Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3186481ybl; Sun, 15 Dec 2019 04:46:00 -0800 (PST) X-Google-Smtp-Source: APXvYqz5JRSAMcjIz6Gita+zirWbdaIObPmxVl+PU4EpbCf3FBljlQeBDBJGLtIrl2Cid0bSv+62 X-Received: by 2002:a9d:7510:: with SMTP id r16mr25920145otk.303.1576413960464; Sun, 15 Dec 2019 04:46:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576413960; cv=none; d=google.com; s=arc-20160816; b=vajgiMgawH+0f/nx/JfGDZ6oQs787YG6sh/RYUU2I2EB3H+hwL0NoLWmYE72yBMGkq ZIzF+BqtIwb/WFDv6gWEoQaRTx/nqBy+NHpV5gHCUy7hfqjAKr7Nuk2rZ2/I5+i6TVnR W+RXoH/Zy2cKdpFn/6cfV3aGj+wbrmIyuYoiygKEirby4nq3Ca/scYpdqg4raof0seXe GC+87o23Tgh6KL2TlyNS+a/NjiK2Pgc09HP5qlzhpFgV2BHjSyRhvDMSzZ7SX8A+mOt3 3tXEA5o+sfAye37uux+soPDxjmYjmd8tEcW0BuNvtujIlnW0iFa5fpBByC5REFvWQHx6 TTEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=NGDcHpMuWN/atW50rEC7H4ctqMyUmzd+ypat7yCgV0k=; b=mclbXnh5FpHzkEANUjeA1imzQfyjSKhf2BjHJf9xGD7Gwl/obROCIrp5PQ+wFwkMIS d/0GiAwJJJ7lfCz7QkLSeDz0xzHJo8lhAixqKKVPF2GRjL/vL0cn28NQEXhx2fyL7LvR f0WCioyw/Zq2C9STvTmm8zicvM7PvUDCd2h/zuNfkuqnO8bYZlzxEe/XiyKP+tI0SASx B8LtWClBWE76O1BS758yxuUgUnUG9/pRJgNA9AUYOz0oWLzn7qI4ieEqLSYl1hxW6pcH a6RydcJKWTC915pgcRCYo3KAVaEDZFg/zfxeNuusix1m05pmrtjp5n9d4uqQxB1HO4Dx ueDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y186si9320156oia.108.2019.12.15.04.45.48; Sun, 15 Dec 2019 04:46:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726282AbfLOMor (ORCPT + 99 others); Sun, 15 Dec 2019 07:44:47 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:51876 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726199AbfLOMor (ORCPT ); Sun, 15 Dec 2019 07:44:47 -0500 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xBFCgM7k017694 for ; Sun, 15 Dec 2019 07:44:46 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2wwe4htg21-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 15 Dec 2019 07:44:45 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sun, 15 Dec 2019 12:44:43 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Sun, 15 Dec 2019 12:44:40 -0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xBFCidZk49348706 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 15 Dec 2019 12:44:39 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9CC9B42041; Sun, 15 Dec 2019 12:44:39 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7C3DA4203F; Sun, 15 Dec 2019 12:44:38 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.206.32]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Sun, 15 Dec 2019 12:44:38 +0000 (GMT) Subject: Re: [PATCH v3 1/2] IMA: Define workqueue for early boot "key" measurements From: Mimi Zohar To: Lakshmi Ramasubramanian , linux-integrity@vger.kernel.org Cc: eric.snowberg@oracle.com, dhowells@redhat.com, mathew.j.martineau@linux.intel.com, matthewgarrett@google.com, sashal@kernel.org, jamorris@linux.microsoft.com, linux-kernel@vger.kernel.org, keyrings@vger.kernel.org Date: Sun, 15 Dec 2019 07:44:37 -0500 In-Reply-To: <1576242406.4579.239.camel@linux.ibm.com> References: <20191213004250.21132-1-nramas@linux.microsoft.com> <20191213004250.21132-2-nramas@linux.microsoft.com> <1576202134.4579.189.camel@linux.ibm.com> <6e0dad33-66f9-4807-d08d-ff30396cec5e@linux.microsoft.com> <1576204377.4579.206.camel@linux.ibm.com> <1576242406.4579.239.camel@linux.ibm.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19121512-0012-0000-0000-00000375088F X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19121512-0013-0000-0000-000021B0EB8C Message-Id: <1576413877.4579.280.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-15_03:2019-12-13,2019-12-15 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 mlxlogscore=999 clxscore=1015 bulkscore=0 adultscore=0 mlxscore=0 spamscore=0 phishscore=0 lowpriorityscore=0 impostorscore=0 priorityscore=1501 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912150121 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2019-12-13 at 08:06 -0500, Mimi Zohar wrote: > On Thu, 2019-12-12 at 18:59 -0800, Lakshmi Ramasubramanian wrote: > > On 12/12/2019 6:32 PM, Mimi Zohar wrote: > > > > >>> > > >>> Don't you need a test here, before setting ima_process_keys? > > >>> > > >>> if (ima_process_keys) > > >>> return; > > > >> That check is done before the comment - at the start of > > >> ima_process_queued_keys(). > > > > > > The first test prevents taking the mutex unnecessarily. > > > > > > > I am trying to understand your concern here. Could you please clarify? > > > > => If ima_process_keys is false > > -> With the mutex held, should check ima_process_keys again > > before setting? > > > > Let's say 2 or more threads are racing in calling ima_process_queued_keys(): > > > > The 1st one will set ima_process_keys and process queued keys. > > > > The 2nd and subsequent ones - even if they have gone past the initial > > check, will find an empty list of keys (the list "ima_keys") when they > > take the mutex. So they'll not process any keys. > > I just need to convince myself that this is correct.  Normally before > reading and writing a flag, there is some sort of locking.  With > taking the mutex before setting the flag, there is now only a lock > around the single writer. > > Without taking a lock before reading the flag, will the queue always > be empty is the question.  If it is, then the comment is correct, but > the code assumes not and processes the list again.  Testing the flag > after taking the mutex just re-enforces the comment. > > Bottom line, does reading the flag need to be lock protected? Reading the flag IS lock protected, just spread across two functions.  For performance, ima_post_key_create_or_update() checks ima_process_keys, before calling ima_queue_key(), which takes the mutex before checking ima_process_keys again. As long as both the reader and writer, take the mutex before checking the flag, the locking is fine.  The additional check, before taking the mutex, is simply for performance. Mimi