[PATCH 7/8] p9auth: add cap_node timeout

Serge Hallyn serue at us.ibm.com
Tue Feb 16 22:45:00 UTC 2010 

From: Serge E. Hallyn <serue at us.ibm.com>

Mark each caphash entry with the current time.  When a new caphash is
added, any entries which were added more than two minutes ago are
discarded.

We may want to make two minutes configurable, or may want to also
discard entries if more than N entries are on the list (to prevent
a forced OOM by a misbehaving privileged process).  The purpose
of this patch is only to prevent gradually consuming more and more
memory due to "legitimate" unused entries.

Signed-off-by: Serge E. Hallyn <serue at us.ibm.com>
Cc: Greg KH <greg at kroah.com>
cc: rsc at swtch.com
Cc: Ashwin Ganti <ashwin.ganti at gmail.com>
Cc: ericvh at gmail.com
Cc: devel at linuxdriverproject.org
Cc: linux-kernel at vger.kernel.org
Cc: Ron Minnich <rminnich at gmail.com>
---
 drivers/staging/p9auth/p9auth.c |   20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/drivers/staging/p9auth/p9auth.c b/drivers/staging/p9auth/p9auth.c
index e94c4fe..6012bd9 100644
--- a/drivers/staging/p9auth/p9auth.c
+++ b/drivers/staging/p9auth/p9auth.c
@@ -40,6 +40,7 @@
 
 struct cap_node {
 	char data[CAP_NODE_SIZE];
+	unsigned long time_created;
 	struct list_head list;
 };
 
@@ -275,6 +276,23 @@ static int grant_id(struct id_set *set)
 	return ret;
 }
 
+/* Expose this through sysctl eventually?  2 min timeout for hashes */
+
+static int cap_timeout = 120;
+static void remove_old_entries(struct cap_dev *dev)
+{
+	struct cap_node *node, *tmp;
+
+	if (dev->head == NULL)
+		return;
+	list_for_each_entry_safe(node, tmp, &dev->head->list, list) {
+		if (node->time_created + HZ * cap_timeout < jiffies) {
+			list_del(&node->list);
+			kfree(node);
+		}
+	}
+}
+
 static int add_caphash_entry(struct cap_dev *dev, char *user_buf, size_t count)
 {
 	struct cap_node *node_ptr;
@@ -290,7 +308,9 @@ static int add_caphash_entry(struct cap_dev *dev, char *user_buf, size_t count)
 	printk(KERN_INFO "Capability being written to /dev/caphash : \n");
 	hexdump(user_buf, count);
 	memcpy(node_ptr->data, user_buf, count);
+	node_ptr->time_created = jiffies;
 	list_add(&(node_ptr->list), &(dev->head->list));
+	remove_old_entries(dev);
 
 	return 0;
 }
-- 
1.6.1

More information about the devel mailing list