From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753046AbbJOMx2 (ORCPT ); Thu, 15 Oct 2015 08:53:28 -0400 Received: from mailout2.w1.samsung.com ([210.118.77.12]:42184 "EHLO mailout2.w1.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752522AbbJOMx0 (ORCPT ); Thu, 15 Oct 2015 08:53:26 -0400 X-AuditID: cbfec7f4-f79c56d0000012ee-5e-561fa1c38dc8 Message-id: <1444913602.5661.9.camel@samsung.com> Subject: Re: [PATCH v4 09/11] smack: namespace groundwork From: Lukasz Pawelczyk To: Hillf Danton Cc: Andy Lutomirski , Kees Cook , linux-kernel , linux-security-module@vger.kernel.org Date: Thu, 15 Oct 2015 14:53:22 +0200 In-reply-to: <1444912906.5661.7.camel@samsung.com> References: <019801d1071b$2c124000$8436c000$@alibaba-inc.com> <01a101d1071c$8ce631b0$a6b29510$@alibaba-inc.com> <1444912906.5661.7.camel@samsung.com> Content-type: text/plain; charset=UTF-8 X-Mailer: Evolution 3.16.5 (3.16.5-3.fc22) MIME-version: 1.0 Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDLMWRmVeSWpSXmKPExsVy+t/xa7qHF8qHGbz/qW4xd/5hdosz3bkW l3fNYbP40POIzWL12gZWB1aPiW8/snjcf/OXxWN2w0UWj8+b5AJYorhsUlJzMstSi/TtErgy 7r54yFpwkr9i5cJXzA2MC7m7GDk4JARMJC52q3UxcgKZYhIX7q1n62Lk4hASWMoocfL5LFYI 5zOjxMxrF1hBqngFDCVeTGpmB7GFBSwlbu+7wAZiswkYSHy/sJcZxBYR0JZ49eUPI0gzs8AS RolLK/8xgiRYBFQlbt94CtbMKWAk8e59G9hQIYGZjBIPt9mC2MwC6hKT5i1ihjhJS+Lg86dM EIsFJX5MvscCUSMvsXnNW+YJjAKzkLTMQlI2C0nZAkbmVYyiqaXJBcVJ6bmGesWJucWleel6 yfm5mxghYfxlB+PiY1aHGAU4GJV4eE88kAsTYk0sK67MPcQowcGsJMLbVyUfJsSbklhZlVqU H19UmpNafIhRmoNFSZx37q73IUIC6YklqdmpqQWpRTBZJg5OqQZGLuanhXMnMX5nul8WuWmr +sLJjy+8/D6te+d/nfnLN/RaPrR9X78vZGmEvGXZqviu+zKZU+/rXK3L3pb8u7gj85Ls1QWn 2vJX/LRRvydRrZoeFr76yxyLivCNlumC2+ume70/kPcot+mLqJvEN7ci4xvefPa2OY5n2IPt f8o+aVlkk7XVZ0G+EktxRqKhFnNRcSIAv2krPV8CAAA= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On czw, 2015-10-15 at 14:41 +0200, Lukasz Pawelczyk wrote: > No, not a typo. A regular bug. Thanks for spotting it. Also sync > mechanism before freeing was missing: Hitfix, will be integrated with the next respin: diff --git a/security/smack/smack.h b/security/smack/smack.h index 3d432f4..3a795bf 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -97,6 +97,7 @@ struct smack_ns { struct smack_known_ns { struct list_head smk_list_known; struct list_head smk_list_ns; + struct rcu_head smk_rcu; struct user_namespace *smk_ns; char *smk_mapped; struct smack_known *smk_unmapped; diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 8e0da67..234da71 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4669,6 +4669,15 @@ static inline int smack_userns_create(struct user_namespace *ns) return 0; } +static void smk_free_known_ns(struct rcu_head *head) +{ + struct smack_known_ns *sknp = container_of(head, struct smack_known_ns, smk_rcu); + + if (sknp->smk_allocated) + kfree(sknp->smk_mapped); + kfree(sknp); +} + static inline void smack_userns_free(struct user_namespace *ns) { struct smack_ns *snsp = ns->security; @@ -4680,12 +4689,11 @@ static inline void smack_userns_free(struct user_namespace *ns) mutex_lock(&skp->smk_mapped_lock); list_del_rcu(&sknp->smk_list_known); - if (sknp->smk_allocated) - kfree(sknp->smk_mapped); - kfree(sknp); mutex_unlock(&skp->smk_mapped_lock); list_del(&sknp->smk_list_ns); + + call_rcu(&sknp->smk_rcu, smk_free_known_ns); } kfree(snsp); -- -- Lukasz Pawelczyk Samsung R&D Institute Poland Samsung Electronics