[PATCH] 5/5: LSM hooks rework

[Kurt Garloff]

From: Kurt Garloff <garloff@xxxxxxx>
Subject: Test security_enabled var rather than security_ops pointer
References: 40217, 39439

Rather than doing a pointer comparison, test an integer var
for being null. Should be slightly faster.
I consider this patch as optional.

Note that it does not introduce a (new) race, as we still set
the security_ops pointer to the capability_security_ops. So no
wmb() is needed for the module unload case.

Sidenote: A wmb() in the module load and unload cases might
actually be useful to ensure that the other CPUs start using the
new LSM pointer ASAP. It's still racy, but that's by design of
LSM. Introducing locks would hurt performance tremendously.
One could do RCU ... but that's not for this patchset.

This is patch 5/5 of the LSM overhaul.

 include/linux/security.h |    7 ++++---
 security/security.c      |    7 +++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

Signed-off-by: Kurt Garloff <garloff@xxxxxxx>

Index: linux-2.6.10/include/linux/security.h
===================================================================
--- linux-2.6.10.orig/include/linux/security.h
+++ linux-2.6.10/include/linux/security.h
@@ -1241,10 +1241,10 @@ struct security_operations {
 };
 
 /* global variables */
 extern struct security_operations *security_ops;
-/* default security ops */
-extern struct security_operations capability_security_ops;
+/* Security enabled? */
+extern int security_enabled;
 
 /* prototypes */
 extern int security_init	(void);
 extern int register_security	(struct security_operations *ops);
@@ -1253,16 +1253,17 @@ extern int mod_reg_security	(const char 
 extern int mod_unreg_security	(const char *name, struct security_operations *ops);
 
 /* Condition for invocation of non-default security_op */
 #define COND_SECURITY(seop, def) 	\
-	(likely(security_ops == &capability_security_ops))? def: security_ops->seop
+	(unlikely(security_enabled))? security_ops->seop: def
 
 #else /* CONFIG_SECURITY */
 static inline int security_init(void)
 {
 	return 0;
 }
 
+# define security_enabled 0
 # define COND_SECURITY(seop, def) def
 #endif
 
 /* SELinux noop */
Index: linux-2.6.10/security/security.c
===================================================================
--- linux-2.6.10.orig/security/security.c
+++ linux-2.6.10/security/security.c
@@ -21,10 +21,14 @@
 #define SECURITY_FRAMEWORK_VERSION	"1.0.0"
 
 /* things that live in dummy.c */
 extern void security_fixup_ops (struct security_operations *ops);
+/* default security ops */
+extern struct security_operations capability_security_ops;
 
 struct security_operations *security_ops;	/* Initialized to NULL */
+int security_enabled;				/* ditto */
+EXPORT_SYMBOL(security_enabled);
 
 static inline int verify(struct security_operations *ops)
 {
 	/* verify the security_operations structure exists */
@@ -59,8 +63,9 @@ int __init security_init(void)
 		       "capability_security_ops structure.\n", __FUNCTION__);
 		return -EIO;
 	}
 
+	security_enabled = 0;
 	security_ops = &capability_security_ops;
 
 	/* Initialize compiled-in security modules */
 	do_security_initcalls();
@@ -91,8 +96,9 @@ int register_security(struct security_op
 	if (security_ops != &capability_security_ops)
 		return -EAGAIN;
 
 	security_ops = ops;
+	security_enabled = 1;
 
 	return 0;
 }
 
@@ -115,8 +121,9 @@ int unregister_security(struct security_
 		       "registered, failing.\n", __FUNCTION__);
 		return -EINVAL;
 	}
 
+	security_enabled = 0;
 	security_ops = &capability_security_ops;
 
 	return 0;
 }
-- 
Kurt Garloff, Director SUSE Labs, Novell Inc.

Attachment: pgp00000.pgp
Description: PGP signature