From mboxrd@z Thu Jan  1 00:00:00 1970
From: Toshiharu Harada <haradats@nttdata.co.jp>
Subject: Re: Problem with accessing namespace_sem from LSM.
Date: Tue, 06 Nov 2007 16:18:21 +0900
Message-ID: <4730153D.6040200@nttdata.co.jp>
References: <200711060400.lA640fuE078356@www262.sakura.ne.jp> <20071105201126.6b58bbd1@laptopd505.fenrus.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	crispin@crispincowan.com
To: Arjan van de Ven <arjan@infradead.org>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <20071105201126.6b58bbd1@laptopd505.fenrus.org>
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On 11/6/2007 1:11 PM, Arjan van de Ven wrote:
> On Tue, 06 Nov 2007 13:00:41 +0900
> Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote:
> 
>> Hello.
>>
>> I found that accessing namespace_sem from security_inode_create()
>> causes lockdep warning when compiled with CONFIG_PROVE_LOCKING=y .
> 
> sounds like you have an AB-BA deadlock...

sed /you/AppArmor shipped with OpenSuSE 10.1 and 10.2/ :)

Though I don't think this deadlock should occur quite often,
it occurs when it occurs. Care should be taken promptly.
There should be no way around for this problem as its nature.
Passing vfsmount parameter to VFS helper functions and
LSM hooks seems to be a good choice to me.

Cheers,
Toshiharu Harada