SMP Issues

As of version 2.0, Linux kernel supports Symmetric Multi Processing (SMP) allowing processes to run in kernel mode in parallel on different processors. To avoid race conditions on shared kernel data, Linux kernel provides a set of SMP specific lock data types and corresponding locking primitives. All LinSec shared data structures are implemented in a SMP safe manner by making use of the Linux SMP features. In particular, to enable capability revocation (Subsection 5.8.6) and access domain revocation (Subsection 5.9.4), linsec_usr structure contains a set of, so called, spinlocks, that are used to protect relevant portions of the structure as they are being updated. There is no need for the similar mechanism to be implemented for linsec_task as its contents are only used for read operations once they are created.