| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Oct 2017 08:33:49 -0700 From: John Johansen <john.johansen@...onical.com> To: Will Deacon <will.deacon@....com>, linux-kernel@...r.kernel.org Cc: paulmck@...ux.vnet.ibm.com, Peter Zijlstra <peterz@...radead.org> Subject: Re: [PATCH 1/2] security/apparmor: Replace homebrew use of write_can_lock with lockdep On 10/03/2017 07:32 AM, Will Deacon wrote: > The lockdep subsystem provides a robust way to assert that a lock is > held, so use that instead of write_can_lock, which can give incorrect > results for qrwlocks. > > Cc: John Johansen <john.johansen@...onical.com> > Cc: Peter Zijlstra <peterz@...radead.org> > Signed-off-by: Will Deacon <will.deacon@....com> oh nice, Acked-by: John Johansen <john.johansen@...onical.com> > --- > security/apparmor/include/lib.h | 11 ----------- > security/apparmor/label.c | 8 ++++---- > 2 files changed, 4 insertions(+), 15 deletions(-) > > diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h > index 436b3a722357..f546707a2bbb 100644 > --- a/security/apparmor/include/lib.h > +++ b/security/apparmor/include/lib.h > @@ -19,17 +19,6 @@ > > #include "match.h" > > -/* Provide our own test for whether a write lock is held for asserts > - * this is because on none SMP systems write_can_lock will always > - * resolve to true, which is what you want for code making decisions > - * based on it, but wrong for asserts checking that the lock is held > - */ > -#ifdef CONFIG_SMP > -#define write_is_locked(X) !write_can_lock(X) > -#else > -#define write_is_locked(X) (1) > -#endif /* CONFIG_SMP */ > - > /* > * DEBUG remains global (no per profile flag) since it is mostly used in sysctl > * which is not related to profile accesses. > diff --git a/security/apparmor/label.c b/security/apparmor/label.c > index c5b99b954580..ad28e03a6f30 100644 > --- a/security/apparmor/label.c > +++ b/security/apparmor/label.c > @@ -80,7 +80,7 @@ void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new) > > AA_BUG(!orig); > AA_BUG(!new); > - AA_BUG(!write_is_locked(&labels_set(orig)->lock)); > + lockdep_assert_held_exclusive(&labels_set(orig)->lock); > > tmp = rcu_dereference_protected(orig->proxy->label, > &labels_ns(orig)->lock); > @@ -571,7 +571,7 @@ static bool __label_remove(struct aa_label *label, struct aa_label *new) > > AA_BUG(!ls); > AA_BUG(!label); > - AA_BUG(!write_is_locked(&ls->lock)); > + lockdep_assert_held_exclusive(&ls->lock); > > if (new) > __aa_proxy_redirect(label, new); > @@ -608,7 +608,7 @@ static bool __label_replace(struct aa_label *old, struct aa_label *new) > AA_BUG(!ls); > AA_BUG(!old); > AA_BUG(!new); > - AA_BUG(!write_is_locked(&ls->lock)); > + lockdep_assert_held_exclusive(&ls->lock); > AA_BUG(new->flags & FLAG_IN_TREE); > > if (!label_is_stale(old)) > @@ -645,7 +645,7 @@ static struct aa_label *__label_insert(struct aa_labelset *ls, > AA_BUG(!ls); > AA_BUG(!label); > AA_BUG(labels_set(label) != ls); > - AA_BUG(!write_is_locked(&ls->lock)); > + lockdep_assert_held_exclusive(&ls->lock); > AA_BUG(label->flags & FLAG_IN_TREE); > > /* Figure out where to put new node */ >
Powered by blists - more mailing lists