On 12/17/2019 6:44 PM, Lakshmi Ramasubramanian wrote:
The direct implication of the comment and the lock dance with the temporary list and the processed flag is that stuff can be added to the ima_keys list after you drop the mutex. Your explanation in the prior couple of emails says that nothing can be added because the ima_process_keys flag setting prevents it. If the latter is true, you can simply drop the lock after setting the flag and rely on ima_keys not changing to run it through process_buffer_measurement without needing any of the intermediate list or the processed flag. If the latter isn't true then any key added to ima_keys after the mutex is dropped is never processed. James
One more scenario needs to be taken care - that still doesn't require a temp list, but will need a local flag.
Say, two threads race to call ima_process_queued_keys(). Both find ima_process_keys flag is false. They now race to take to the lock. Only the 1st one setting the flag to true should process queued keys. -lakshmi
