -337,8 +346,12 @@ static int ima_release_policy(struct inode *inode, > > > struct file *file) > > > return 0; > > > } > > > ima_update_policy(); > > > +#ifndef CONFIG_IMA_WRITE_POLICY > > > securityfs_remove(ima_policy); > > > ima_policy = NULL; > > > +#else > > > + clear_bit(IMA_FS_BUSY, &ima_fs_flags); > > > +#endif > > > return 0; > > > } > > > > > The IMA_FS_BUSY flag needs to be cleared, like here, above for ! > valid_policy.
Good catch. Fixed. Petko -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html