[Xen-devel] [PATCH] xen/xsm/flask: Fix sidtab locking bug

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] [PATCH] xen/xsm/flask: Fix sidtab locking bug
From:	Stephen Smalley <sds@xxxxxxxxxxxxx>
Date:	Fri, 14 Aug 2009 10:16:18 -0400
Cc:	"George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Delivery-date:	Fri, 14 Aug 2009 07:13:38 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization:	National Security Agency
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

We do not need to use the _irqsave/irqrestore forms of spin locking
within the sidtab in Xen's XSM Flask module, and doing so triggers a BUG_ON()
within check_lock() when we subsequently call xmalloc().  This was preventing 
Xen from booting with XSM/Flask enabled if built with debug=y.   It appears 
that this broke upon the changes to xmalloc in changeset 18379:14a9a1629590.

Signed-off-by: Stephen D. Smalley <sds@xxxxxxxxxxxxx>
Signed-off-by: George S. Coker, II <gscoker@xxxxxxxxxxxxxx>

---

 xen/xsm/flask/ss/sidtab.c |   21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/xen/xsm/flask/ss/sidtab.c b/xen/xsm/flask/ss/sidtab.c
--- a/xen/xsm/flask/ss/sidtab.c
+++ b/xen/xsm/flask/ss/sidtab.c
@@ -17,8 +17,8 @@
 #define SIDTAB_HASH(sid) (sid & SIDTAB_HASH_MASK)
 
 #define INIT_SIDTAB_LOCK(s) spin_lock_init(&s->lock)
-#define SIDTAB_LOCK(s, x) spin_lock_irqsave(&s->lock, x)
-#define SIDTAB_UNLOCK(s, x) spin_unlock_irqrestore(&s->lock, x)
+#define SIDTAB_LOCK(s) spin_lock(&s->lock)
+#define SIDTAB_UNLOCK(s) spin_unlock(&s->lock)
 
 int sidtab_init(struct sidtab *s)
 {
@@ -216,14 +216,13 @@
 {
     u32 sid;
     int ret = 0;
-    unsigned long flags;
 
     *out_sid = SECSID_NULL;
 
     sid = sidtab_search_context(s, context);
     if ( !sid )
     {
-        SIDTAB_LOCK(s, flags);
+        SIDTAB_LOCK(s);
         /* Rescan now that we hold the lock. */
         sid = sidtab_search_context(s, context);
         if ( sid )
@@ -239,7 +238,7 @@
         if ( ret )
             s->next_sid--;
 unlock_out:
-        SIDTAB_UNLOCK(s, flags);
+        SIDTAB_UNLOCK(s);
     }
 
     if ( ret )
@@ -307,21 +306,17 @@
 
 void sidtab_set(struct sidtab *dst, struct sidtab *src)
 {
-    unsigned long flags;
-
-    SIDTAB_LOCK(src, flags);
+    SIDTAB_LOCK(src);
     dst->htable = src->htable;
     dst->nel = src->nel;
     dst->next_sid = src->next_sid;
     dst->shutdown = 0;
-    SIDTAB_UNLOCK(src, flags);
+    SIDTAB_UNLOCK(src);
 }
 
 void sidtab_shutdown(struct sidtab *s)
 {
-    unsigned long flags;
-
-    SIDTAB_LOCK(s, flags);
+    SIDTAB_LOCK(s);
     s->shutdown = 1;
-    SIDTAB_UNLOCK(s, flags);
+    SIDTAB_UNLOCK(s);
 }

-- 
Stephen Smalley
National Security Agency


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] [PATCH] xen/xsm/flask: Fix sidtab locking bug