[apparmor] [PATCH 19/43] apparmor: convert profile lists to RCU based locking

Seth Arnold seth.arnold at canonical.com
Sat Feb 23 01:08:43 UTC 2013


On Fri, Feb 08, 2013 at 01:00:55PM -0800, John Johansen wrote:

The patch changed the 'Requires' comment here to mention rcu_read_lock
must be held before calling __policy_find(). I've found code paths that
appear to ignore this advice (again, using HEAD).

> /**
>  * __policy_find - find a policy by @name on a policy list
>  * @head: list to search  (NOT NULL)
>  * @name: name to search for  (NOT NULL)
>  *
>  * Requires: rcu_read_lock be held
>  *
>  * Returns: unrefcounted policy that match @name or NULL if not found
>  */
> static struct aa_policy *__policy_find(struct list_head *head, const char *name)
> {
>         struct aa_policy *policy;
> 
>         list_for_each_entry_rcu(policy, head, list) {
>                 if (!strcmp(policy->name, name))
>                         return policy;
>         }
>         return NULL;
> }

profile_load() / profile_replace()
aa_replace_profiles()
aa_prepare_namespace() (locks root->lock)
__aa_find_namespace()
__policy_find()


profile_load() / profile_replace()
aa_replace_profiles()
__lookup_replace()
__lookup_profile()
__find_child()
__policy_find()


profile_remove()
aa_remove_profiles()  (locks ns->lock)
__lookup_profile()
__find_child()
__policy_find()


Thanks John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130222/0da831bd/attachment.pgp>


More information about the AppArmor mailing list