Re: [PATCH v2] security: device_cgroup: fix RCU lockdep splat
On Wed, Sep 2, 2015 at 8:14 PM, Paul E. McKenneywrote: > On Wed, Sep 02, 2015 at 12:24:50PM -0400, Tejun Heo wrote: >> cc'ing Paul. >> >> On Wed, Sep 02, 2015 at 08:12:28AM -0500, Felipe Balbi wrote: >> > while booting AM437x device, the following splat >> > triggered: >> > >> > [ 12.005238] === >> > [ 12.009749] [ INFO: suspicious RCU usage. ] >> > [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted >> > [ 12.019050] --- >> > [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex >> > called without proper synchronization! >> ... >> > [ 12.128326] [] (verify_new_ex) from [] >> > (devcgroup_access_write+0x374/0x658) >> > [ 12.137426] [] (devcgroup_access_write) from [] >> > (cgroup_file_write+0x28/0x1bc) >> > [ 12.146796] [] (cgroup_file_write) from [] >> > (kernfs_fop_write+0xc0/0x1b8) >> > [ 12.155620] [] (kernfs_fop_write) from [] >> > (__vfs_write+0x1c/0xd8) >> > [ 12.163783] [] (__vfs_write) from [] >> > (vfs_write+0x90/0x16c) >> > [ 12.171426] [] (vfs_write) from [] >> > (SyS_write+0x44/0x9c) >> > [ 12.178806] [] (SyS_write) from [] >> > (ret_fast_syscall+0x0/0x1c) >> >> This shouldn't be happening because devcgroup_access_write() always >> grabs devcgroup_mutex. Looking at the log, the culprit seems to be >> f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to >> RCU_LOCKDEP_WARN()"). It missed the bang for the second test while >> inverting it, so adding rcu_read_lock() isn't the right fix here. >> >> Paul, can you please fix it? > > Gah! Please see below. > > Thanx, Paul > > > > security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition > > f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()") > introduced a bug by incorrectly inverting the condition when moving from > rcu_lockdep_assert() to RCU_LOCKDEP_WARN(). This commit therefore fixes > the inversion. > > Reported-by: Felipe Balbi > Reported-by: Tejun Heo > Signed-off-by: Paul E. McKenney > Cc: Serge Hallyn Just tested this patch without Felipe's previous version on all my machines. The splat is indeed gone. Tested-by: Josh Boyer josh > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c > index 73455089feef..03c1652c9a1f 100644 > --- a/security/device_cgroup.c > +++ b/security/device_cgroup.c > @@ -401,7 +401,7 @@ static bool verify_new_ex(struct dev_cgroup *dev_cgroup, > bool match = false; > > RCU_LOCKDEP_WARN(!rcu_read_lock_held() && > -lockdep_is_held(_mutex), > +!lockdep_is_held(_mutex), > "device_cgroup:verify_new_ex called without proper > synchronization"); > > if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) { > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] security: device_cgroup: fix RCU lockdep splat
On Wed, Sep 02, 2015 at 05:14:33PM -0700, Paul E. McKenney wrote: > On Wed, Sep 02, 2015 at 12:24:50PM -0400, Tejun Heo wrote: > > cc'ing Paul. > > > > On Wed, Sep 02, 2015 at 08:12:28AM -0500, Felipe Balbi wrote: > > > while booting AM437x device, the following splat > > > triggered: > > > > > > [ 12.005238] === > > > [ 12.009749] [ INFO: suspicious RCU usage. ] > > > [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted > > > [ 12.019050] --- > > > [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex > > > called without proper synchronization! > > ... > > > [ 12.128326] [] (verify_new_ex) from [] > > > (devcgroup_access_write+0x374/0x658) > > > [ 12.137426] [] (devcgroup_access_write) from [] > > > (cgroup_file_write+0x28/0x1bc) > > > [ 12.146796] [] (cgroup_file_write) from [] > > > (kernfs_fop_write+0xc0/0x1b8) > > > [ 12.155620] [] (kernfs_fop_write) from [] > > > (__vfs_write+0x1c/0xd8) > > > [ 12.163783] [] (__vfs_write) from [] > > > (vfs_write+0x90/0x16c) > > > [ 12.171426] [] (vfs_write) from [] > > > (SyS_write+0x44/0x9c) > > > [ 12.178806] [] (SyS_write) from [] > > > (ret_fast_syscall+0x0/0x1c) > > > > This shouldn't be happening because devcgroup_access_write() always > > grabs devcgroup_mutex. Looking at the log, the culprit seems to be > > f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to > > RCU_LOCKDEP_WARN()"). It missed the bang for the second test while > > inverting it, so adding rcu_read_lock() isn't the right fix here. > > > > Paul, can you please fix it? > > Gah! Please see below. > > Thanx, Paul > > > > security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition > > f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()") > introduced a bug by incorrectly inverting the condition when moving from > rcu_lockdep_assert() to RCU_LOCKDEP_WARN(). This commit therefore fixes > the inversion. > > Reported-by: Felipe Balbi> Reported-by: Tejun Heo > Signed-off-by: Paul E. McKenney > Cc: Serge Hallyn Oh, makes sense :) (didn't see the original patch when it came by, sorry) Acked-by: Serge Hallyn > diff --git a/security/device_cgroup.c b/security/device_cgroup.c > index 73455089feef..03c1652c9a1f 100644 > --- a/security/device_cgroup.c > +++ b/security/device_cgroup.c > @@ -401,7 +401,7 @@ static bool verify_new_ex(struct dev_cgroup *dev_cgroup, > bool match = false; > > RCU_LOCKDEP_WARN(!rcu_read_lock_held() && > - lockdep_is_held(_mutex), > + !lockdep_is_held(_mutex), >"device_cgroup:verify_new_ex called without proper > synchronization"); > > if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) { -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] security: device_cgroup: fix RCU lockdep splat
On Thu, Sep 03, 2015 at 08:48:39AM -0500, Serge E. Hallyn wrote: > On Wed, Sep 02, 2015 at 05:14:33PM -0700, Paul E. McKenney wrote: > > On Wed, Sep 02, 2015 at 12:24:50PM -0400, Tejun Heo wrote: > > > cc'ing Paul. > > > > > > On Wed, Sep 02, 2015 at 08:12:28AM -0500, Felipe Balbi wrote: > > > > while booting AM437x device, the following splat > > > > triggered: > > > > > > > > [ 12.005238] === > > > > [ 12.009749] [ INFO: suspicious RCU usage. ] > > > > [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted > > > > [ 12.019050] --- > > > > [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex > > > > called without proper synchronization! > > > ... > > > > [ 12.128326] [] (verify_new_ex) from [] > > > > (devcgroup_access_write+0x374/0x658) > > > > [ 12.137426] [] (devcgroup_access_write) from [] > > > > (cgroup_file_write+0x28/0x1bc) > > > > [ 12.146796] [] (cgroup_file_write) from [] > > > > (kernfs_fop_write+0xc0/0x1b8) > > > > [ 12.155620] [] (kernfs_fop_write) from [] > > > > (__vfs_write+0x1c/0xd8) > > > > [ 12.163783] [] (__vfs_write) from [] > > > > (vfs_write+0x90/0x16c) > > > > [ 12.171426] [] (vfs_write) from [] > > > > (SyS_write+0x44/0x9c) > > > > [ 12.178806] [] (SyS_write) from [] > > > > (ret_fast_syscall+0x0/0x1c) > > > > > > This shouldn't be happening because devcgroup_access_write() always > > > grabs devcgroup_mutex. Looking at the log, the culprit seems to be > > > f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to > > > RCU_LOCKDEP_WARN()"). It missed the bang for the second test while > > > inverting it, so adding rcu_read_lock() isn't the right fix here. > > > > > > Paul, can you please fix it? > > > > Gah! Please see below. > > > > Thanx, Paul > > > > > > > > security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition > > > > f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()") > > introduced a bug by incorrectly inverting the condition when moving from > > rcu_lockdep_assert() to RCU_LOCKDEP_WARN(). This commit therefore fixes > > the inversion. > > > > Reported-by: Felipe Balbi> > Reported-by: Tejun Heo > > Signed-off-by: Paul E. McKenney > > Cc: Serge Hallyn > > Oh, makes sense :) (didn't see the original patch when it came by, sorry) I should have CCed you, apologies for failing to do so. > Acked-by: Serge Hallyn Added, thank you! Thanx, Paul > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c > > index 73455089feef..03c1652c9a1f 100644 > > --- a/security/device_cgroup.c > > +++ b/security/device_cgroup.c > > @@ -401,7 +401,7 @@ static bool verify_new_ex(struct dev_cgroup *dev_cgroup, > > bool match = false; > > > > RCU_LOCKDEP_WARN(!rcu_read_lock_held() && > > -lockdep_is_held(_mutex), > > +!lockdep_is_held(_mutex), > > "device_cgroup:verify_new_ex called without proper > > synchronization"); > > > > if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) { > -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] security: device_cgroup: fix RCU lockdep splat
On Thu, Sep 03, 2015 at 09:56:05AM -0400, Josh Boyer wrote: > On Wed, Sep 2, 2015 at 8:14 PM, Paul E. McKenney >wrote: > > On Wed, Sep 02, 2015 at 12:24:50PM -0400, Tejun Heo wrote: > >> cc'ing Paul. > >> > >> On Wed, Sep 02, 2015 at 08:12:28AM -0500, Felipe Balbi wrote: > >> > while booting AM437x device, the following splat > >> > triggered: > >> > > >> > [ 12.005238] === > >> > [ 12.009749] [ INFO: suspicious RCU usage. ] > >> > [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted > >> > [ 12.019050] --- > >> > [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex > >> > called without proper synchronization! > >> ... > >> > [ 12.128326] [] (verify_new_ex) from [] > >> > (devcgroup_access_write+0x374/0x658) > >> > [ 12.137426] [] (devcgroup_access_write) from [] > >> > (cgroup_file_write+0x28/0x1bc) > >> > [ 12.146796] [] (cgroup_file_write) from [] > >> > (kernfs_fop_write+0xc0/0x1b8) > >> > [ 12.155620] [] (kernfs_fop_write) from [] > >> > (__vfs_write+0x1c/0xd8) > >> > [ 12.163783] [] (__vfs_write) from [] > >> > (vfs_write+0x90/0x16c) > >> > [ 12.171426] [] (vfs_write) from [] > >> > (SyS_write+0x44/0x9c) > >> > [ 12.178806] [] (SyS_write) from [] > >> > (ret_fast_syscall+0x0/0x1c) > >> > >> This shouldn't be happening because devcgroup_access_write() always > >> grabs devcgroup_mutex. Looking at the log, the culprit seems to be > >> f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to > >> RCU_LOCKDEP_WARN()"). It missed the bang for the second test while > >> inverting it, so adding rcu_read_lock() isn't the right fix here. > >> > >> Paul, can you please fix it? > > > > Gah! Please see below. > > > > Thanx, Paul > > > > > > > > security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition > > > > f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()") > > introduced a bug by incorrectly inverting the condition when moving from > > rcu_lockdep_assert() to RCU_LOCKDEP_WARN(). This commit therefore fixes > > the inversion. > > > > Reported-by: Felipe Balbi > > Reported-by: Tejun Heo > > Signed-off-by: Paul E. McKenney > > Cc: Serge Hallyn > > Just tested this patch without Felipe's previous version on all my > machines. The splat is indeed gone. > > Tested-by: Josh Boyer Thank you, added! Thanx, Paul > josh > > > > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c > > index 73455089feef..03c1652c9a1f 100644 > > --- a/security/device_cgroup.c > > +++ b/security/device_cgroup.c > > @@ -401,7 +401,7 @@ static bool verify_new_ex(struct dev_cgroup *dev_cgroup, > > bool match = false; > > > > RCU_LOCKDEP_WARN(!rcu_read_lock_held() && > > -lockdep_is_held(_mutex), > > +!lockdep_is_held(_mutex), > > "device_cgroup:verify_new_ex called without proper > > synchronization"); > > > > if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) { > > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > > the body of a message to majord...@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > Please read the FAQ at http://www.tux.org/lkml/ > -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] security: device_cgroup: fix RCU lockdep splat
cc'ing Paul. On Wed, Sep 02, 2015 at 08:12:28AM -0500, Felipe Balbi wrote: > while booting AM437x device, the following splat > triggered: > > [ 12.005238] === > [ 12.009749] [ INFO: suspicious RCU usage. ] > [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted > [ 12.019050] --- > [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex > called without proper synchronization! ... > [ 12.128326] [] (verify_new_ex) from [] > (devcgroup_access_write+0x374/0x658) > [ 12.137426] [] (devcgroup_access_write) from [] > (cgroup_file_write+0x28/0x1bc) > [ 12.146796] [] (cgroup_file_write) from [] > (kernfs_fop_write+0xc0/0x1b8) > [ 12.155620] [] (kernfs_fop_write) from [] > (__vfs_write+0x1c/0xd8) > [ 12.163783] [] (__vfs_write) from [] > (vfs_write+0x90/0x16c) > [ 12.171426] [] (vfs_write) from [] > (SyS_write+0x44/0x9c) > [ 12.178806] [] (SyS_write) from [] > (ret_fast_syscall+0x0/0x1c) This shouldn't be happening because devcgroup_access_write() always grabs devcgroup_mutex. Looking at the log, the culprit seems to be f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()"). It missed the bang for the second test while inverting it, so adding rcu_read_lock() isn't the right fix here. Paul, can you please fix it? Thanks. -- tejun -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] security: device_cgroup: fix RCU lockdep splat
On Wed, Sep 2, 2015 at 9:12 AM, Felipe Balbiwrote: > while booting AM437x device, the following splat > triggered: > > [ 12.005238] === > [ 12.009749] [ INFO: suspicious RCU usage. ] > [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted > [ 12.019050] --- > [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex > called without proper synchronization! > [ 12.033576] other info that might help us debug this: > > [ 12.041942] rcu_scheduler_active = 1, debug_locks = 0 > [ 12.048796] 4 locks held by systemd/1: > [ 12.052700] #0: (sb_writers#7){.+.+.+}, at: [] > __sb_start_write+0x8c/0xb0 > [ 12.060954] #1: (>mutex){+.+.+.}, at: [] > kernfs_fop_write+0x50/0x1b8 > [ 12.069085] #2: (s_active#30){.+}, at: [] > kernfs_fop_write+0x58/0x1b8 > [ 12.077310] #3: (devcgroup_mutex){+.+...}, at: [] > devcgroup_access_write+0x20/0x658 > [ 12.086575] stack backtrace: > [ 12.091124] CPU: 0 PID: 1 Comm: systemd Not tainted 4.2.0-next-20150831 > #1154 > [ 12.098609] Hardware name: Generic AM43 (Flattened Device Tree) > [ 12.104807] [] (unwind_backtrace) from [] > (show_stack+0x10/0x14) > [ 12.112924] [] (show_stack) from [] > (dump_stack+0x84/0x9c) > [ 12.120491] [] (dump_stack) from [] > (verify_new_ex+0xc4/0xdc) > [ 12.128326] [] (verify_new_ex) from [] > (devcgroup_access_write+0x374/0x658) > [ 12.137426] [] (devcgroup_access_write) from [] > (cgroup_file_write+0x28/0x1bc) > [ 12.146796] [] (cgroup_file_write) from [] > (kernfs_fop_write+0xc0/0x1b8) > [ 12.155620] [] (kernfs_fop_write) from [] > (__vfs_write+0x1c/0xd8) > [ 12.163783] [] (__vfs_write) from [] > (vfs_write+0x90/0x16c) > [ 12.171426] [] (vfs_write) from [] > (SyS_write+0x44/0x9c) > [ 12.178806] [] (SyS_write) from [] > (ret_fast_syscall+0x0/0x1c) > > Fix it by making sure rcu_read_lock() is held > around calls to parent_has_perm(). > > Signed-off-by: Felipe Balbi This cleared up the splat on all my machines and I don't see any other side effects (even with lockdep enabled). Thanks! Tested-by: Josh Boyer josh > --- > > Changes since v1: > - move rcu_read_lock/unlock to wrap parent_has_perm() > > security/device_cgroup.c | 7 ++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c > index 73455089feef..dd77ed206fa4 100644 > --- a/security/device_cgroup.c > +++ b/security/device_cgroup.c > @@ -608,6 +608,7 @@ static int devcgroup_update_access(struct dev_cgroup > *devcgroup, > int count, rc = 0; > struct dev_exception_item ex; > struct dev_cgroup *parent = css_to_devcgroup(devcgroup->css.parent); > + int ret; > > if (!capable(CAP_SYS_ADMIN)) > return -EPERM; > @@ -734,7 +735,11 @@ static int devcgroup_update_access(struct dev_cgroup > *devcgroup, > break; > } > > - if (!parent_has_perm(devcgroup, )) > + rcu_read_lock(); > + ret = parent_has_perm(devcgroup, ); > + rcu_read_unlock(); > + > + if (!ret) > return -EPERM; > rc = dev_exception_add(devcgroup, ); > break; > -- > 2.5.0 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2] security: device_cgroup: fix RCU lockdep splat
On Wed, Sep 02, 2015 at 12:24:50PM -0400, Tejun Heo wrote: > cc'ing Paul. > > On Wed, Sep 02, 2015 at 08:12:28AM -0500, Felipe Balbi wrote: > > while booting AM437x device, the following splat > > triggered: > > > > [ 12.005238] === > > [ 12.009749] [ INFO: suspicious RCU usage. ] > > [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted > > [ 12.019050] --- > > [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex > > called without proper synchronization! > ... > > [ 12.128326] [] (verify_new_ex) from [] > > (devcgroup_access_write+0x374/0x658) > > [ 12.137426] [] (devcgroup_access_write) from [] > > (cgroup_file_write+0x28/0x1bc) > > [ 12.146796] [] (cgroup_file_write) from [] > > (kernfs_fop_write+0xc0/0x1b8) > > [ 12.155620] [] (kernfs_fop_write) from [] > > (__vfs_write+0x1c/0xd8) > > [ 12.163783] [] (__vfs_write) from [] > > (vfs_write+0x90/0x16c) > > [ 12.171426] [] (vfs_write) from [] > > (SyS_write+0x44/0x9c) > > [ 12.178806] [] (SyS_write) from [] > > (ret_fast_syscall+0x0/0x1c) > > This shouldn't be happening because devcgroup_access_write() always > grabs devcgroup_mutex. Looking at the log, the culprit seems to be > f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to > RCU_LOCKDEP_WARN()"). It missed the bang for the second test while > inverting it, so adding rcu_read_lock() isn't the right fix here. > > Paul, can you please fix it? Gah! Please see below. Thanx, Paul security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition f78f5b90c4ff ("rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()") introduced a bug by incorrectly inverting the condition when moving from rcu_lockdep_assert() to RCU_LOCKDEP_WARN(). This commit therefore fixes the inversion. Reported-by: Felipe BalbiReported-by: Tejun Heo Signed-off-by: Paul E. McKenney Cc: Serge Hallyn diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 73455089feef..03c1652c9a1f 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -401,7 +401,7 @@ static bool verify_new_ex(struct dev_cgroup *dev_cgroup, bool match = false; RCU_LOCKDEP_WARN(!rcu_read_lock_held() && -lockdep_is_held(_mutex), +!lockdep_is_held(_mutex), "device_cgroup:verify_new_ex called without proper synchronization"); if (dev_cgroup->behavior == DEVCG_DEFAULT_ALLOW) { -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH v2] security: device_cgroup: fix RCU lockdep splat
while booting AM437x device, the following splat triggered: [ 12.005238] === [ 12.009749] [ INFO: suspicious RCU usage. ] [ 12.014116] 4.2.0-next-20150831 #1154 Not tainted [ 12.019050] --- [ 12.023408] security/device_cgroup.c:405 device_cgroup:verify_new_ex called without proper synchronization! [ 12.033576] other info that might help us debug this: [ 12.041942] rcu_scheduler_active = 1, debug_locks = 0 [ 12.048796] 4 locks held by systemd/1: [ 12.052700] #0: (sb_writers#7){.+.+.+}, at: [] __sb_start_write+0x8c/0xb0 [ 12.060954] #1: (>mutex){+.+.+.}, at: [] kernfs_fop_write+0x50/0x1b8 [ 12.069085] #2: (s_active#30){.+}, at: [] kernfs_fop_write+0x58/0x1b8 [ 12.077310] #3: (devcgroup_mutex){+.+...}, at: [] devcgroup_access_write+0x20/0x658 [ 12.086575] stack backtrace: [ 12.091124] CPU: 0 PID: 1 Comm: systemd Not tainted 4.2.0-next-20150831 #1154 [ 12.098609] Hardware name: Generic AM43 (Flattened Device Tree) [ 12.104807] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 12.112924] [] (show_stack) from [] (dump_stack+0x84/0x9c) [ 12.120491] [] (dump_stack) from [] (verify_new_ex+0xc4/0xdc) [ 12.128326] [] (verify_new_ex) from [] (devcgroup_access_write+0x374/0x658) [ 12.137426] [] (devcgroup_access_write) from [] (cgroup_file_write+0x28/0x1bc) [ 12.146796] [] (cgroup_file_write) from [] (kernfs_fop_write+0xc0/0x1b8) [ 12.155620] [] (kernfs_fop_write) from [] (__vfs_write+0x1c/0xd8) [ 12.163783] [] (__vfs_write) from [] (vfs_write+0x90/0x16c) [ 12.171426] [] (vfs_write) from [] (SyS_write+0x44/0x9c) [ 12.178806] [] (SyS_write) from [] (ret_fast_syscall+0x0/0x1c) Fix it by making sure rcu_read_lock() is held around calls to parent_has_perm(). Signed-off-by: Felipe Balbi--- Changes since v1: - move rcu_read_lock/unlock to wrap parent_has_perm() security/device_cgroup.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/security/device_cgroup.c b/security/device_cgroup.c index 73455089feef..dd77ed206fa4 100644 --- a/security/device_cgroup.c +++ b/security/device_cgroup.c @@ -608,6 +608,7 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, int count, rc = 0; struct dev_exception_item ex; struct dev_cgroup *parent = css_to_devcgroup(devcgroup->css.parent); + int ret; if (!capable(CAP_SYS_ADMIN)) return -EPERM; @@ -734,7 +735,11 @@ static int devcgroup_update_access(struct dev_cgroup *devcgroup, break; } - if (!parent_has_perm(devcgroup, )) + rcu_read_lock(); + ret = parent_has_perm(devcgroup, ); + rcu_read_unlock(); + + if (!ret) return -EPERM; rc = dev_exception_add(devcgroup, ); break; -- 2.5.0 -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html