| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Dec 2019 09:31:45 -0800
From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
zohar@...ux.ibm.com, linux-integrity@...r.kernel.org
Cc: eric.snowberg@...cle.com, dhowells@...hat.com,
mathew.j.martineau@...ux.intel.com, matthewgarrett@...gle.com,
sashal@...nel.org, jamorris@...ux.microsoft.com,
linux-kernel@...r.kernel.org, keyrings@...r.kernel.org
Subject: Re: [PATCH v4 2/2] IMA: Call workqueue functions to measure queued
keys
On 12/13/19 9:25 AM, James Bottomley wrote:
Hi James,
>
> There's no locking around the ima_process_keys flag. If you get two
> policy updates in quick succession can't this flag change as you're
> processing the second update meaning you lose it because the flag was
> false when you decided to build it for the queue but becomes true
> before you check above whether you need to queue it?
>
> Note you don't need locking to fix this, you just need to ensure that
> you use the same copy of the flag value for both tests.
>
> James
>
Same flag (ima_process_keys) is used for making the queuing decision.
Taking a lock to access ima_process_keys is required only if the flag is
false. That is handled in ima_queue_key() and ima_process_queued_keys()
functions.
Queued keys are processed when the first policy update occurs.
Subsequently, the keys are processed immediately (not queued).
Could you please review those functions in this patch and let me know if
you see a problem?
thanks,
-lakshmi
Powered by blists - more mailing lists