Re: [PATCH v4 2/2] IMA: Call workqueue functions to measure queued keys

[Lakshmi Ramasubramanian]

Hi James,

> > > This is the problem: in the race case you may still be adding keys to
> > > the queue after the other thread has processed it. Those keys won't get
> > > processed because the flag is now false in the post check so the
> > > current thread won't process them either.
> > >
> > > James

Please let me know if you still think there is a race condition.

If yes, please explain how a key would be added to the queue after 
ima_process_queued_keys() has processed queued keys.
ima_process_keys flag will be true when queued keys have been processed.

> Please keep in mind that ima_queue_key() returns a boolean indicating 
> whether or not the key was queued. This flag is set inside the lock - 
> please see the code snippet from ima_queue_key() below:
>
> +ÂÂÂ mutex_lock(&ima_keys_mutex);
> +ÂÂÂ if (!ima_process_keys) {
> +ÂÂÂÂÂÂÂ list_add_tail(&entry->list, &ima_keys);
> +ÂÂÂÂÂÂÂ queued = true;
> +ÂÂÂ }
> +ÂÂÂ mutex_unlock(&ima_keys_mutex);
>
> If ima_process_keys had changed from false to true, ima_queue_key() will 
> not queue the key and return false to ima_post_key_create_or_update().
>
> Code snippet in ima_post_key_create_or_update():
>
> +ÂÂÂ if (!ima_process_keys)
> +ÂÂÂÂÂÂÂ queued = ima_queue_key(keyring, payload, payload_len);
> +
> +ÂÂÂ if (queued)
> +ÂÂÂÂÂÂÂ return;
>
> If the "queued" is false, ima_post_key_create_or_update() will process 
> the key immediately.
>
>  Â-lakshmi

thanks,
 -lakshmi