From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
zohar@linux.ibm.com, linux-integrity@vger.kernel.org
Cc: eric.snowberg@oracle.com, dhowells@redhat.com,
mathew.j.martineau@linux.intel.com, matthewgarrett@google.com,
sashal@kernel.org, jamorris@linux.microsoft.com,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org
Subject: Re: [PATCH v4 2/2] IMA: Call workqueue functions to measure queued keys
Date: Sun, 15 Dec 2019 15:22:33 +0000 [thread overview]
Message-ID: <1576423353.3343.3.camel@HansenPartnership.com> (raw)
In-Reply-To: <39624b97-245c-ed05-27c5-588787aacc00@linux.microsoft.com>
On Fri, 2019-12-13 at 09:31 -0800, Lakshmi Ramasubramanian wrote:
> On 12/13/19 9:25 AM, James Bottomley wrote:
>
> Hi James,
>
> >
> > There's no locking around the ima_process_keys flag. If you get
> > two policy updates in quick succession can't this flag change as
> > you're processing the second update meaning you lose it because the
> > flag was false when you decided to build it for the queue but
> > becomes true before you check above whether you need to queue it?
> >
> > Note you don't need locking to fix this, you just need to ensure
> > that you use the same copy of the flag value for both tests.
> >
> > James
> >
>
> Same flag (ima_process_keys) is used for making the queuing decision.
>
> Taking a lock to access ima_process_keys is required only if the flag
> is false. That is handled in ima_queue_key() and
> ima_process_queued_keys() functions.
>
> Queued keys are processed when the first policy update occurs.
> Subsequently, the keys are processed immediately (not queued).
>
> Could you please review those functions in this patch and let me know
> if you see a problem?
This is the problem:
if (!flag)
pre()
.
.
.
if (!flag)
post()
And your pre and post function either have to both run or neither must.
However, the flag is set asynchronously, so if it gets set while
another thread is running through the above code, it can change after
pre is run but before post is.
James
WARNING: multiple messages have this Message-ID (diff)
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
zohar@linux.ibm.com, linux-integrity@vger.kernel.org
Cc: eric.snowberg@oracle.com, dhowells@redhat.com,
mathew.j.martineau@linux.intel.com, matthewgarrett@google.com,
sashal@kernel.org, jamorris@linux.microsoft.com,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org
Subject: Re: [PATCH v4 2/2] IMA: Call workqueue functions to measure queued keys
Date: Sun, 15 Dec 2019 07:22:33 -0800 [thread overview]
Message-ID: <1576423353.3343.3.camel@HansenPartnership.com> (raw)
In-Reply-To: <39624b97-245c-ed05-27c5-588787aacc00@linux.microsoft.com>
On Fri, 2019-12-13 at 09:31 -0800, Lakshmi Ramasubramanian wrote:
> On 12/13/19 9:25 AM, James Bottomley wrote:
>
> Hi James,
>
> >
> > There's no locking around the ima_process_keys flag. If you get
> > two policy updates in quick succession can't this flag change as
> > you're processing the second update meaning you lose it because the
> > flag was false when you decided to build it for the queue but
> > becomes true before you check above whether you need to queue it?
> >
> > Note you don't need locking to fix this, you just need to ensure
> > that you use the same copy of the flag value for both tests.
> >
> > James
> >
>
> Same flag (ima_process_keys) is used for making the queuing decision.
>
> Taking a lock to access ima_process_keys is required only if the flag
> is false. That is handled in ima_queue_key() and
> ima_process_queued_keys() functions.
>
> Queued keys are processed when the first policy update occurs.
> Subsequently, the keys are processed immediately (not queued).
>
> Could you please review those functions in this patch and let me know
> if you see a problem?
This is the problem:
if (!flag)
pre()
.
.
.
if (!flag)
post()
And your pre and post function either have to both run or neither must.
However, the flag is set asynchronously, so if it gets set while
another thread is running through the above code, it can change after
pre is run but before post is.
James
next prev parent reply other threads:[~2019-12-15 15:22 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-13 17:18 [PATCH v4 0/2] IMA: Deferred measurement of keys Lakshmi Ramasubramanian
2019-12-13 17:18 ` Lakshmi Ramasubramanian
2019-12-13 17:18 ` [PATCH v4 1/2] IMA: Define workqueue for early boot "key" measurements Lakshmi Ramasubramanian
2019-12-13 17:18 ` Lakshmi Ramasubramanian
2019-12-16 12:30 ` Mimi Zohar
2019-12-16 12:30 ` Mimi Zohar
2019-12-16 23:44 ` Lakshmi Ramasubramanian
2019-12-16 23:44 ` Lakshmi Ramasubramanian
2019-12-17 10:54 ` Mimi Zohar
2019-12-17 10:54 ` Mimi Zohar
2019-12-13 17:18 ` [PATCH v4 2/2] IMA: Call workqueue functions to measure queued keys Lakshmi Ramasubramanian
2019-12-13 17:18 ` Lakshmi Ramasubramanian
2019-12-13 17:25 ` James Bottomley
2019-12-13 17:25 ` James Bottomley
2019-12-13 17:31 ` Lakshmi Ramasubramanian
2019-12-13 17:31 ` Lakshmi Ramasubramanian
2019-12-15 15:22 ` James Bottomley [this message]
2019-12-15 15:22 ` James Bottomley
2019-12-16 1:12 ` Lakshmi Ramasubramanian
2019-12-16 1:12 ` Lakshmi Ramasubramanian
2019-12-16 6:53 ` James Bottomley
2019-12-16 6:53 ` James Bottomley
2019-12-16 13:05 ` Mimi Zohar
2019-12-16 13:05 ` Mimi Zohar
2019-12-16 19:20 ` Lakshmi Ramasubramanian
2019-12-16 19:20 ` Lakshmi Ramasubramanian
2019-12-16 21:17 ` James Bottomley
2019-12-16 21:17 ` James Bottomley
2019-12-16 21:37 ` Lakshmi Ramasubramanian
2019-12-16 21:37 ` Lakshmi Ramasubramanian
2019-12-16 21:52 ` Lakshmi Ramasubramanian
2019-12-16 21:52 ` Lakshmi Ramasubramanian
2019-12-17 22:22 ` Lakshmi Ramasubramanian
2019-12-17 22:22 ` Lakshmi Ramasubramanian
2019-12-18 2:01 ` James Bottomley
2019-12-18 2:01 ` James Bottomley
2019-12-18 2:44 ` Lakshmi Ramasubramanian
2019-12-18 2:44 ` Lakshmi Ramasubramanian
2019-12-18 2:59 ` Lakshmi Ramasubramanian
2019-12-18 3:00 ` Lakshmi Ramasubramanian
2019-12-18 3:24 ` James Bottomley
2019-12-18 3:24 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1576423353.3343.3.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=eric.snowberg@oracle.com \
--cc=jamorris@linux.microsoft.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathew.j.martineau@linux.intel.com \
--cc=matthewgarrett@google.com \
--cc=nramas@linux.microsoft.com \
--cc=sashal@kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.