From: John Johansen <john.johansen@canonical.com>
To: David Rientjes <rientjes@google.com>
Cc: Matt Mackall <mpm@selenic.com>,
David Howells <dhowells@redhat.com>,
Miles Lane <miles.lane@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Christoph Lameter <cl@linux-foundation.org>,
Pekka Enberg <penberg@kernel.org>
Subject: Re: 3.0.0-rc2-git1 -- BUG: sleeping function called from invalid context at mm/slub.c:847
Date: Wed, 08 Jun 2011 15:12:09 -0700 [thread overview]
Message-ID: <4DEFF3B9.7070907@canonical.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1106081407440.10320@chino.kir.corp.google.com>
On 06/08/2011 02:34 PM, David Rientjes wrote:
> On Wed, 8 Jun 2011, Matt Mackall wrote:
>
>>> Not sure why this ever actually worked with apparmor if prepare_creds()
>>> does an unconditional GFP_KERNEL allocation since this codepath hasn't
>>> changed in at least a year and we're holding a spinlock from setrlimit.
>>> John?
>>
>> Probably a lack of people enabling (and using!) both apparmor and
>> might_sleep. I don't this would be caught by a randconfig boot test.
>>
>
> Right, CONFIG_DEBUG_SPINLOCK_SLEEP isn't enabled by default even though
> CONFIG_DEBUG_KERNEL is. We should probably just allow prepare_creds() to
> take a gfp_t argument just like security_prepare_creds() and change
> existing callers to use GFP_KERNEL with the exception of those using
> setrlimit where we're always holding the spinlock.
>
> Documentation/security/credentials.txt says this:
>
> To alter the current process's credentials, a function should first prepare a
> new set of credentials by calling:
>
> struct cred *prepare_creds(void);
>
> this locks current->cred_replace_mutex and then allocates and constructs a
> duplicate of the current process's credentials, returning with the mutex still
> held if successful. It returns NULL if not successful (out of memory).
>
> although that mutex doesn't exist. David, any downsides to passing the
> gfp_t into prepare_creds()?
Well it certainly isn't needed for the apparmor case, as the bug is being
triggered by how apparmor handles policy replacement, and we have a means
of handling that for atomic contexts.
next prev parent reply other threads:[~2011-06-08 22:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-08 19:02 3.0.0-rc2-git1 -- BUG: sleeping function called from invalid context at mm/slub.c:847 Miles Lane
2011-06-08 20:09 ` David Rientjes
2011-06-08 20:17 ` Matt Mackall
2011-06-08 21:34 ` David Rientjes
2011-06-08 21:57 ` Kyle Moffett
2011-06-08 22:12 ` John Johansen [this message]
2011-06-08 22:07 ` John Johansen
2011-06-08 23:47 ` [stable] " Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DEFF3B9.7070907@canonical.com \
--to=john.johansen@canonical.com \
--cc=cl@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=miles.lane@gmail.com \
--cc=mpm@selenic.com \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.