On 02/22/2013 05:08 PM, Seth Arnold wrote: > On Fri, Feb 08, 2013 at 01:00:55PM -0800, John Johansen wrote: > > The patch changed the 'Requires' comment here to mention rcu_read_lock > must be held before calling __policy_find(). I've found code paths that > appear to ignore this advice (again, using HEAD). > correct perhaps the comment could be changed to rcu_read_lock or the namespace mutex lock held.
If you hold the mutex lock (writer) you are the one making the changes so you are safe. >> /** >> * __policy_find - find a policy by @name on a policy list >> * @head: list to search (NOT NULL) >> * @name: name to search for (NOT NULL) >> * >> * Requires: rcu_read_lock be held >> * >> * Returns: unrefcounted policy that match @name or NULL if not found >> */ >> static struct aa_policy *__policy_find(struct list_head *head, const char >> *name) >> { >> struct aa_policy *policy; >> >> list_for_each_entry_rcu(policy, head, list) { >> if (!strcmp(policy->name, name)) >> return policy; >> } >> return NULL; >> } > > profile_load() / profile_replace() > aa_replace_profiles() > aa_prepare_namespace() (locks root->lock) > __aa_find_namespace() > __policy_find() > > > profile_load() / profile_replace() > aa_replace_profiles() > __lookup_replace() > __lookup_profile() > __find_child() > __policy_find() > > > profile_remove() > aa_remove_profiles() (locks ns->lock) > __lookup_profile() > __find_child() > __policy_find() > all of these are writer paths holding the ns mutext lock for the searched list -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor