[PATCH-selinuxns] selinux: Annotate lockdep for services locks

[PATCH-selinuxns] selinux: Annotate lockdep for services locks

[Peter Enderborg]

The locks are moved to dynamic allocation, we need to
help the lockdep system to classify the locks.
This adds to lockdep annotation for the page mutex and
for the ss lock.
---
 security/selinux/ss/services.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index abc5383..ba463c0 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -70,6 +70,9 @@
 #include "ebitmap.h"
 #include "audit.h"
 
+static struct lock_class_key selinux_ss_class_key;
+static struct lock_class_key selinux_status_class_key;
+
 /* Policy capability names */
 char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
 	"network_peer_controls",
@@ -88,7 +91,9 @@ int selinux_ss_create(struct selinux_ss **ss)
 	if (!newss)
 		return -ENOMEM;
 	rwlock_init(&newss->policy_rwlock);
+	lockdep_set_class(&newss->policy_rwlock, &selinux_ss_class_key);
 	mutex_init(&newss->status_lock);
+	lockdep_set_class(&newss->status_lock, &selinux_status_class_key);
 	*ss = newss;
 	return 0;
 }
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH-selinuxns] selinux: Annotate lockdep for services locks

[Stephen Smalley]

On Fri, 2018-02-02 at 09:05 +0100, Peter Enderborg wrote:
> The locks are moved to dynamic allocation, we need to
> help the lockdep system to classify the locks.
> This adds to lockdep annotation for the page mutex and
> for the ss lock.

Thanks, but missing a Signed-off-by: line.  Also, just to be clear, you
shouldn't re-base your work on top of the entire selinuxns branch,
since I only expect the first few patches to be mergeable in the near
term.

I also will need to re-base again when the selinux next branch moves to
something 4.15-based, including fixing up the bpf hooks that were
introduced there.

> ---
>  security/selinux/ss/services.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/security/selinux/ss/services.c
> b/security/selinux/ss/services.c
> index abc5383..ba463c0 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -70,6 +70,9 @@
>  #include "ebitmap.h"
>  #include "audit.h"
>  
> +static struct lock_class_key selinux_ss_class_key;
> +static struct lock_class_key selinux_status_class_key;
> +
>  /* Policy capability names */
>  char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
>  	"network_peer_controls",
> @@ -88,7 +91,9 @@ int selinux_ss_create(struct selinux_ss **ss)
>  	if (!newss)
>  		return -ENOMEM;
>  	rwlock_init(&newss->policy_rwlock);
> +	lockdep_set_class(&newss->policy_rwlock,
> &selinux_ss_class_key);
>  	mutex_init(&newss->status_lock);
> +	lockdep_set_class(&newss->status_lock,
> &selinux_status_class_key);
>  	*ss = newss;
>  	return 0;
>  }
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH-selinuxns] selinux: Annotate lockdep for services locks

[Peter Enderborg]

The locks are moved to dynamic allocation, we need to
help the lockdep system to classify the locks.
This adds to lockdep annotation for the page mutex and
for the ss lock.

Signed-off-by: Peter Enderborg <peter.enderborg@sony.com>
---
 security/selinux/ss/services.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index abc5383..ba463c0 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -70,6 +70,9 @@
 #include "ebitmap.h"
 #include "audit.h"
 
+static struct lock_class_key selinux_ss_class_key;
+static struct lock_class_key selinux_status_class_key;
+
 /* Policy capability names */
 char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
 	"network_peer_controls",
@@ -88,7 +91,9 @@ int selinux_ss_create(struct selinux_ss **ss)
 	if (!newss)
 		return -ENOMEM;
 	rwlock_init(&newss->policy_rwlock);
+	lockdep_set_class(&newss->policy_rwlock, &selinux_ss_class_key);
 	mutex_init(&newss->status_lock);
+	lockdep_set_class(&newss->status_lock, &selinux_status_class_key);
 	*ss = newss;
 	return 0;
 }
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH-selinuxns] selinux: Annotate lockdep for services locks

[peter enderborg]

Resent with sign-off.
If you pick the patches that use the dynamic allocation of locks you can pick it.
The patches for the annotation does not apply for the selinux-next at the moment
so have to be for selinuxns.
I will send the patches to pauls next tree. Im abit confused on when that is
appropriate. Obviously there will be collisions with the namespace, but
the patches also solves few of my prerequisite topics.


On 02/02/2018 03:10 PM, Stephen Smalley wrote:
> On Fri, 2018-02-02 at 09:05 +0100, Peter Enderborg wrote:
>> The locks are moved to dynamic allocation, we need to
>> help the lockdep system to classify the locks.
>> This adds to lockdep annotation for the page mutex and
>> for the ss lock.
> Thanks, but missing a Signed-off-by: line.  Also, just to be clear, you
> shouldn't re-base your work on top of the entire selinuxns branch,
> since I only expect the first few patches to be mergeable in the near
> term.
>
> I also will need to re-base again when the selinux next branch moves to
> something 4.15-based, including fixing up the bpf hooks that were
> introduced there.
>
>> ---
>>  security/selinux/ss/services.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/security/selinux/ss/services.c
>> b/security/selinux/ss/services.c
>> index abc5383..ba463c0 100644
>> --- a/security/selinux/ss/services.c
>> +++ b/security/selinux/ss/services.c
>> @@ -70,6 +70,9 @@
>>  #include "ebitmap.h"
>>  #include "audit.h"
>>  
>> +static struct lock_class_key selinux_ss_class_key;
>> +static struct lock_class_key selinux_status_class_key;
>> +
>>  /* Policy capability names */
>>  char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
>>  	"network_peer_controls",
>> @@ -88,7 +91,9 @@ int selinux_ss_create(struct selinux_ss **ss)
>>  	if (!newss)
>>  		return -ENOMEM;
>>  	rwlock_init(&newss->policy_rwlock);
>> +	lockdep_set_class(&newss->policy_rwlock,
>> &selinux_ss_class_key);
>>  	mutex_init(&newss->status_lock);
>> +	lockdep_set_class(&newss->status_lock,
>> &selinux_status_class_key);
>>  	*ss = newss;
>>  	return 0;
>>  }


--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH-selinuxns] selinux: Annotate lockdep for services locks

[Stephen Smalley]

On Fri, 2018-02-02 at 15:40 +0100, peter enderborg wrote:
> Resent with sign-off.
> If you pick the patches that use the dynamic allocation of locks you
> can pick it.
> The patches for the annotation does not apply for the selinux-next at
> the moment
> so have to be for selinuxns.
> I will send the patches to pauls next tree. Im abit confused on when
> that is
> appropriate. Obviously there will be collisions with the namespace,
> but
> the patches also solves few of my prerequisite topics.

FWIW, I created a selinuxns-base branch with just my first three
commits and your commit (immediately after my first one, since it
doesn't depend on the other ones), based on current selinux/next.  My
first three commits are the ones that are purely restructuring and do
not have any effect on SELinux behavior or APIs (userspace or LSM
hooks, obviously SELinux-internal interfaces do change).  My fourth
commit on the selinuxns branch ("netns,selinux: create the selinux
netlink socket per network namespace") could perhaps also be added but
that one might be more controversial since it does change existing
SELinux behavior (although arguably the current behavior is wrong) and
in any event I don't think it has any impact on your patches. You can
probably base your work on top of selinuxns-base until those are either
flushed to selinux/next or definitively rejected, although obviously
they may have to change in response to review comments.  That branch
will however get re-based when selinux/next is re-based (to something
4.15 based).

> 
> 
> On 02/02/2018 03:10 PM, Stephen Smalley wrote:
> > On Fri, 2018-02-02 at 09:05 +0100, Peter Enderborg wrote:
> > > The locks are moved to dynamic allocation, we need to
> > > help the lockdep system to classify the locks.
> > > This adds to lockdep annotation for the page mutex and
> > > for the ss lock.
> > 
> > Thanks, but missing a Signed-off-by: line.  Also, just to be clear,
> > you
> > shouldn't re-base your work on top of the entire selinuxns branch,
> > since I only expect the first few patches to be mergeable in the
> > near
> > term.
> > 
> > I also will need to re-base again when the selinux next branch
> > moves to
> > something 4.15-based, including fixing up the bpf hooks that were
> > introduced there.
> > 
> > > ---
> > >  security/selinux/ss/services.c | 5 +++++
> > >  1 file changed, 5 insertions(+)
> > > 
> > > diff --git a/security/selinux/ss/services.c
> > > b/security/selinux/ss/services.c
> > > index abc5383..ba463c0 100644
> > > --- a/security/selinux/ss/services.c
> > > +++ b/security/selinux/ss/services.c
> > > @@ -70,6 +70,9 @@
> > >  #include "ebitmap.h"
> > >  #include "audit.h"
> > >  
> > > +static struct lock_class_key selinux_ss_class_key;
> > > +static struct lock_class_key selinux_status_class_key;
> > > +
> > >  /* Policy capability names */
> > >  char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
> > >  	"network_peer_controls",
> > > @@ -88,7 +91,9 @@ int selinux_ss_create(struct selinux_ss **ss)
> > >  	if (!newss)
> > >  		return -ENOMEM;
> > >  	rwlock_init(&newss->policy_rwlock);
> > > +	lockdep_set_class(&newss->policy_rwlock,
> > > &selinux_ss_class_key);
> > >  	mutex_init(&newss->status_lock);
> > > +	lockdep_set_class(&newss->status_lock,
> > > &selinux_status_class_key);
> > >  	*ss = newss;
> > >  	return 0;
> > >  }
> 
> 
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH-selinuxns] selinux: Annotate lockdep for services locks

[Paul Moore]

On Fri, Feb 2, 2018 at 9:40 AM, peter enderborg
<peter.enderborg@sony.com> wrote:
> I will send the patches to pauls next tree. Im abit confused on when that is
> appropriate. Obviously there will be collisions with the namespace, but
> the patches also solves few of my prerequisite topics.

In an effort to clear up any confusion, here is the tentative plan ...
While I generally try to avoid rebasing the selinux/next branch, there
are a few things that we probably want to pull in from Linus' tree, so
after the merge window closes (I expect that to happen next weekend)
I'll rebase selinux/next to v4.16-rc1.  I always send a note to the
list when I rebase the selinux/next branch.

>From there, it's a matter of sorting out the merging logistics; I
suspect Stephen will probably just rebase his own selinuxns patches
(and presumably incorporate any feedback), but I tend to be a bit more
forgiving about manual fixups when merging patches after a rebase.
After Stephen's patches are merged we can merge the other bits that
rely on them.

Does that make sense?

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html