From: Casey Schaufler <casey@schaufler-ca.com>
To: Andi Kleen <andi@firstfloor.org>
Cc: jmorris@namei.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Andi Kleen <ak@linux.intel.com>
Subject: Re: [PATCH] SMACK: Add missing rcu_read_lock/unlock for process capability walk.
Date: Wed, 20 Apr 2011 15:51:41 -0700 [thread overview]
Message-ID: <4DAF637D.90606@schaufler-ca.com> (raw)
In-Reply-To: <1303336844-31074-1-git-send-email-andi@firstfloor.org>
On 4/20/2011 3:00 PM, Andi Kleen wrote:
> From: Andi Kleen <ak@linux.intel.com>
>
> smk_access_entry does a RCU list walk for a list shared with other
> threads. It relies on the caller doing rcu_read_lock().
> One caller forgot to do to this, which could lead to races
> on preemptible kernels.
>
> Move the rcu_read_lock() into smk_access_entry instead.
Nacked-by: Casey Schaufler <casey@schaufler-ca.com>
The lock was moved out of smk_access_entry in support of the
processing done in the smack_mmap_file() hook. Where do you see
a potential race, and which caller "forgot" to do the lock?
Thank you.
> Signed-off-by: Andi Kleen <ak@linux.intel.com>
> ---
> security/smack/smack_access.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
> index 7b0d3b3..43b20f3 100644
> --- a/security/smack/smack_access.c
> +++ b/security/smack/smack_access.c
> @@ -92,6 +92,7 @@ int smk_access_entry(char *subject_label, char *object_label,
> int may = -ENOENT;
> struct smack_rule *srp;
>
> + rcu_read_lock();
> list_for_each_entry_rcu(srp, rule_list, list) {
> if (srp->smk_subject == subject_label ||
> strcmp(srp->smk_subject, subject_label) == 0) {
> @@ -102,6 +103,7 @@ int smk_access_entry(char *subject_label, char *object_label,
> }
> }
> }
> + rcu_read_unlock();
>
> return may;
> }
> @@ -184,9 +186,7 @@ int smk_access_flags(char *subject_label, char *object_label, int request,
> * good. A negative response from smk_access_entry()
> * indicates there is no entry for this pair.
> */
> - rcu_read_lock();
> may = smk_access_entry(subject_label, object_label, &smack_rule_list);
> - rcu_read_unlock();
>
> if (may > 0 && (request & may) == request)
> goto out_audit;
next prev parent reply other threads:[~2011-04-20 22:51 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-20 22:00 [PATCH] SMACK: Add missing rcu_read_lock/unlock for process capability walk Andi Kleen
2011-04-20 22:51 ` Casey Schaufler [this message]
2011-04-20 23:18 ` Andi Kleen
2011-04-20 23:43 ` Casey Schaufler
2011-04-21 0:08 ` Andi Kleen
2011-04-21 0:47 ` Casey Schaufler
2011-04-21 15:58 ` Andi Kleen
2011-04-22 3:55 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DAF637D.90606@schaufler-ca.com \
--to=casey@schaufler-ca.com \
--cc=ak@linux.intel.com \
--cc=andi@firstfloor.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.