[PATCH 3.2 001/185] selinux: correct locking in selinux_netlbl_socket_connect)
3.2.54-rc1 review patch. If anyone has any objections, please let me know.
--
From: Paul Moore
commit 42d64e1add3a1ce8a787116036163b8724362145 upstream.
The SELinux/NetLabel glue code has a locking bug that affects systems
with NetLabel enabled, see the kernel error message below. This patch
corrects this problem by converting the bottom half socket lock to a
more conventional, and correct for this call-path, lock_sock() call.
===
[ INFO: suspicious RCU usage. ]
3.11.0-rc3+ #19 Not tainted
---
net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
2 locks held by ping/731:
#0: (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect
#1: (rcu_read_lock){.+.+..}, at: [<...>] netlbl_conn_setattr
stack backtrace:
CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
0001 88006f659d28 81726b6a 88003732c500
88006f659d58 810e4457 88006b845a00
000c 880075aa2f50 88006f659d90 8169bec7
Call Trace:
[] dump_stack+0x54/0x74
[] lockdep_rcu_suspicious+0xe7/0x120
[] cipso_v4_sock_setattr+0x187/0x1a0
[] netlbl_conn_setattr+0x187/0x190
[] ? netlbl_conn_setattr+0x5/0x190
[] selinux_netlbl_socket_connect+0xae/0xc0
[] selinux_socket_connect+0x135/0x170
[] ? might_fault+0x57/0xb0
[] security_socket_connect+0x16/0x20
[] SYSC_connect+0x73/0x130
[] ? sysret_check+0x22/0x5d
[] ? trace_hardirqs_on_caller+0xfd/0x1c0
[] ? trace_hardirqs_on_thunk+0x3a/0x3f
[] SyS_connect+0xe/0x10
[] system_call_fastpath+0x16/0x1b
Signed-off-by: Paul Moore
Signed-off-by: Ben Hutchings
---
security/selinux/netlabel.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -442,8 +442,7 @@ int selinux_netlbl_socket_connect(struct
sksec->nlbl_state != NLBL_CONNLABELED)
return 0;
- local_bh_disable();
- bh_lock_sock_nested(sk);
+ lock_sock(sk);
/* connected sockets are allowed to disconnect when the address family
* is set to AF_UNSPEC, if that is what is happening we want to reset
@@ -464,7 +463,6 @@ int selinux_netlbl_socket_connect(struct
sksec->nlbl_state = NLBL_CONNLABELED;
socket_connect_return:
- bh_unlock_sock(sk);
- local_bh_enable();
+ release_sock(sk);
return rc;
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH 3.2 001/185] selinux: correct locking in selinux_netlbl_socket_connect)
3.2.54-rc1 review patch. If anyone has any objections, please let me know.
--
From: Paul Moore pmo...@redhat.com
commit 42d64e1add3a1ce8a787116036163b8724362145 upstream.
The SELinux/NetLabel glue code has a locking bug that affects systems
with NetLabel enabled, see the kernel error message below. This patch
corrects this problem by converting the bottom half socket lock to a
more conventional, and correct for this call-path, lock_sock() call.
===
[ INFO: suspicious RCU usage. ]
3.11.0-rc3+ #19 Not tainted
---
net/ipv4/cipso_ipv4.c:1928 suspicious rcu_dereference_protected() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
2 locks held by ping/731:
#0: (slock-AF_INET/1){+.-...}, at: [...] selinux_netlbl_socket_connect
#1: (rcu_read_lock){.+.+..}, at: [...] netlbl_conn_setattr
stack backtrace:
CPU: 1 PID: 731 Comm: ping Not tainted 3.11.0-rc3+ #19
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
0001 88006f659d28 81726b6a 88003732c500
88006f659d58 810e4457 88006b845a00
000c 880075aa2f50 88006f659d90 8169bec7
Call Trace:
[81726b6a] dump_stack+0x54/0x74
[810e4457] lockdep_rcu_suspicious+0xe7/0x120
[8169bec7] cipso_v4_sock_setattr+0x187/0x1a0
[8170f317] netlbl_conn_setattr+0x187/0x190
[8170f195] ? netlbl_conn_setattr+0x5/0x190
[8131ac9e] selinux_netlbl_socket_connect+0xae/0xc0
[81303025] selinux_socket_connect+0x135/0x170
[8119d127] ? might_fault+0x57/0xb0
[812fb146] security_socket_connect+0x16/0x20
[815d3ad3] SYSC_connect+0x73/0x130
[81739a85] ? sysret_check+0x22/0x5d
[810e5e2d] ? trace_hardirqs_on_caller+0xfd/0x1c0
[81373d4e] ? trace_hardirqs_on_thunk+0x3a/0x3f
[815d52be] SyS_connect+0xe/0x10
[81739a59] system_call_fastpath+0x16/0x1b
Signed-off-by: Paul Moore pmo...@redhat.com
Signed-off-by: Ben Hutchings b...@decadent.org.uk
---
security/selinux/netlabel.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -442,8 +442,7 @@ int selinux_netlbl_socket_connect(struct
sksec-nlbl_state != NLBL_CONNLABELED)
return 0;
- local_bh_disable();
- bh_lock_sock_nested(sk);
+ lock_sock(sk);
/* connected sockets are allowed to disconnect when the address family
* is set to AF_UNSPEC, if that is what is happening we want to reset
@@ -464,7 +463,6 @@ int selinux_netlbl_socket_connect(struct
sksec-nlbl_state = NLBL_CONNLABELED;
socket_connect_return:
- bh_unlock_sock(sk);
- local_bh_enable();
+ release_sock(sk);
return rc;
}
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
