Re: [PATCH v4 2/2] IMA: Call workqueue functions to measure queued keys
From: Lakshmi Ramasubramanian
Date: Tue Dec 17 2019 - 21:59:46 EST
On 12/17/2019 6:44 PM, Lakshmi Ramasubramanian wrote:
The direct implication of the comment and the lock dance with the
temporary list and the processed flag is that stuff can be added to the
ima_keys list after you drop the mutex. Your explanation in the prior
couple of emails says that nothing can be added because the
ima_process_keys flag setting prevents it. If the latter is true, you
can simply drop the lock after setting the flag and rely on ima_keys
not changing to run it through process_buffer_measurement without
needing any of the intermediate list or the processed flag. If the
latter isn't true then any key added to ima_keys after the mutex is
dropped is never processed.
James
One more scenario needs to be taken care - that still doesn't require a
temp list, but will need a local flag.
Say, two threads race to call ima_process_queued_keys().
Both find ima_process_keys flag is false.
They now race to take to the lock.
Only the 1st one setting the flag to true should process queued keys.
-lakshmi