lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <390d44ef-1375-77ee-5de1-7fdbf9db3144@canonical.com>
Date:   Tue, 3 Oct 2017 08:33:49 -0700
From:   John Johansen <john.johansen@...onical.com>
To:     Will Deacon <will.deacon@....com>, linux-kernel@...r.kernel.org
Cc:     paulmck@...ux.vnet.ibm.com, Peter Zijlstra <peterz@...radead.org>
Subject: Re: [PATCH 1/2] security/apparmor: Replace homebrew use of
 write_can_lock with lockdep

On 10/03/2017 07:32 AM, Will Deacon wrote:
> The lockdep subsystem provides a robust way to assert that a lock is
> held, so use that instead of write_can_lock, which can give incorrect
> results for qrwlocks.
> 
> Cc: John Johansen <john.johansen@...onical.com>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Signed-off-by: Will Deacon <will.deacon@....com>

oh nice,

Acked-by: John Johansen <john.johansen@...onical.com>



> ---
>  security/apparmor/include/lib.h | 11 -----------
>  security/apparmor/label.c       |  8 ++++----
>  2 files changed, 4 insertions(+), 15 deletions(-)
> 
> diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h
> index 436b3a722357..f546707a2bbb 100644
> --- a/security/apparmor/include/lib.h
> +++ b/security/apparmor/include/lib.h
> @@ -19,17 +19,6 @@
>  
>  #include "match.h"
>  
> -/* Provide our own test for whether a write lock is held for asserts
> - * this is because on none SMP systems write_can_lock will always
> - * resolve to true, which is what you want for code making decisions
> - * based on it, but wrong for asserts checking that the lock is held
> - */
> -#ifdef CONFIG_SMP
> -#define write_is_locked(X) !write_can_lock(X)
> -#else
> -#define write_is_locked(X) (1)
> -#endif /* CONFIG_SMP */
> -
>  /*
>   * DEBUG remains global (no per profile flag) since it is mostly used in sysctl
>   * which is not related to profile accesses.
> diff --git a/security/apparmor/label.c b/security/apparmor/label.c
> index c5b99b954580..ad28e03a6f30 100644
> --- a/security/apparmor/label.c
> +++ b/security/apparmor/label.c
> @@ -80,7 +80,7 @@ void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new)
>  
>  	AA_BUG(!orig);
>  	AA_BUG(!new);
> -	AA_BUG(!write_is_locked(&labels_set(orig)->lock));
> +	lockdep_assert_held_exclusive(&labels_set(orig)->lock);
>  
>  	tmp = rcu_dereference_protected(orig->proxy->label,
>  					&labels_ns(orig)->lock);
> @@ -571,7 +571,7 @@ static bool __label_remove(struct aa_label *label, struct aa_label *new)
>  
>  	AA_BUG(!ls);
>  	AA_BUG(!label);
> -	AA_BUG(!write_is_locked(&ls->lock));
> +	lockdep_assert_held_exclusive(&ls->lock);
>  
>  	if (new)
>  		__aa_proxy_redirect(label, new);
> @@ -608,7 +608,7 @@ static bool __label_replace(struct aa_label *old, struct aa_label *new)
>  	AA_BUG(!ls);
>  	AA_BUG(!old);
>  	AA_BUG(!new);
> -	AA_BUG(!write_is_locked(&ls->lock));
> +	lockdep_assert_held_exclusive(&ls->lock);
>  	AA_BUG(new->flags & FLAG_IN_TREE);
>  
>  	if (!label_is_stale(old))
> @@ -645,7 +645,7 @@ static struct aa_label *__label_insert(struct aa_labelset *ls,
>  	AA_BUG(!ls);
>  	AA_BUG(!label);
>  	AA_BUG(labels_set(label) != ls);
> -	AA_BUG(!write_is_locked(&ls->lock));
> +	lockdep_assert_held_exclusive(&ls->lock);
>  	AA_BUG(label->flags & FLAG_IN_TREE);
>  
>  	/* Figure out where to put new node */
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ