From: Ingo Molnar <mingo@elte.hu>
To: Andrew Morton <akpm@osdl.org>
Cc: "Adam J. Richter" <adam@yggdrasil.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
Paul Moore <paul.moore@hp.com>,
Linus Torvalds <torvalds@osdl.org>
Subject: [patch] selinux: fix selinux_netlbl_inode_permission() locking
Date: Tue, 2 Jan 2007 21:09:31 +0100 [thread overview]
Message-ID: <20070102200931.GA25789@elte.hu> (raw)
In-Reply-To: <20061224162511.eaac4a89.akpm@osdl.org>
* Andrew Morton <akpm@osdl.org> wrote:
> There's a glaring bug in selinux_netlbl_inode_permission() - taking
> lock_sock() inside rcu_read_lock().
Note that the bug is still in -rc3, and is easily triggerable via a
default FC6 bootup. It's fixed by the (slightly modified) patch from
Parag Warudkar below that i have in the -rt tree.
Note that this bug became visible due to the recent __resched_legal()
fix, which bug made most of our atomicity debugging checks ineffective.
About half a dozen separate atomicity bugs triggered in -rt when i fixed
the __resched_legal() bug, so i'd expect some more to trigger upstream
too.
Ingo
------------------------>
Subject: [patch] selinux: fix selinux_netlbl_inode_permission() locking
From: Parag Warudkar <paragw@paragw.zapto.org>
do not call a sleeping lock API in an RCU read section.
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() needs to use the BH counterpart
unconditionally.
Compile tested.
From: Ingo Molnar <mingo@elte.hu>
added BH disabling, because this function can be called from non-atomic
contexts too, so a naked bh_lock_sock() would be deadlock-prone.
Boot-tested the resulting kernel.
Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
security/selinux/ss/services.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
Index: linux/security/selinux/ss/services.c
===================================================================
--- linux.orig/security/selinux/ss/services.c
+++ linux/security/selinux/ss/services.c
@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(stru
rcu_read_unlock();
return 0;
}
- lock_sock(sock->sk);
+ local_bh_disable();
+ bh_lock_sock_nested(sock->sk);
rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
- release_sock(sock->sk);
+ bh_unlock_sock(sock->sk);
+ local_bh_enable();
rcu_read_unlock();
return rc;
next prev parent reply other threads:[~2007-01-02 20:13 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-24 21:21 selinux networking: sleeping functin called from invalid context in 2.6.20-rc[12] Adam J. Richter
2006-12-25 0:15 ` Parag Warudkar
2006-12-25 0:25 ` Andrew Morton
2007-01-02 7:58 ` Adam J. Richter
2007-01-02 21:25 ` Paul Moore
2007-01-02 23:37 ` David Miller
2007-01-03 20:46 ` Paul Moore
2007-01-02 20:09 ` Ingo Molnar [this message]
2007-01-02 21:14 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070102200931.GA25789@elte.hu \
--to=mingo@elte.hu \
--cc=adam@yggdrasil.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=paul.moore@hp.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.