From mboxrd@z Thu Jan 1 00:00:00 1970 From: Al Viro Subject: Re: [PATCH 04/13] security/selinux: check for LOOKUP_RCU in _follow_link. Date: Mon, 16 Mar 2015 21:00:35 +0000 Message-ID: <20150316210035.GC29656@ZenIV.linux.org.uk> References: <20150316043602.23648.52734.stgit@notabene.brown> <20150316044319.23648.82820.stgit@notabene.brown> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org To: NeilBrown Return-path: Received: from zeniv.linux.org.uk ([195.92.253.2]:34310 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752450AbbCPVAg (ORCPT ); Mon, 16 Mar 2015 17:00:36 -0400 Content-Disposition: inline In-Reply-To: <20150316044319.23648.82820.stgit@notabene.brown> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Mon, Mar 16, 2015 at 03:43:19PM +1100, NeilBrown wrote: > Some of dentry_has_perm() is not rcu-safe, so if LOOKUP_RCU > is set in selinux_inode_follow_link(), give up with > -ECHILD. > > It is possible that dentry_has_perm could sometimes complete > in RCU more, in which case the flag could be propagated further > down the stack... It bloody well can. Expand it a bit and you'll see - the nastiness comes from avc_audit() doing return slow_avc_audit(ssid, tsid, tclass, requested, audited, denied, result, a, 0); and passing that 0 to slow_avc_audit(). Pass it MAY_NOT_BLOCK instead and it'll bugger off with -ECHILD in blocking case. Call chain is dentry_has_perm -> inode_has_perm -> avc_has_perm -> avc_audit. Expand those (including avc_audit()) and make slow_avc_audit() get flags & LOOKUP_RCU ? MAY_NOT_BLOCK : 0.