From: Waiman Long <waiman.long@hp.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Scott J Norton <scott.norton@hp.com>
Subject: Re: [PATCH] selinux: no recursive read_lock of policy_rwlock in security_genfs_sid()
Date: Fri, 20 Jun 2014 19:37:18 -0400 [thread overview]
Message-ID: <53A4C5AE.9020209@hp.com> (raw)
In-Reply-To: <53A4742E.1090909@tycho.nsa.gov>
On 06/20/2014 01:49 PM, Stephen Smalley wrote:
> On 06/20/2014 01:45 PM, Waiman Long wrote:
>> With introduction of fair queued rwlock, recursive read_lock() may hang
>> the offending process if there is a write_lock() somewhere in between.
>>
>> With recursive read_lock checking enabled, the following error was
>> reported:
>>
>> =============================================
>> [ INFO: possible recursive locking detected ]
>> 3.16.0-rc1 #2 Tainted: G E
>> ---------------------------------------------
>> load_policy/708 is trying to acquire lock:
>> (policy_rwlock){.+.+..}, at: [<ffffffff8125b32a>] security_genfs_sid+0x3a/0x170
>>
>> but task is already holding lock:
>> (policy_rwlock){.+.+..}, at: [<ffffffff8125b48c>] security_fs_use+0x2c/0x110
>>
>> other info that might help us debug this:
>> Possible unsafe locking scenario:
>>
>> CPU0
>> ----
>> lock(policy_rwlock);
>> lock(policy_rwlock);
>>
>> This patch fixes the occurrence of recursive read_lock() of
>> policy_rwlock in security_genfs_sid() by adding a 5th argument to
>> indicate if the rwlock has been taken.
>>
>> Signed-off-by: Waiman Long<Waiman.Long@hp.com>
> Thanks, but I'd prefer to instead create a static helper function in
> services.c that does not take the lock at all, use that function from
> security_fs_use, and leave the extern function unmodified.
On second thought, this is exactly what I want to change the patch. I
will send out a new one later today.
-Longman
prev parent reply other threads:[~2014-06-20 23:37 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-20 17:45 [PATCH] selinux: no recursive read_lock of policy_rwlock in security_genfs_sid() Waiman Long
2014-06-20 17:49 ` Stephen Smalley
2014-06-20 23:37 ` Waiman Long [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53A4C5AE.9020209@hp.com \
--to=waiman.long@hp.com \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=scott.norton@hp.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.