CHROMIUM: LSM: spinlock the root directory lock

Since module loading routines can be called simultaneously, initialization
of the LSM's root directory lock must be mutexed.

BUG=chrome-os-partner:17321
TEST=link build, manual testing

Change-Id: I8a6e317ea887d535770f5c8617406bf83c06c2e2
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/41687
Reviewed-by: Grant Grundler <grundler@chromium.org>
Reviewed-by: Olof Johansson <olofj@chromium.org>

diff --git a/security/chromiumos/lsm.c b/security/chromiumos/lsm.c
index ec41bdc653269149117bdc9e3f9aec546faf46e9..5bd1bee7d262131b264cd87b625d35f0bc822f98 100644 (file)
--- a/security/chromiumos/lsm.c
+++ b/security/chromiumos/lsm.c
@@ -83,6 +83,7 @@ static void report_load_module(struct path *path, char *operation)
 
 static int module_locking = 1;
 static struct dentry *locked_root;
+static DEFINE_SPINLOCK(locked_root_spinlock);
 
 #ifdef CONFIG_SYSCTL
 static int zero;
@@ -170,10 +171,20 @@ static int chromiumos_security_load_module(struct file *file)
        module_root = file->f_vfsmnt->mnt_root;
 
        /* First loaded module defines the root for all others. */
+       spin_lock(&locked_root_spinlock);
        if (!locked_root) {
                locked_root = dget(module_root);
+               /*
+                * Unlock now since it's only locked_root we care about.
+                * In the worst case, we will (correctly) report locking
+                * failures before we have announced that locking is
+                * enabled. This would be purely cosmetic.
+                */
+               spin_unlock(&locked_root_spinlock);
                report_load_module(&file->f_path, "locked");
                check_locking_enforcement();
+       } else {
+               spin_unlock(&locked_root_spinlock);
        }
 
        if (module_root != locked_root) {