thr3ads.net - Xen devel - [Xen-devel] [PATCH] xen/xsm/flask: Fix sidtab locking bug [Aug 2009]

If this information is useful, please help other people find it:
Share via:

Stephen Smalley

2009-Aug-14 14:16 UTC

[Xen-devel] [PATCH] xen/xsm/flask: Fix sidtab locking bug

We do not need to use the _irqsave/irqrestore forms of spin locking
within the sidtab in Xen''s XSM Flask module, and doing so triggers a
BUG_ON()
within check_lock() when we subsequently call xmalloc().  This was preventing 
Xen from booting with XSM/Flask enabled if built with debug=y.   It appears 
that this broke upon the changes to xmalloc in changeset 18379:14a9a1629590.

Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>

---

 xen/xsm/flask/ss/sidtab.c |   21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/xen/xsm/flask/ss/sidtab.c b/xen/xsm/flask/ss/sidtab.c
--- a/xen/xsm/flask/ss/sidtab.c
+++ b/xen/xsm/flask/ss/sidtab.c
@@ -17,8 +17,8 @@
 #define SIDTAB_HASH(sid) (sid & SIDTAB_HASH_MASK)
 
 #define INIT_SIDTAB_LOCK(s) spin_lock_init(&s->lock)
-#define SIDTAB_LOCK(s, x) spin_lock_irqsave(&s->lock, x)
-#define SIDTAB_UNLOCK(s, x) spin_unlock_irqrestore(&s->lock, x)
+#define SIDTAB_LOCK(s) spin_lock(&s->lock)
+#define SIDTAB_UNLOCK(s) spin_unlock(&s->lock)
 
 int sidtab_init(struct sidtab *s)
 {
@@ -216,14 +216,13 @@
 {
     u32 sid;
     int ret = 0;
-    unsigned long flags;
 
     *out_sid = SECSID_NULL;
 
     sid = sidtab_search_context(s, context);
     if ( !sid )
     {
-        SIDTAB_LOCK(s, flags);
+        SIDTAB_LOCK(s);
         /* Rescan now that we hold the lock. */
         sid = sidtab_search_context(s, context);
         if ( sid )
@@ -239,7 +238,7 @@
         if ( ret )
             s->next_sid--;
 unlock_out:
-        SIDTAB_UNLOCK(s, flags);
+        SIDTAB_UNLOCK(s);
     }
 
     if ( ret )
@@ -307,21 +306,17 @@
 
 void sidtab_set(struct sidtab *dst, struct sidtab *src)
 {
-    unsigned long flags;
-
-    SIDTAB_LOCK(src, flags);
+    SIDTAB_LOCK(src);
     dst->htable = src->htable;
     dst->nel = src->nel;
     dst->next_sid = src->next_sid;
     dst->shutdown = 0;
-    SIDTAB_UNLOCK(src, flags);
+    SIDTAB_UNLOCK(src);
 }
 
 void sidtab_shutdown(struct sidtab *s)
 {
-    unsigned long flags;
-
-    SIDTAB_LOCK(s, flags);
+    SIDTAB_LOCK(s);
     s->shutdown = 1;
-    SIDTAB_UNLOCK(s, flags);
+    SIDTAB_UNLOCK(s);
 }

-- 
Stephen Smalley
National Security Agency


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Xen devel - Aug 2009 - [PATCH] xen/xsm/flask: Fix sidtab locking bug

[Xen-devel] [PATCH] xen/xsm/flask: Fix sidtab locking bug