On Sun, Jul 06, 2014 at 11:39:00PM +0200, Mateusz Guzik wrote: > On Sun, Jul 06, 2014 at 11:18:51PM +0200, Mateusz Guzik wrote: > > On Tue, Jul 01, 2014 at 09:09:03PM +0300, Konstantin Belousov wrote: > > > On Tue, Jul 01, 2014 at 02:54:10PM +0200, Mateusz Guzik wrote: > > > > It is passed down to MAC (mac_vnode_execve_will_transition and > > > > mac_vnode_execve_transition) and then vfs_mark_atime. > > > And we can lock it only there. > > > > > > > I don't see how this code could be reorganized to reduce vnode lock > > coverage and not add unlock + lock pair to the common case (no hwpmc and > > no credential change). > > > > vfs_mark_atime is only called when execve cannot return an error > > anymore, with vnode locked and proc unlocked. Moving it before hwpmc > > checks would require additional pair of proc unlock/lock. > > > > That said, I would prefer to just commit previously proposed fixup. > > Ok.
> > hm, I only now notice that fexecve case does: > vn_lock(binvp, LK_EXCLUSIVE | LK_RETRY) > > I guess this can be safely changed to LK_SHARED. No, it cannot. The VV_TEXT flag must be handled under the exclusive lock.
pgpq7sen7CDjI.pgp
Description: PGP signature
