From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [AppArmor 40/41] AppArmor: all the rest Date: Thu, 12 Apr 2007 12:32:17 +0100 Message-ID: <20070412113217.GA21911@ftp.linux.org.uk> References: <20070412090809.917795000@suse.de> <20070412090849.824835000@suse.de> <20070412103200.GE4095@ftp.linux.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, chrisw@sous-sol.org, Andreas Gruenbacher To: jjohansen@suse.de Return-path: Received: from zeniv.linux.org.uk ([195.92.253.2]:45421 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753366AbXDLLcR (ORCPT ); Thu, 12 Apr 2007 07:32:17 -0400 Content-Disposition: inline In-Reply-To: <20070412103200.GE4095@ftp.linux.org.uk> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Thu, Apr 12, 2007 at 11:32:00AM +0100, Al Viro wrote: > On Thu, Apr 12, 2007 at 02:08:49AM -0700, jjohansen@suse.de wrote: > > + } else if (profile1 > profile2) { > > + /* profile1 cannot be NULL here. */ > > + spin_lock_irqsave(&profile1->lock, profile1->int_flags); > > + if (profile2) > > + spin_lock(&profile2->lock); > > + > > + } else { > > + /* profile2 cannot be NULL here. */ > > + spin_lock_irqsave(&profile2->lock, profile2->int_flags); > > + spin_lock(&profile1->lock); > > + } > > Ahem... > > profile2 is locked individually. profile1 > profile2. profile1 is not > locked. We try to lock both. profile1 is locked OK, flags (with interrupts > disabled) are stored into it. We spin trying to lock profile2. Eventually, > whoever had held profile2 unlocks it, restoring the flags from profile2. > We happily grab the spinlock and move on. When we unlock the pair, we > restore flags from profile1. I.e. we are left with interrupts disabled. Please, ignore - shouldn't have posted without coffee... Flags would be for different CPUs in that case, obviously.