On 12/12/2019 6:32 PM, Mimi Zohar wrote:
Don't you need a test here, before setting ima_process_keys?
if (ima_process_keys)
return;
Mimi
That check is done before the comment - at the start of
ima_process_queued_keys().
The first test prevents taking the mutex unnecessarily.
Mimi
I am trying to understand your concern here. Could you please clarify?
=> If ima_process_keys is false
-> With the mutex held, should check ima_process_keys again
before setting?
Let's say 2 or more threads are racing in calling ima_process_queued_keys():
The 1st one will set ima_process_keys and process queued keys.
The 2nd and subsequent ones - even if they have gone past the initial
check, will find an empty list of keys (the list "ima_keys") when they
take the mutex. So they'll not process any keys.
thanks,
-lakshmi
