From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [AppArmor 40/41] AppArmor: all the rest Date: Thu, 12 Apr 2007 11:32:00 +0100 Message-ID: <20070412103200.GE4095@ftp.linux.org.uk> References: <20070412090809.917795000@suse.de> <20070412090849.824835000@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, chrisw@sous-sol.org, Andreas Gruenbacher To: jjohansen@suse.de Return-path: Content-Disposition: inline In-Reply-To: <20070412090849.824835000@suse.de> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Apr 12, 2007 at 02:08:49AM -0700, jjohansen@suse.de wrote: > + } else if (profile1 > profile2) { > + /* profile1 cannot be NULL here. */ > + spin_lock_irqsave(&profile1->lock, profile1->int_flags); > + if (profile2) > + spin_lock(&profile2->lock); > + > + } else { > + /* profile2 cannot be NULL here. */ > + spin_lock_irqsave(&profile2->lock, profile2->int_flags); > + spin_lock(&profile1->lock); > + } Ahem... profile2 is locked individually. profile1 > profile2. profile1 is not locked. We try to lock both. profile1 is locked OK, flags (with interrupts disabled) are stored into it. We spin trying to lock profile2. Eventually, whoever had held profile2 unlocks it, restoring the flags from profile2. We happily grab the spinlock and move on. When we unlock the pair, we restore flags from profile1. I.e. we are left with interrupts disabled.