lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ff0e8a95-7395-41b3-b3b4-e0f678a2a581@canonical.com>
Date:   Tue, 17 Oct 2023 02:26:35 -0700
From:   John Johansen <john.johansen@...onical.com>
To:     Sergey Senozhatsky <senozhatsky@...omium.org>
Cc:     Anil Altinay <aaltinay@...gle.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        LKLM <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Tomasz Figa <tfiga@...omium.org>,
        linux-security-module@...r.kernel.org,
        John Johansen <john.johansen@...onical.com>
Subject: Re: [PATCH v5 4/4] apparmor: limit the number of buffers in percpu
 cache

Force buffers to be returned to the global pool, regardless of contention
when the percpu cache is full. This ensures that the percpu buffer list
never grows longer than needed.

Signed-off-by: John Johansen <john.johansen@...onical.com>
---
  security/apparmor/lsm.c | 9 ++++++++-
  1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 52423d88854a..e6765f64f6bf 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -56,6 +56,7 @@ struct aa_local_cache {
  	struct list_head head;
  };
  
+#define MAX_LOCAL_COUNT 2
  #define RESERVE_COUNT 2
  static int reserve_count = RESERVE_COUNT;
  static int buffer_count;
@@ -1878,9 +1879,15 @@ void aa_put_buffer(char *buf)
  
  	cache = get_cpu_ptr(&aa_local_buffers);
  	if (!cache->hold) {
+		bool must_lock = cache->count >= MAX_LOCAL_COUNT;
+
  		put_cpu_ptr(&aa_local_buffers);
  
-		if (spin_trylock(&aa_buffers_lock)) {
+		if (must_lock) {
+			spin_lock(&aa_buffers_lock);
+			goto locked;
+		} else if (spin_trylock(&aa_buffers_lock)) {
+		locked:
  			/* put back on global list */
  			list_add(&aa_buf->list, &aa_global_buffers);
  			buffer_count++;
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ