mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add locking documentation

Browse source
This commit is contained in:
Andreas Gruenbacher 2007-02-21 01:16:40 +00:00
parent 0f97882aa3
commit d462346781
1 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
kernel-patches/for-mainline/rework-locking-2.diff
View file

@ -930,3 +930,54 @@ Index: b/security/apparmor/apparmorfs.c
vfree(data);
} else {
error = PTR_ERR(data);
Index: b/security/apparmor/locking.txt
===================================================================
--- /dev/null
+++ b/security/apparmor/locking.txt
@@ -0,0 +1,46 @@
+Locking in AppArmor
+===================
+
+Lock hierarchy:
+
+ profile_list_lock
+ aa_profile->lock
+ task_lock()
+
+
+Which lock protects what?
+
+ /-----------------------+-------------------------------\
+ | Variable | Lock |
+ >-----------------------+-------------------------------<
+ | profile_list, | profile_list_lock |
+ +-----------------------+-------------------------------+
+ | aa_profile-> | aa_profile->lock |
+ | isstale, | |
+ | task_contexts | |
+ | aa_profile->count | RCU |
+ +-----------------------+-------------------------------+
+ | aa_task_context-> | |
+ | profile | read: RCU |
+ | | write: aa_profile->lock + |
+ | | task_lock() |
+ +-----------------------+-------------------------------+
+ | task_struct->security | read: RCU |
+ | | write: task_lock() |
+ +-----------------------+-------------------------------+
+ | aa_profile->sub | handle on the profile (list |
+ | | is never modified) |
+ \-----------------------+-------------------------------/
+
+(Obviously, the list_heads embedded in data structures are always
+protected with the lock that also protects the list.)
+
+When moving a task context from one profile to another, we grab both
+profile locks with lock_both_profiles(). This ensures that both locks
+are always taken in the same order, and so we won't deadlock.
+
+Since aa_task_struct->profile is RCU protected, it can change under a
+reader at any time. Therefore, we should grab the pointer and use the
+cached result, but we can only do this after all blocking operations (or
+else the pointer could just change again). The ->profile pointer may
+change or become NULL at any time; we must be careful about this.