From: Breno Leitao <leitao@debian.org>
To: John Johansen <john.johansen@canonical.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
James Morris <jmorris@namei.org>,
LSM List <linux-security-module@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
Peter Zijlstra <peterz@infradead.org>
Subject: Re: apparmor: WARNING: suspicious RCU usage
Date: Sat, 5 Jul 2025 16:47:40 +0100 [thread overview]
Message-ID: <aGlJHJpMk__IHNKp@gmail.com> (raw)
In-Reply-To: <4dbd0e0d-b1a3-8a06-5f65-bdcbb76fccee@canonical.com>
On Tue, Sep 21, 2021 at 02:23:19PM -0700, John Johansen wrote:
> On 9/21/21 1:32 AM, Thomas Gleixner wrote:
> >
> > Running with CONFIG_PROVE_RCU_LIST triggers the following splat:
> >
> > [ 6.805926] =============================
> > [ 6.806848] WARNING: suspicious RCU usage
> > [ 6.807738] 5.15.0-rc2+ #24 Tainted: G E
> > [ 6.808860] -----------------------------
> > [ 6.809734] security/apparmor/include/lib.h:191 RCU-list traversed in non-reader section!!
> > [ 6.811508]
> > other info that might help us debug this:
> >
> > [ 6.811516]
> > rcu_scheduler_active = 2, debug_locks = 1
> > [ 6.811527] 2 locks held by apparmor_parser/1897:
> > [ 6.811530] #0: ffff88885f139450 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x68/0xe0
> > [ 6.816110] #1: ffff8881000578a0 (&ns->lock){+.+.}-{3:3}, at: aa_replace_profiles+0x16d/0x11e0
> > [ 6.817418]
> > stack backtrace:
> > [ 6.818086] CPU: 38 PID: 1897 Comm: apparmor_parser Tainted: G E 5.15.0-rc2+ #24
> > [ 6.819359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
> > [ 6.820536] Call Trace:
> > [ 6.820918] dump_stack_lvl+0x57/0x72
> > [ 6.821499] __lookupn_profile+0x193/0x1a0
> > [ 6.822461] aa_replace_profiles+0x395/0x11e0
> > [ 6.823448] policy_update+0x13f/0x240
> > [ 6.824326] profile_replace+0xb1/0x120
> > [ 6.825213] vfs_write+0xe4/0x3b0
> > [ 6.826027] ksys_write+0x68/0xe0
> > [ 6.826576] do_syscall_64+0x3b/0x90
> > [ 6.827099] entry_SYSCALL_64_after_hwframe+0x44/0xae
> >
> > which is pretty obvious because aa_replace_profile() invokes:
> >
> > __lookup_replace()
> > __lookup_profile()
> > __strn_find_child()
> > __policy_strn_find()
> > list_for_each_entry_rcu() <- Splat
> >
> > The code is "correct" as this is the writer side and holding ns->lock,
> > but it's incorrect to use list_for_each_entry_rcu() without being in a
> > read side critical section unless it is properly annotated.
> >
> > Same problem in the same function vs. __lookup_parent() and there are
> > more issues of that sort, e.g. vs. __lookup_profile() in
> > aa_remove_profiles().
> >
> thanks Thomas, I look into it
I just hit this issue as well, and I got the same feeling as Thomas.
Quickly looking at the code, I think you need to pass an extra argument
to list_for_each_entry_rcu() that the ns->lock is held, silenting the
warning.
Maybe being able to get "struct aa_ns *ns" in __policy_strn_find() and
pass a lockdep_is_held(ns->lock) might be the most straight-forward
solution.
prev parent reply other threads:[~2025-07-05 15:47 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-21 8:32 apparmor: WARNING: suspicious RCU usage Thomas Gleixner
2021-09-21 21:23 ` John Johansen
2025-07-05 15:47 ` Breno Leitao [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aGlJHJpMk__IHNKp@gmail.com \
--to=leitao@debian.org \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paulmck@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).