Stephen Smalley
2009-Aug-14 14:16 UTC
[Xen-devel] [PATCH] xen/xsm/flask: Fix sidtab locking bug
We do not need to use the _irqsave/irqrestore forms of spin locking within the sidtab in Xen''s XSM Flask module, and doing so triggers a BUG_ON() within check_lock() when we subsequently call xmalloc(). This was preventing Xen from booting with XSM/Flask enabled if built with debug=y. It appears that this broke upon the changes to xmalloc in changeset 18379:14a9a1629590. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/ss/sidtab.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/xen/xsm/flask/ss/sidtab.c b/xen/xsm/flask/ss/sidtab.c --- a/xen/xsm/flask/ss/sidtab.c +++ b/xen/xsm/flask/ss/sidtab.c @@ -17,8 +17,8 @@ #define SIDTAB_HASH(sid) (sid & SIDTAB_HASH_MASK) #define INIT_SIDTAB_LOCK(s) spin_lock_init(&s->lock) -#define SIDTAB_LOCK(s, x) spin_lock_irqsave(&s->lock, x) -#define SIDTAB_UNLOCK(s, x) spin_unlock_irqrestore(&s->lock, x) +#define SIDTAB_LOCK(s) spin_lock(&s->lock) +#define SIDTAB_UNLOCK(s) spin_unlock(&s->lock) int sidtab_init(struct sidtab *s) { @@ -216,14 +216,13 @@ { u32 sid; int ret = 0; - unsigned long flags; *out_sid = SECSID_NULL; sid = sidtab_search_context(s, context); if ( !sid ) { - SIDTAB_LOCK(s, flags); + SIDTAB_LOCK(s); /* Rescan now that we hold the lock. */ sid = sidtab_search_context(s, context); if ( sid ) @@ -239,7 +238,7 @@ if ( ret ) s->next_sid--; unlock_out: - SIDTAB_UNLOCK(s, flags); + SIDTAB_UNLOCK(s); } if ( ret ) @@ -307,21 +306,17 @@ void sidtab_set(struct sidtab *dst, struct sidtab *src) { - unsigned long flags; - - SIDTAB_LOCK(src, flags); + SIDTAB_LOCK(src); dst->htable = src->htable; dst->nel = src->nel; dst->next_sid = src->next_sid; dst->shutdown = 0; - SIDTAB_UNLOCK(src, flags); + SIDTAB_UNLOCK(src); } void sidtab_shutdown(struct sidtab *s) { - unsigned long flags; - - SIDTAB_LOCK(s, flags); + SIDTAB_LOCK(s); s->shutdown = 1; - SIDTAB_UNLOCK(s, flags); + SIDTAB_UNLOCK(s); } -- Stephen Smalley National Security Agency _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel