Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp968555pxj; Wed, 2 Jun 2021 16:43:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyIib1TiY+rNCLLLzU7C2El+yYLPmgVhqK1/ekC1QIoVQkIH16eZUq4T4+JVXehmG7tL7MG X-Received: by 2002:a17:907:2bd6:: with SMTP id gv22mr19528942ejc.431.1622677407658; Wed, 02 Jun 2021 16:43:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622677407; cv=none; d=google.com; s=arc-20160816; b=X16kooGlR7GcxJnQdn3ekBVamX6DOy9xDxp9AfaWM2bRyFBwB4Wo5sxpXt9Ba+/uLO WBsb1nqH8wSc/W4Gq4sEryeslkynZ9BSmVeuIbWICz06bVxo6zqPC/1Je3VEnHp3WA18 suI3kx0yS5qaL44mx7vZRlHawRfbTgqDka9t2VvoQNjzlksz1qmXliGIx6DgWdlFdgaW Ttk6/gPjhKHHmqiDNOKbSED/23mxPTW6kLWa14LQb+6G73/YMZy9PByknqEE2i2bTjEQ XahlJwh9/VpnpuMlVfhZmtnqz2D50nTuy+PJQPIhT26JhfQmNSN4VqIXxdzENzwVMNhd Mqow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=+toArruJ3eRIR/A2mvRnWwBK2Vc1ZfxuTnObnbkQWeM=; b=RJgbpEghi6vgXLttpBCkd0G4Lr7Gm/2meWLqRoYjttgf9T49OTWFrwmNGC//DMuKvY 5OCOuzlg5V8hz7o3UTYUkpM6fFsATcA3XQsbQ1f7/Le/5Wk2gHWyypvsX79MDKNuKUXR Ab6v6zzkpfR4Q9f018X/qBtuEGAa1h0qBHCLFG0PDi0yJxnXbAdAfF9vfT80J4Aw90Di gtpyyRIT6C5W6/XHjzOb0Y31Sbmd3d7/UrYfKll/Y8wz37Us/eDPTe8GV2z64EksGFSD o9UUQ9oh21S8YY3JUhuUisDL2eRBvISvvXPVj69QEBeBcuLxtIfledUUO+poHkoRMrQl m5rQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nwIddzop; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b15si1135605edd.44.2021.06.02.16.43.04; Wed, 02 Jun 2021 16:43:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=nwIddzop; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229746AbhFBXne (ORCPT + 99 others); Wed, 2 Jun 2021 19:43:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229533AbhFBXne (ORCPT ); Wed, 2 Jun 2021 19:43:34 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DCBA8C06174A; Wed, 2 Jun 2021 16:41:36 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id h12-20020a17090aa88cb029016400fd8ad8so2745907pjq.3; Wed, 02 Jun 2021 16:41:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=+toArruJ3eRIR/A2mvRnWwBK2Vc1ZfxuTnObnbkQWeM=; b=nwIddzopGo1lXM/ErFpAIVU2mAP8V8VYQU0HtzxOig+9z3Yv+DPQAfqpSKQGIKcCbC 6MLTdoAuVoSHFsNLlKRmSI5X5PreVkSLfZ5e8ktnm5chxyEC/KYiQhRWdtrLo9ebMkXz 8KLYHBFZSChX0zEfbiCO9goGiOr6HZTc7sS/K9Tj9vlo/GfSbCx+eZGuh0woDFmd2eFe iOKq6Am1idc3kY2gYYNikNotA1jPmY6UpZVbr268E18e4b37N0w4pLKpMshGv4zMwAkn F2kqQYmkGXTSx/KTIWTZR8+PwPxJzwhd+gV5+iNzGm7asFY0xmk3H2yLZAoxnXSXyksP qFXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=+toArruJ3eRIR/A2mvRnWwBK2Vc1ZfxuTnObnbkQWeM=; b=T09ff5kWaVVmfi6FSTLiHrpNeTc/otusmEigd2AN61X1wI6hgruph7akCgX+TlR0ps uNdgLHpOu3mpCHHDZVmke3DfFmB5MslSDu8G7NwUPj5/L8N/rWUO8stt8k69+f2zz5Z2 fwZJG2ly0LGyOS6gi9fKCu3bObeDoLUMAGXZ+5z+8++6WV/Fw4b/ToZOBnvsn7rp+u5+ h4qg8e/t2j2fiq+3cAgeMeVOy23FBnE9yPu1R2CqfY4WtIWU1lVM+po26+e6EEPZGdpI 6aXzCLJ5jso4T5PmW+mT3igNnX4BAMWw9QfE9gG5Ey0dD1vwkj4xaoN5C+92yfYaW9W4 xD8w== X-Gm-Message-State: AOAM533aEreJ46fzRELso/RAdTTJjM/dEnNF93uHs2Owp7jaReSSg84O gQjrvMf357SwlpviIRwF7M26cnkwq1FZ+jAQmKc= X-Received: by 2002:a17:90b:33c3:: with SMTP id lk3mr8138470pjb.33.1622677296349; Wed, 02 Jun 2021 16:41:36 -0700 (PDT) MIME-Version: 1.0 References: <20210602054802.GA984@raspberrypi> In-Reply-To: From: Austin Kim Date: Thu, 3 Jun 2021 08:41:27 +0900 Message-ID: Subject: Re: [PATCH] selinux: remove duplicated LABEL_INITIALIZED check routine To: Paul Moore Cc: Stephen Smalley , Eric Paris , selinux@vger.kernel.org, linux-kernel@vger.kernel.org, =?UTF-8?B?6rmA64+Z7ZiE?= , kernel-team@lge.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2021=EB=85=84 6=EC=9B=94 2=EC=9D=BC (=EC=88=98) =EC=98=A4=ED=9B=84 11:32, P= aul Moore =EB=8B=98=EC=9D=B4 =EC=9E=91=EC=84=B1: > > On Wed, Jun 2, 2021 at 1:48 AM Austin Kim wrote: > > > > The 'isec->initialized =3D=3D LABEL_INITIALIZED' is checked twice in a = row, > > since selinux was mainlined from Linux-2.6.12-rc2. > > > > Since 'isec->initialized' is protected using spin_lock(&isec->lock) > > within various APIs, it had better remove first exceptional routine. > > > > With this commit, the code look simpler, easier to read and maintain. > > > > Signed-off-by: Austin Kim > > --- > > security/selinux/hooks.c | 3 --- > > 1 file changed, 3 deletions(-) > > This is a common pattern when dealing with lock protected variables: > first check the variable before taking the lock (fast path) and if > necessary take the lock and re-check the variable when we know we have > exclusive access. > > In the majority of cases the SELinux inode initialization value goes > from LABEL_INVALID to LABEL_INITIALIZED and stays there; while there > is an invalidation function/hook that is used by some > network/distributed filesystems, it isn't a common case to the best of > my knowledge. With that understanding it makes perfect sense to do a > quick check to first see if the inode is initialized in > inode_doinit_with_dentry() and return quickly, without taking a lock, > if it is already initialized. In the case where the inode has not > been previously initialized, or has been invalidated, we take the > spinlock to guarantee we are not racing with another task and re-check > the initialization value to ensure that another task hasn't > initialized the inode and act accordingly. > > The existing code is correct. > Understood, after looking into all routines related to 'isec->initialized' = again where 'isec->initialized' statement is not always protected spin_lock(&isec->lock) during initialization progress. Thanks for valuable feedback. > -- > paul moore > www.paul-moore.com