Re: [AppArmor 40/41] AppArmor: all the rest

[Al Viro]

On Thu, Apr 12, 2007 at 11:32:00AM +0100, Al Viro wrote:
> On Thu, Apr 12, 2007 at 02:08:49AM -0700, jjohansen@xxxxxxx wrote:
> > +	} else if (profile1 > profile2) {
> > +		/* profile1 cannot be NULL here. */
> > +		spin_lock_irqsave(&profile1->lock, profile1->int_flags);
> > +		if (profile2)
> > +			spin_lock(&profile2->lock);
> > +
> > +	} else {
> > +		/* profile2 cannot be NULL here. */
> > +		spin_lock_irqsave(&profile2->lock, profile2->int_flags);
> > +		spin_lock(&profile1->lock);
> > +	}
> 
> Ahem...
> 
> profile2 is locked individually.  profile1 > profile2.  profile1 is not
> locked.  We try to lock both.  profile1 is locked OK, flags (with interrupts
> disabled) are stored into it.  We spin trying to lock profile2.  Eventually,
> whoever had held profile2 unlocks it, restoring the flags from profile2.
> We happily grab the spinlock and move on.  When we unlock the pair, we
> restore flags from profile1.  I.e. we are left with interrupts disabled.

Please, ignore - shouldn't have posted without coffee...  Flags would be
for different CPUs in that case, obviously.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/