From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Fri, 27 May 2016 20:37:41 +0100 From: Al Viro To: Casey Schaufler Cc: Seung-Woo Kim , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, jh80.chung@sungmsung.com, cw00.choi@samsung.com, Linus Torvalds Subject: Re: [BUG] Panic when systemd boot do mkdir on tmpfs mounted path with smack enabled environment Message-ID: <20160527193741.GR14480@ZenIV.linux.org.uk> References: <001301d1b808$31a437f0$94eca7d0$@samsung.com> <20160527151141.GO14480@ZenIV.linux.org.uk> <20160527185150.GP14480@ZenIV.linux.org.uk> <9f2efc48-1778-d850-8bc3-a8ce77d6cdd7@schaufler-ca.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9f2efc48-1778-d850-8bc3-a8ce77d6cdd7@schaufler-ca.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: On Fri, May 27, 2016 at 12:03:37PM -0700, Casey Schaufler wrote: > I haven't actually seen the problem, but I've been having > real trouble getting a systemd configuration working properly. > The quickest validation will probably be coming from Seung-Woo Kim, > who reported the issue initially. I am working to verify both the > problem and the fix. To trigger it you need to end up in smack_d_instantiate() for a directory that had SMK_INODE_CHANGED set in smack_inode_init_security(). IOW, smk_inode_transmutable() being true for its parent and smk_access_entry() for that parent returning something with MAY_TRANSMUTE in it. I'm not familiar enough with smack guts to put together a reproducer, but *ANY* call of ->setxattr() from smack_d_instantiate() on xattr-supporting filesystem will blow up in the mainline. At that point dentry still has NULL ->d_inode, so ->setxattr() instances are going to oops as soon as they try to do anything with the inode. All it takes is getting to that method call.