From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755011AbaEOVPO (ORCPT ); Thu, 15 May 2014 17:15:14 -0400 Received: from mx1.redhat.com ([209.132.183.28]:59054 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751524AbaEOVPM (ORCPT ); Thu, 15 May 2014 17:15:12 -0400 From: Paul Moore To: Dave Jones Cc: Linux Kernel , sds@tycho.nsa.gov, eparis@redhat.com Subject: Re: [1/2] conditionally reschedule in mls_convert_context while loading selinux policy. Date: Thu, 15 May 2014 17:15:09 -0400 Message-ID: <14291895.ND36WnVhTC@sifl> Organization: Red Hat User-Agent: KMail/4.13 (Linux/3.14.1-gentoo; KDE/4.13.0; x86_64; ; ) In-Reply-To: <20140515190253.GA16816@redhat.com> References: <20140515190253.GA16816@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thursday, May 15, 2014 03:02:53 PM Dave Jones wrote: > On a slow machine (with debugging enabled), upgrading selinux policy may > take a considerable amount of time. Long enough that the softlockup > detector gets triggered. > > The backtrace looks like this.. > > > BUG: soft lockup - CPU#2 stuck for 23s! [load_policy:19045] > > > > Call Trace: > > [] symcmp+0xf/0x20 > > [] hashtab_search+0x47/0x80 > > [] mls_convert_context+0xdc/0x1c0 > > [] convert_context+0x378/0x460 > > [] ? security_context_to_sid_core+0x240/0x240 > > [] sidtab_map+0x45/0x80 > > [] security_load_policy+0x3ff/0x580 > > [] ? sched_clock_cpu+0xa8/0x100 > > [] ? sched_clock_local+0x1d/0x80 > > [] ? sched_clock_cpu+0xa8/0x100 > > [] ? __change_page_attr_set_clr+0x82a/0xa50 > > [] ? sched_clock_local+0x1d/0x80 > > [] ? sched_clock_cpu+0xa8/0x100 > > [] ? __change_page_attr_set_clr+0x82a/0xa50 > > [] ? sched_clock_cpu+0xa8/0x100 > > [] ? retint_restore_args+0xe/0xe > > [] ? trace_hardirqs_on_caller+0xfd/0x1c0 > > [] ? trace_hardirqs_on_thunk+0x3a/0x3f > > [] ? rcu_irq_exit+0x68/0xb0 > > [] ? retint_restore_args+0xe/0xe > > [] sel_write_load+0xa7/0x770 > > [] ? vfs_write+0x1c3/0x200 > > [] ? security_file_permission+0x1e/0xa0 > > [] vfs_write+0xbb/0x200 > > [] ? fget_light+0x397/0x4b0 > > [] SyS_write+0x47/0xa0 > > [] tracesys+0xdd/0xe2 > > Stephen Smalley suggested: > > Maybe put a cond_resched() within the ebitmap_for_each_positive_bit() > > loop in mls_convert_context()? > > That seems to do the trick. Tested by downgrading and re-upgrading > selinux-policy-targeted. > > Signed-off-by: Dave Jones > > --- > security/selinux/ss/mls.c | 2 ++ > 1 file changed, 2 insertions(+) Merged to the SELinux #next branch, thanks. > diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c > index c85bc1ec040c..d307b37ddc2b 100644 > --- a/security/selinux/ss/mls.c > +++ b/security/selinux/ss/mls.c > @@ -492,6 +492,8 @@ int mls_convert_context(struct policydb *oldp, > rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); > if (rc) > return rc; > + > + cond_resched(); > } > ebitmap_destroy(&c->range.level[l].cat); > c->range.level[l].cat = bitmap; -- paul moore security and virtualization @ redhat