Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp627679pxj; Wed, 2 Jun 2021 07:36:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwTJ8WvquX6Zx6+5vreCB6gyRqiG/dkrbDBNafkHpDjlf+yJCZkjDGMmH0JFp3EbszHNSuH X-Received: by 2002:aa7:c9cf:: with SMTP id i15mr37897154edt.118.1622644570117; Wed, 02 Jun 2021 07:36:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622644570; cv=none; d=google.com; s=arc-20160816; b=mpVOAkuYDj4QVyoD5+RncE6+65402lz3KBspt3eeISL1duIG5ZW4N8VV2aeQ6Zgr4N 3fYwmG0LWkekic7QZSuF3KeTyArg0e+aRZEuvi5c/+KPbmv6gmgdiLzumLAX4QwQ4kOe 1mBfemfYioJUPQu/95vO0go3+8XQXZeqMnLe5+Y9bXK9xVqwXwW28yz4ZYp9AwraFXeb fdn5GFqzWqMYhBc3xkFaoF1W4KFX2tuGBNhc7KjlG5ahPzYO/QDogC1yoUGL+o5npIOi XoElx59EmqjKV3stjhJyIrD0dFroYUqBALFVhDpx3zwIwKNBG9rMEpZVsHXg8Ca2123+ KmLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9NEzqXEUZcOuaAjPBHdBD3YzSrWcsSUbM7pL6pp882Y=; b=iCQrEGkpBuY3Hk+eyBdzXLm0/KPlo/g+5fM3xGGyXejNdpJjrz7fXGJWBjxRFVHkwn kqsXqvRDeKF0iuJT4r8pus0v5U9oqXA1pR4WfXBhpEJMpqJoVbOr4lyYW78fFfo0J+EB r+wT5UzebKHxPx2pDwZGgilPV8mYNb+kcWcvCX+wFw7Ep8HgsOzQVRZV1yHgA8aSee7/ x7+kcsOdwux+p4cghsgKarLam651piPdcYr5uEJkwkcVUqPgcgHPDHs2cHTD/tMecMay eBmE3kRJnhozl0NHfxdyZ+RWEWmrgaFzulsZ95ardBH3EZFnH7g028wV8ow6W3HGkFxK ba9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=HM2JLmp+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s3si28803ejb.697.2021.06.02.07.35.39; Wed, 02 Jun 2021 07:36:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=HM2JLmp+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231320AbhFBOfI (ORCPT + 99 others); Wed, 2 Jun 2021 10:35:08 -0400 Received: from mail-ej1-f51.google.com ([209.85.218.51]:36564 "EHLO mail-ej1-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231163AbhFBOfB (ORCPT ); Wed, 2 Jun 2021 10:35:01 -0400 Received: by mail-ej1-f51.google.com with SMTP id a11so3479917ejf.3 for ; Wed, 02 Jun 2021 07:33:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9NEzqXEUZcOuaAjPBHdBD3YzSrWcsSUbM7pL6pp882Y=; b=HM2JLmp+cb2rdJXbwwCHeQpd+Dc/h/jgkm546CJQyOo/Cg+mQEP++Ynlso1n0rM02m pEMLMG67U3tbON5cmtQw8jB0X+Ur2Qc7EnKKvXkYxLC3uVTQCb6jBOy6+2c/jDavAh2e Ot5T7WWmE5G//I0VeNunVTc6qGFGMCB/dV3Shz94igkiZQNM1P3gTjKMKSCGDSyHUZHJ BrJVmsru/YODLzr2F+YBY5y7rOb6NCTjJUiajyYOzXIzm/XDLuEaP0/35G9Hy5e5Auah 4SLAKXMJkyY+YGh3dY0EFxjiHdziTwKL9aQn4ehlj6msJTCbmWWi4EnHFQI5J6/YNObK iDvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9NEzqXEUZcOuaAjPBHdBD3YzSrWcsSUbM7pL6pp882Y=; b=jgVXMXVBWifI7fdojcoPRs4UY8weAxpFnypDEolG+0SW5zNLM43AKGVr9a1ZJyOMzU 2sI2hAqT9DyClG6qs4/UhTd/IL5Ihc0xm+BP1wV8nPO2GF+F+aWj4O8e601mwesixhCa tyiWW6lhKUaqY+N/v0C6E5sPfRnk7jyJpEklKqF85oarOYXTywuqP+PVuJJ0l8XsOCY/ x1h90poAkLujd9gYc8j+x5fZJRlAwnQX64WSIvslgw6cuX21PMUGdsoj3/2Ivx42NGOt CBxveziQy8YmA72X07bLKyNVgVF/a1NruXIOPH+4Wdyqil0OXvRWNR0w6H+d6Ab8ZSDE RaIQ== X-Gm-Message-State: AOAM533rfLzN5Tu37VTdaz4Tcvuw2Rn7RcgbyoUMnUt4dRraBqzc3o0b z1CDYGr9EQXQwwUAJdqf+MKRRspqr7puAF0sWp3B X-Received: by 2002:a17:906:1113:: with SMTP id h19mr25232518eja.398.1622644337403; Wed, 02 Jun 2021 07:32:17 -0700 (PDT) MIME-Version: 1.0 References: <20210602054802.GA984@raspberrypi> In-Reply-To: <20210602054802.GA984@raspberrypi> From: Paul Moore Date: Wed, 2 Jun 2021 10:32:06 -0400 Message-ID: Subject: Re: [PATCH] selinux: remove duplicated LABEL_INITIALIZED check routine To: Austin Kim Cc: Stephen Smalley , Eric Paris , selinux@vger.kernel.org, linux-kernel@vger.kernel.org, austin.kim@lge.com, kernel-team@lge.com Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 2, 2021 at 1:48 AM Austin Kim wrote: > > The 'isec->initialized == LABEL_INITIALIZED' is checked twice in a row, > since selinux was mainlined from Linux-2.6.12-rc2. > > Since 'isec->initialized' is protected using spin_lock(&isec->lock) > within various APIs, it had better remove first exceptional routine. > > With this commit, the code look simpler, easier to read and maintain. > > Signed-off-by: Austin Kim > --- > security/selinux/hooks.c | 3 --- > 1 file changed, 3 deletions(-) This is a common pattern when dealing with lock protected variables: first check the variable before taking the lock (fast path) and if necessary take the lock and re-check the variable when we know we have exclusive access. In the majority of cases the SELinux inode initialization value goes from LABEL_INVALID to LABEL_INITIALIZED and stays there; while there is an invalidation function/hook that is used by some network/distributed filesystems, it isn't a common case to the best of my knowledge. With that understanding it makes perfect sense to do a quick check to first see if the inode is initialized in inode_doinit_with_dentry() and return quickly, without taking a lock, if it is already initialized. In the case where the inode has not been previously initialized, or has been invalidated, we take the spinlock to guarantee we are not racing with another task and re-check the initialization value to ensure that another task hasn't initialized the inode and act accordingly. The existing code is correct. -- paul moore www.paul-moore.com