From: Al Viro <viro@ZenIV.linux.org.uk>
To: NeilBrown <neilb@suse.de>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 04/13] security/selinux: check for LOOKUP_RCU in _follow_link.
Date: Fri, 20 Mar 2015 05:12:24 +0000 [thread overview]
Message-ID: <20150320051224.GV29656@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20150320153930.1f180e06@notabene.brown>
On Fri, Mar 20, 2015 at 03:39:30PM +1100, NeilBrown wrote:
> rcu_read_unlock();
> security_compute_av(ssid, tsid, tclass, avd);
> rcu_read_lock();
>
> (yes: unlock, and then lock).
>
> so avc_has_perm_noaudit needs to bail out of RCU-walk if node turns out to be
> NULL.
NFI, but since
a) the guts of security_compute_av() are under rwlock (shared),
I rather doubt that it could e.g. block
b) avc_has_perm_noaudit() is called from selinux_inode_permission(),
which is called inside RCU-walk - it's hit on selinux setups in every
successful inode_permission()
I'd say that it's no worse than it already was. AFAICS, it's a slowpath and
we don't want to hold rcu_read_lock() over it to avoid stalls, but if the
caller of avc_has_perm_noaudit() used to want rcu_read_lock(), well, we'll
just risks stalls
next prev parent reply other threads:[~2015-03-20 5:12 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-16 4:43 [PATCH 00/13] Support follow_link in RCU-walk. - V2 NeilBrown
2015-03-16 4:43 ` [PATCH 02/13] VFS: make all ->follow_link handlers aware for LOOKUP_RCU NeilBrown
2015-03-16 4:43 ` [PATCH 04/13] security/selinux: check for LOOKUP_RCU in _follow_link NeilBrown
2015-03-16 21:00 ` Al Viro
2015-03-20 4:39 ` NeilBrown
2015-03-20 5:12 ` Al Viro [this message]
2015-03-16 4:43 ` [PATCH 01/13] VFS: replace {, total_}link_count in task_struct with pointer to nameidata NeilBrown
2015-03-16 19:46 ` Al Viro
2015-03-16 4:43 ` [PATCH 03/13] VFS: remove nameidata args from ->follow_link and ->put_link NeilBrown
2015-03-16 20:47 ` Al Viro
2015-03-16 4:43 ` [PATCH 12/13] XFS: allow follow_link to often succeed in RCU-walk NeilBrown
2015-03-16 22:37 ` Al Viro
2015-03-16 4:43 ` [PATCH 08/13] VFS/namei: enhance follow_link to support RCU-walk NeilBrown
2015-03-16 4:43 ` [PATCH 06/13] VFS/namei: new flag to support RCU symlinks: LOOKUP_LINK_RCU NeilBrown
2015-03-16 22:33 ` Al Viro
2015-03-17 0:59 ` Al Viro
2015-03-16 4:43 ` [PATCH 13/13] NFS: support LOOKUP_RCU in nfs_follow_link NeilBrown
2015-03-16 4:43 ` [PATCH 09/13] VFS/namei: enable RCU-walk when following symlinks NeilBrown
2015-03-16 22:44 ` Al Viro
2015-03-16 4:43 ` [PATCH 05/13] VFS/namei: use terminate_walk when symlink lookup fails NeilBrown
2015-03-16 4:43 ` [PATCH 10/13] VFS/namei: handle LOOKUP_RCU in page_follow_link_light NeilBrown
2015-03-16 22:50 ` Al Viro
2015-03-19 22:38 ` NeilBrown
2015-03-19 23:46 ` Al Viro
2015-03-16 4:43 ` [PATCH 11/13] xfs: use RCU to free 'struct xfs_mount' NeilBrown
2015-03-16 4:43 ` [PATCH 07/13] VFS/namei: abort RCU-walk on symlink if atime needs updating NeilBrown
2015-03-16 19:14 ` [PATCH 00/13] Support follow_link in RCU-walk. - V2 Al Viro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150320051224.GV29656@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.