On 12/12/19 5:55 PM, Mimi Zohar wrote:
+/*
+ * ima_process_queued_keys() - process keys queued for measurement
+ *
+ * This function sets ima_process_keys to true and processes queued keys.
+ * From here on keys will be processed right away (not queued).
+ */
+void ima_process_queued_keys(void)
+{
+ struct ima_key_entry *entry, *tmp;
+ LIST_HEAD(temp_ima_keys);
+
+ if (ima_process_keys)
+ return;
+
+ /*
+ * To avoid holding the mutex when processing queued keys,
+ * transfer the queued keys with the mutex held to a temp list,
+ * release the mutex, and then process the queued keys from
+ * the temp list.
+ *
+ * Since ima_process_keys is set to true, any new key will be
+ * processed immediately and not be queued.
+ */
+ INIT_LIST_HEAD(&temp_ima_keys);
+
+ mutex_lock(&ima_keys_mutex);
Don't you need a test here, before setting ima_process_keys?
if (ima_process_keys)
return;
Mimi
That check is done before the comment - at the start of
ima_process_queued_keys().
+void ima_process_queued_keys(void)
+{
+ struct ima_key_entry *entry, *tmp;
+ LIST_HEAD(temp_ima_keys);
+
+ if (ima_process_keys)
+ return;
thanks,
-lakshmi
