Re: [PATCH v3 1/2] IMA: Define workqueue for early boot "key" measurements

From: Lakshmi Ramasubramanian
Date: Thu Dec 12 2019 - 21:59:57 EST

Next message: Dave Gerlach: "[PATCH 0/5] ARM: OMAP2+: Introduce cpuidle for am335x/am437x"
Previous message: Stephen Boyd: "Re: [PATCH] clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs"
In reply to: Mimi Zohar: "Re: [PATCH v3 1/2] IMA: Define workqueue for early boot "key" measurements"
Next in thread: Mimi Zohar: "Re: [PATCH v3 1/2] IMA: Define workqueue for early boot "key" measurements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/12/2019 6:32 PM, Mimi Zohar wrote:

Don't you need a test here, before setting ima_process_keys?

if (ima_process_keys)
return;

Mimi

That check is done before the comment - at the start of
ima_process_queued_keys().

The first test prevents taking the mutex unnecessarily.

Mimi

I am trying to understand your concern here. Could you please clarify?

=> If ima_process_keys is false
-> With the mutex held, should check ima_process_keys again before setting?

Let's say 2 or more threads are racing in calling ima_process_queued_keys():

The 1st one will set ima_process_keys and process queued keys.

The 2nd and subsequent ones - even if they have gone past the initial check, will find an empty list of keys (the list "ima_keys") when they take the mutex. So they'll not process any keys.

thanks,
-lakshmi

Next message: Dave Gerlach: "[PATCH 0/5] ARM: OMAP2+: Introduce cpuidle for am335x/am437x"
Previous message: Stephen Boyd: "Re: [PATCH] clk: qcom: gcc-sdm845: Add missing flag to votable GDSCs"
In reply to: Mimi Zohar: "Re: [PATCH v3 1/2] IMA: Define workqueue for early boot "key" measurements"
Next in thread: Mimi Zohar: "Re: [PATCH v3 1/2] IMA: Define workqueue for early boot "key" measurements"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]