From: Thomas Gleixner <tglx@linutronix.de>
To: Kees Cook <kees@kernel.org>, Paul Moore <paul@paul-moore.com>
Cc: syzbot <syzbot+4576eaa688ef747b8d6c@syzkaller.appspotmail.com>,
linux-kernel@vger.kernel.org, luto@kernel.org,
peterz@infradead.org, syzkaller-bugs@googlegroups.com,
audit@vger.kernel.org
Subject: Re: [syzbot] [kernel?] WARNING in audit_log_start
Date: Tue, 03 Sep 2024 22:54:14 +0200 [thread overview]
Message-ID: <87seug791l.ffs@tglx> (raw)
In-Reply-To: <202409031223.018C3D1@keescook>
On Tue, Sep 03 2024 at 12:24, Kees Cook wrote:
> On Tue, Sep 03, 2024 at 03:22:17PM -0400, Paul Moore wrote:
>> > > might_alloc include/linux/sched/mm.h:337 [inline]
>> > > slab_pre_alloc_hook mm/slub.c:3987 [inline]
>> > > slab_alloc_node mm/slub.c:4065 [inline]
>> > > kmem_cache_alloc_noprof+0x5d/0x2a0 mm/slub.c:4092
>> > > audit_buffer_alloc kernel/audit.c:1790 [inline]
>> > > audit_log_start+0x15e/0xa30 kernel/audit.c:1912
>> > > audit_seccomp+0x63/0x1f0 kernel/auditsc.c:3007
>>
>> The audit_seccomp() function allocates an audit buffer using
>> GFP_KERNEL, which should be the source of the might_sleep. We can fix
>> that easily enough by moving to GFP_ATOMIC (either for just this code
>> path or all callers, need to check that), but I just want to confirm
>> that we can't sleep here? I haven't dug into the syscall code in a
>> while, so I don't recall all the details, but it seems odd to me that
>> we can't safely sleep here ...
>
> I had a similar question.. this is at syscall entry time. What is
> suddenly different here? We've been doing seccomp logging here for
> years...
Correct.
syscall_enter_from_user_mode() enables interrupts. At that point
preempt_count is 0. So after that the task can sleep and schedule.
Nothing in the call chain leading up to the allocation disables
preemption or interrupts.
From the actual console log:
do not call blocking ops when !TASK_RUNNING; state=2 set at [<ffffffff81908f9e>] audit_log_start+0x37e/0xa30
I have no idea how that state would leak accross schedule_timeout().
Thanks,
tglx
next prev parent reply other threads:[~2024-09-03 20:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-26 8:29 [syzbot] [kernel?] WARNING in audit_log_start syzbot
2024-09-02 8:37 ` Thomas Gleixner
2024-09-03 19:22 ` Paul Moore
2024-09-03 19:24 ` Kees Cook
2024-09-03 20:54 ` Thomas Gleixner [this message]
2024-09-03 21:21 ` Paul Moore
2024-09-03 21:22 ` Aleksandr Nogikh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87seug791l.ffs@tglx \
--to=tglx@linutronix.de \
--cc=audit@vger.kernel.org \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=paul@paul-moore.com \
--cc=peterz@infradead.org \
--cc=syzbot+4576eaa688ef747b8d6c@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox