From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, kernel test robot <lkp@intel.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>,
Mimi Zohar <zohar@linux.ibm.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 26/38] evm: Fix RCU list related warnings
Date: Fri, 5 Jun 2020 16:15:09 +0200 [thread overview]
Message-ID: <20200605140254.133441606@linuxfoundation.org> (raw)
In-Reply-To: <20200605140252.542768750@linuxfoundation.org>
From: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
[ Upstream commit 770f60586d2af0590be263f55fd079226313922c ]
This patch fixes the following warning and few other instances of
traversal of evm_config_xattrnames list:
[ 32.848432] =============================
[ 32.848707] WARNING: suspicious RCU usage
[ 32.848966] 5.7.0-rc1-00006-ga8d5875ce5f0b #1 Not tainted
[ 32.849308] -----------------------------
[ 32.849567] security/integrity/evm/evm_main.c:231 RCU-list traversed in non-reader section!!
Since entries are only added to the list and never deleted, use
list_for_each_entry_lockless() instead of list_for_each_entry_rcu for
traversing the list. Also, add a relevant comment in evm_secfs.c to
indicate this fact.
Reported-by: kernel test robot <lkp@intel.com>
Suggested-by: Paul E. McKenney <paulmck@kernel.org>
Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
Acked-by: Paul E. McKenney <paulmck@kernel.org> (RCU viewpoint)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/evm/evm_crypto.c | 2 +-
security/integrity/evm/evm_main.c | 4 ++--
security/integrity/evm/evm_secfs.c | 9 ++++++++-
3 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index cc826c2767a3..fbc2ee6d46fc 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -209,7 +209,7 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry,
data->hdr.length = crypto_shash_digestsize(desc->tfm);
error = -ENODATA;
- list_for_each_entry_rcu(xattr, &evm_config_xattrnames, list) {
+ list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
bool is_ima = false;
if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index f9a81b187fae..a2c393385db0 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -99,7 +99,7 @@ static int evm_find_protected_xattrs(struct dentry *dentry)
if (!(inode->i_opflags & IOP_XATTR))
return -EOPNOTSUPP;
- list_for_each_entry_rcu(xattr, &evm_config_xattrnames, list) {
+ list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
error = __vfs_getxattr(dentry, inode, xattr->name, NULL, 0);
if (error < 0) {
if (error == -ENODATA)
@@ -230,7 +230,7 @@ static int evm_protected_xattr(const char *req_xattr_name)
struct xattr_list *xattr;
namelen = strlen(req_xattr_name);
- list_for_each_entry_rcu(xattr, &evm_config_xattrnames, list) {
+ list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
if ((strlen(xattr->name) == namelen)
&& (strncmp(req_xattr_name, xattr->name, namelen) == 0)) {
found = 1;
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index c11c1f7b3ddd..0f37ef27268d 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -234,7 +234,14 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
goto out;
}
- /* Guard against races in evm_read_xattrs */
+ /*
+ * xattr_list_mutex guards against races in evm_read_xattrs().
+ * Entries are only added to the evm_config_xattrnames list
+ * and never deleted. Therefore, the list is traversed
+ * using list_for_each_entry_lockless() without holding
+ * the mutex in evm_calc_hmac_or_hash(), evm_find_protected_xattrs()
+ * and evm_protected_xattr().
+ */
mutex_lock(&xattr_list_mutex);
list_for_each_entry(tmp, &evm_config_xattrnames, list) {
if (strcmp(xattr->name, tmp->name) == 0) {
--
2.25.1
next prev parent reply other threads:[~2020-06-05 14:22 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-05 14:14 [PATCH 5.4 00/38] 5.4.45-rc1 review Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 01/38] Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 02/38] mm: Fix mremap not considering huge pmd devmap Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 03/38] HID: sony: Fix for broken buttons on DS3 USB dongles Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 04/38] HID: multitouch: enable multi-input as a quirk for some devices Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 05/38] HID: i2c-hid: add Schneider SCL142ALM to descriptor override Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 06/38] p54usb: add AirVasT USB stick device-id Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 07/38] mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 08/38] kernel/relay.c: handle alloc_percpu returning NULL in relay_open Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 09/38] mmc: fix compilation of user API Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 10/38] media: Revert "staging: imgu: Address a compiler warning on alignment" Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 11/38] media: staging: ipu3-imgu: Move alignment attribute to field Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 12/38] scsi: ufs: Release clock if DMA map fails Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 13/38] net: dsa: mt7530: set CPU port to fallback mode Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 14/38] airo: Fix read overflows sending packets Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 15/38] drm/i915: fix port checks for MST support on gen >= 11 Greg Kroah-Hartman
2020-06-05 14:14 ` [PATCH 5.4 16/38] scsi: hisi_sas: Check sas_port before using it Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 17/38] powerpc/powernv: Avoid re-registration of imc debugfs directory Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 18/38] powerpc/xmon: Restrict when kernel is locked down Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 19/38] spi: dw: use "smp_mb()" to avoid sending spi data error Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 20/38] ASoC: intel - fix the card names Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 21/38] s390/ftrace: save traced function caller Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 22/38] RDMA/qedr: Fix qpids xarray api used Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 23/38] RDMA/qedr: Fix synchronization methods and memory leaks in qedr Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 24/38] ARC: Fix ICCM & DCCM runtime size checks Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 25/38] ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT Greg Kroah-Hartman
2020-06-05 14:15 ` Greg Kroah-Hartman [this message]
2020-06-05 14:15 ` [PATCH 5.4 27/38] scsi: pm: Balance pm_only counter of request queue during system resume Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 28/38] i2c: altera: Fix race between xfer_msg and isr thread Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 29/38] io_uring: initialize ctx->sqo_wait earlier Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 30/38] x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 31/38] net: bmac: Fix read of MAC address from ROM Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 32/38] drm/edid: Add Oculus Rift S to non-desktop list Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 33/38] s390/mm: fix set_huge_pte_at() for empty ptes Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 34/38] null_blk: return error for invalid zone size Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 35/38] net/ethernet/freescale: rework quiesce/activate for ucc_geth Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 36/38] net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 37/38] selftests: mlxsw: qos_mc_aware: Specify arping timeout as an integer Greg Kroah-Hartman
2020-06-05 14:15 ` [PATCH 5.4 38/38] net: smsc911x: Fix runtime PM imbalance on error Greg Kroah-Hartman
2020-06-05 22:16 ` [PATCH 5.4 00/38] 5.4.45-rc1 review Shuah Khan
[not found] ` <20200605140252.542768750-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
2020-06-06 6:22 ` Jon Hunter
2020-06-06 6:22 ` Jon Hunter
2020-06-06 13:33 ` Guenter Roeck
2020-06-06 16:26 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200605140254.133441606@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=madhuparnabhowmik10@gmail.com \
--cc=paulmck@kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.