From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756198AbcANVpV (ORCPT ); Thu, 14 Jan 2016 16:45:21 -0500 Received: from dnvrco-outbound-snat.email.rr.com ([107.14.73.227]:3258 "EHLO dnvrco-oedge-vip.email.rr.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1756024AbcANVpT (ORCPT ); Thu, 14 Jan 2016 16:45:19 -0500 Date: Thu, 14 Jan 2016 16:45:08 -0500 From: "W. Michael Petullo" To: Christoph Hellwig Cc: linux-kernel@vger.kernel.org Subject: Re: Walking a wait_queue_t list of tasks blocked on pipe Message-ID: <20160114214508.GA17098@imp.flyn.org> References: <20160114033019.GA11746@imp.flyn.org> <20160114083341.GA23562@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160114083341.GA23562@infradead.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-RR-Connecting-IP: 107.14.64.130:25 X-Authority-Analysis: v=2.1 cv=Z81iHRhA c=1 sm=1 tr=0 a=87RIGqouMWMYfRMAVW2ryA==:117 a=87RIGqouMWMYfRMAVW2ryA==:17 a=ayC55rCoAAAA:8 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=yPAlea4wAAAA:8 a=kj9zAlcOel0A:10 a=7aQ_Q-yQQ-AA:10 a=40JYLk-nucHx6O8TICwA:9 a=CjuIK1q_8ugA:10 X-Cloudmark-Score: 0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >> I am trying to write code to walk a wait_queue_t list as part of a LSM >> file_permission function. The purpose is to act on each task which has >> blocked while trying to read from a pipe. > Just don't do that.. What we are trying to do is implement a research prototype for a simple information-flow system using LSM. The idea is that processes become tainted when they read objects marked as confidential and such processes taint other processes based on further interaction. The problem is that process A could open and block on reading FIFO F before tainted process B writes to F (and causes F to become confidential). Since A's LSM hooks fire off before it blocks, A could end up reading confidential data without itself being tainted. So it seems that I need to either walk the list of blocked processes, possibly tainting them, or insert a new LSM hook into pipe.c to support rechecking the confidentiality level of the pipe after waking up but before reading. If this all seems a little crazy it is because we are early in the prototyping process. Thank you, -- Mike :wq