On Tue, Aug 16, 2022 at 3:30 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
>
> Smack passes all tests and seems perfectly content with the change.
> I can't say that the tests stress this interface.
All the security filesystems really seem to boil down to just calling
that 'proc_pident_readdir()' function with different sets of 'const
struct pid_entry' arrays.
And all that does is to make sure the pidents are filled in by that
proc_fill_cache(), which basically does a filename lookup.
And a filename lookup *already* has to be able to handle being called
in parallel, because that's how filename lookup works:
[.. miss in dcache ..]
lookup_slow ->
inode_lock_shared(dir);
__lookup_slow -> does the
inode_unlock_shared(dir);
so as long as the proc_fill_cache() handles the d_in_lookup()
situation correctly (where we serialize on one single _name_ in the
directory), that should all be good.
And proc_fill_cache() does indeed seem to handle it right - and if it
didn't, it would be fundamentally racy with regular lookups - so I
think all those security layer proc_##LSM##_attr_dir_iterate cases can
be moved over to iterate_shared with no code change.
But again, maybe there's something really subtle I'm overlooking. Or
maybe not something subtle at all, and I'm just missing a big honking
issue.
Linus
