From patchwork Tue Oct 3 14:32:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Will Deacon X-Patchwork-Id: 114698 Delivered-To: patch@linaro.org Received: by 10.140.22.163 with SMTP id 32csp1948690qgn; Tue, 3 Oct 2017 07:32:50 -0700 (PDT) X-Google-Smtp-Source: AOwi7QCvuvH+GCtPL6arg4N179iQkm9+nkeZ8Awx3w6PaI3f8iU/JQRctGg4ohiQhB/mESyY+J2x X-Received: by 10.84.235.135 with SMTP id p7mr17399063plk.181.1507041170726; Tue, 03 Oct 2017 07:32:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1507041170; cv=none; d=google.com; s=arc-20160816; b=yD3rqetDz2ogNHGeOjIOALlXgidjrt0Y52SkTim33hdFhEVMZGcjSJ1MYTpHXk2vJN O2ZAHB89+d97yQ0hQUsebm4WhNBva8jLnD+Cz0z7sXTGLiAtHOZl4uY2KjaFSq50zH3Q +/RSBMiRcix+2ug2RFpG7YmCyGg7FididohL51/rna+2QnIw6QLob1qE6K56a4HdmOUh Uml0dJ896uSCh65fwe3eShZFezxNxVbkTsYANfGG9kfIOyZCtJbvrMCQ8CuvFd65t1dN JyF/S+XBPQs8LXdg+XOwz6Pia3E1Ru1qNrP4ZttanordoSt6svRMqg5SFntiG9CaEXnN nlcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=IqDkzQt+XqczwQ3p+qj6xbJzvp6zt84ZWB0qfaonfqc=; b=CmKnYIYIFDIcz/TKaf2Po4TGtkSx2gjpMZFvrfN2ny7wLWgby09x5X8fkgyYh+3lRs roPPdL76+Ye+eLN5w4oqq679f3MW8Te6CFyB53d4kWpfr9ArvARxnMhYQSmmGdR/D4Dk IIqmn5tc+c1VXIH2rwV9/kdxyYCBa/oli+yYDowuCA++/9Fv9qwdvZ2Q36AWdS18h7OK w2NMFDl8uMUpjKxFbSZi6ATfF6tGsYT7Vh8PfFPigffHY21RsrBpiy4ffTP8ift/0tl3 QqofXDF01awJHdILPrSNRCrLNqJ5/j2Tns+2lAaPspH0G3XdOulAJ9BKg7lhD8o8+ikP 4XTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d90si10463687pld.672.2017.10.03.07.32.50; Tue, 03 Oct 2017 07:32:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751962AbdJCOcs (ORCPT + 26 others); Tue, 3 Oct 2017 10:32:48 -0400 Received: from foss.arm.com ([217.140.101.70]:49716 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751852AbdJCOcr (ORCPT ); Tue, 3 Oct 2017 10:32:47 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2AAAB1529; Tue, 3 Oct 2017 07:32:47 -0700 (PDT) Received: from edgewater-inn.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.72.51.249]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id F0CA23F53D; Tue, 3 Oct 2017 07:32:46 -0700 (PDT) Received: by edgewater-inn.cambridge.arm.com (Postfix, from userid 1000) id 98AC21AE2DB3; Tue, 3 Oct 2017 15:32:47 +0100 (BST) From: Will Deacon To: linux-kernel@vger.kernel.org Cc: john.johansen@canonical.com, paulmck@linux.vnet.ibm.com, Will Deacon , Peter Zijlstra Subject: [PATCH 1/2] security/apparmor: Replace homebrew use of write_can_lock with lockdep Date: Tue, 3 Oct 2017 15:32:45 +0100 Message-Id: <1507041166-10618-1-git-send-email-will.deacon@arm.com> X-Mailer: git-send-email 2.1.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The lockdep subsystem provides a robust way to assert that a lock is held, so use that instead of write_can_lock, which can give incorrect results for qrwlocks. Cc: John Johansen Cc: Peter Zijlstra Signed-off-by: Will Deacon --- security/apparmor/include/lib.h | 11 ----------- security/apparmor/label.c | 8 ++++---- 2 files changed, 4 insertions(+), 15 deletions(-) -- 2.1.4 Acked-by: John Johansen diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h index 436b3a722357..f546707a2bbb 100644 --- a/security/apparmor/include/lib.h +++ b/security/apparmor/include/lib.h @@ -19,17 +19,6 @@ #include "match.h" -/* Provide our own test for whether a write lock is held for asserts - * this is because on none SMP systems write_can_lock will always - * resolve to true, which is what you want for code making decisions - * based on it, but wrong for asserts checking that the lock is held - */ -#ifdef CONFIG_SMP -#define write_is_locked(X) !write_can_lock(X) -#else -#define write_is_locked(X) (1) -#endif /* CONFIG_SMP */ - /* * DEBUG remains global (no per profile flag) since it is mostly used in sysctl * which is not related to profile accesses. diff --git a/security/apparmor/label.c b/security/apparmor/label.c index c5b99b954580..ad28e03a6f30 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -80,7 +80,7 @@ void __aa_proxy_redirect(struct aa_label *orig, struct aa_label *new) AA_BUG(!orig); AA_BUG(!new); - AA_BUG(!write_is_locked(&labels_set(orig)->lock)); + lockdep_assert_held_exclusive(&labels_set(orig)->lock); tmp = rcu_dereference_protected(orig->proxy->label, &labels_ns(orig)->lock); @@ -571,7 +571,7 @@ static bool __label_remove(struct aa_label *label, struct aa_label *new) AA_BUG(!ls); AA_BUG(!label); - AA_BUG(!write_is_locked(&ls->lock)); + lockdep_assert_held_exclusive(&ls->lock); if (new) __aa_proxy_redirect(label, new); @@ -608,7 +608,7 @@ static bool __label_replace(struct aa_label *old, struct aa_label *new) AA_BUG(!ls); AA_BUG(!old); AA_BUG(!new); - AA_BUG(!write_is_locked(&ls->lock)); + lockdep_assert_held_exclusive(&ls->lock); AA_BUG(new->flags & FLAG_IN_TREE); if (!label_is_stale(old)) @@ -645,7 +645,7 @@ static struct aa_label *__label_insert(struct aa_labelset *ls, AA_BUG(!ls); AA_BUG(!label); AA_BUG(labels_set(label) != ls); - AA_BUG(!write_is_locked(&ls->lock)); + lockdep_assert_held_exclusive(&ls->lock); AA_BUG(label->flags & FLAG_IN_TREE); /* Figure out where to put new node */