From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
To: Dave Jones <davej@redhat.com>,
sds@tycho.nsa.gov, Linux Kernel <linux-kernel@vger.kernel.org>
Cc: paul@paul-moore.com
Subject: Re: suspicious RCU usage in security/selinux/netnode.c
Date: Mon, 14 May 2012 22:16:07 -0700 [thread overview]
Message-ID: <20120515051607.GH2412@linux.vnet.ibm.com> (raw)
In-Reply-To: <20120515044145.GA21910@redhat.com>
On Tue, May 15, 2012 at 12:41:45AM -0400, Dave Jones wrote:
> I just triggered this on Linus' current tree.
This is a bare:
rcu_dereference(sel_netnode_hash[idx].list.prev)
which needs to be in an RCU read-side critical section. Alternatively,
the above should instead be something like:
rcu_dereference_check(sel_netnode_hash[idx].list.prev,
lockdep_is_held(&sel_netnode_lock));
This second approach assumes that all modifications to the hash table
are protected by sel_netnode_lock. Paul Moore, thoughts?
Thanx, Paul
> Dave
>
> ===============================
> [ INFO: suspicious RCU usage. ]
> 3.4.0-rc7+ #93 Not tainted
> -------------------------------
> security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!
>
> other info that might help us debug this:
>
>
> rcu_scheduler_active = 1, debug_locks = 0
> 1 lock held by trinity/25132:
> #0: (sel_netnode_lock){+.....}, at: [<ffffffff812db738>] sel_netnode_sid+0x148/0x3c0
>
> stack backtrace:
> Pid: 25132, comm: trinity Not tainted 3.4.0-rc7+ #93
> Call Trace:
> [<ffffffff810cc7cd>] lockdep_rcu_suspicious+0xfd/0x130
> [<ffffffff812db981>] sel_netnode_sid+0x391/0x3c0
> [<ffffffff812db5f0>] ? sel_netnode_find+0x1a0/0x1a0
> [<ffffffff812d4a84>] selinux_socket_bind+0x104/0x350
> [<ffffffff810a6648>] ? sched_clock_cpu+0xb8/0x130
> [<ffffffff816a47b9>] ? sub_preempt_count+0xa9/0xe0
> [<ffffffff812cb3e6>] security_socket_bind+0x16/0x20
> [<ffffffff815468aa>] sys_bind+0x7a/0x100
> [<ffffffff816a8795>] ? sysret_check+0x22/0x5d
> [<ffffffff810d149d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
> [<ffffffff810fc18c>] ? __audit_syscall_entry+0xcc/0x310
> [<ffffffff8133839e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
> [<ffffffff816a8769>] system_call_fastpath+0x16/0x1b
>
next prev parent reply other threads:[~2012-05-15 5:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-15 4:41 suspicious RCU usage in security/selinux/netnode.c Dave Jones
2012-05-15 5:16 ` Paul E. McKenney [this message]
2012-05-15 14:24 ` Eric Paris
2012-05-15 14:46 ` Paul E. McKenney
2012-05-15 14:52 ` Eric Paris
2012-05-15 15:12 ` Paul Moore
2012-05-15 15:37 ` Paul E. McKenney
2012-05-15 18:35 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120515051607.GH2412@linux.vnet.ibm.com \
--to=paulmck@linux.vnet.ibm.com \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox