Re: [PATCH] apparmor: use per file locks for transactional queries
From: John Johansen <john.johansen@canonical.com>
Date: 2021-07-30 23:25:04
Also in:
lkml
On 7/29/21 10:23 PM, Hamza Mahfooz wrote:
As made mention of in commit 1dea3b41e84c5 ("apparmor: speed up
transactional queries"), a single lock is currently used to synchronize
transactional queries. We can, use the lock allocated for each file by
VFS instead.
Signed-off-by: Hamza Mahfooz <redacted>Acked-by: John Johansen <john.johansen@canonical.com> I'll pull this into my tree asap
quoted hunk ↗ jump to hunk
--- security/apparmor/apparmorfs.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-)diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c index 2ee3b3d29f10..c0b626a271a0 100644 --- a/security/apparmor/apparmorfs.c +++ b/security/apparmor/apparmorfs.c@@ -812,8 +812,6 @@ struct multi_transaction { }; #define MULTI_TRANSACTION_LIMIT (PAGE_SIZE - sizeof(struct multi_transaction)) -/* TODO: replace with per file lock */ -static DEFINE_SPINLOCK(multi_transaction_lock); static void multi_transaction_kref(struct kref *kref) {@@ -847,10 +845,10 @@ static void multi_transaction_set(struct file *file, AA_BUG(n > MULTI_TRANSACTION_LIMIT); new->size = n; - spin_lock(&multi_transaction_lock); + spin_lock(&file->f_lock); old = (struct multi_transaction *) file->private_data; file->private_data = new; - spin_unlock(&multi_transaction_lock); + spin_unlock(&file->f_lock); put_multi_transaction(old); }@@ -879,9 +877,10 @@ static ssize_t multi_transaction_read(struct file *file, char __user *buf, struct multi_transaction *t; ssize_t ret; - spin_lock(&multi_transaction_lock); + spin_lock(&file->f_lock); t = get_multi_transaction(file->private_data); - spin_unlock(&multi_transaction_lock); + spin_unlock(&file->f_lock); + if (!t) return 0;