From: Jiri Slaby <jslaby@suse.cz> To: Aristeu Rozanski <aris@redhat.com> Cc: linux-kernel@vger.kernel.org, Dave Jones <davej@redhat.com>, Andrew Morton <akpm@linux-foundation.org>, Tejun Heo <tj@kernel.org>, Li Zefan <lizefan@huawei.com>, James Morris <jmorris@namei.org>, Pavel Emelyanov <xemul@openvz.org>, Serge Hallyn <serge.hallyn@canonical.com>, cgroups@vger.kernel.org Subject: Re: [PATCH 1/4] cgroup: fix invalid rcu dereference Date: Tue, 23 Oct 2012 14:50:48 +0200 [thread overview] Message-ID: <508692A8.6090706@suse.cz> (raw) In-Reply-To: <20121022134536.543579196@napanee.usersys.redhat.com> On 10/22/2012 03:45 PM, Aristeu Rozanski wrote: > From: Jiri Slaby <jslaby@suse.cz> No, I'm *not* the author of the patch... Or at least I don't remember :P. Where did you take it from? > Commit "device_cgroup: convert device_cgroup internally to policy + > exceptions" removed rcu locks which are needed in task_devcgroup > called in this chain: devcgroup_inode_mknod OR > __devcgroup_inode_permission -> __devcgroup_inode_permission -> > task_devcgroup -> task_subsys_state -> task_subsys_state_check. > > Change the code so that task_devcgroup is safely called with rcu read > lock held. > > =============================== > [ INFO: suspicious RCU usage. ] > 3.6.0-rc5-next-20120913+ #42 Not tainted > ------------------------------- > include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage! > > other info that might help us debug this: > > rcu_scheduler_active = 1, debug_locks = 0 > 2 locks held by kdevtmpfs/23: > #0: (sb_writers){.+.+.+}, at: [<ffffffff8116873f>] > mnt_want_write+0x1f/0x50 > #1: (&sb->s_type->i_mutex_key#3/1){+.+.+.}, at: [<ffffffff811558af>] > kern_path_create+0x7f/0x170 > > stack backtrace: > Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42 > Call Trace: > [<ffffffff810c638d>] lockdep_rcu_suspicious+0xfd/0x130 > [<ffffffff8121541d>] devcgroup_inode_mknod+0x19d/0x240 > [<ffffffff8107bf54>] ? ns_capable+0x44/0x80 > [<ffffffff81156b21>] vfs_mknod+0x71/0xf0 > [<ffffffff813a8332>] handle_create.isra.2+0x72/0x200 > [<ffffffff813a85d4>] devtmpfsd+0x114/0x140 > [<ffffffff813a84c0>] ? handle_create.isra.2+0x200/0x200 > [<ffffffff81093ad6>] kthread+0xd6/0xe0 > [<ffffffff81654f24>] kernel_thread_helper+0x4/0x10 > [<ffffffff8165369d>] ? retint_restore_args+0xe/0xe > [<ffffffff81093a00>] ? kthread_create_on_node+0x140/0x140 > [<ffffffff81654f20>] ? gs_change+0xb/0xb > > Cc: Dave Jones <davej@redhat.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Tejun Heo <tj@kernel.org> > Cc: Li Zefan <lizefan@huawei.com> > Cc: James Morris <jmorris@namei.org> > Cc: Pavel Emelyanov <xemul@openvz.org> > Cc: Serge Hallyn <serge.hallyn@canonical.com> > Signed-off-by: Jiri Slaby <jslaby@suse.cz> > > --- > > And this should fix it. > > security/device_cgroup.c | 15 +++++++-------- > 1 file changed, 7 insertions(+), 8 deletions(-) > > --- github.orig/security/device_cgroup.c 2012-10-17 11:11:08.514793906 -0400 > +++ github/security/device_cgroup.c 2012-10-19 16:35:37.936804289 -0400 > @@ -533,10 +533,10 @@ struct cgroup_subsys devices_subsys = { > * > * returns 0 on success, -EPERM case the operation is not permitted > */ > -static int __devcgroup_check_permission(struct dev_cgroup *dev_cgroup, > - short type, u32 major, u32 minor, > +static int __devcgroup_check_permission(short type, u32 major, u32 minor, > short access) > { > + struct dev_cgroup *dev_cgroup; > struct dev_exception_item ex; > int rc; > > @@ -547,6 +547,7 @@ memset(&ex, 0, sizeof(ex)); > ex.access = access; > > rcu_read_lock(); > + dev_cgroup = task_devcgroup(current); > rc = may_access(dev_cgroup, &ex); > rcu_read_unlock(); > > @@ -558,7 +559,6 @@ return 0; > > int __devcgroup_inode_permission(struct inode *inode, int mask) > { > - struct dev_cgroup *dev_cgroup = task_devcgroup(current); > short type, access = 0; > > if (S_ISBLK(inode->i_mode)) > @@ -570,13 +570,12 @@ short type, access = 0; > if (mask & MAY_READ) > access |= ACC_READ; > > - return __devcgroup_check_permission(dev_cgroup, type, imajor(inode), > - iminor(inode), access); > + return __devcgroup_check_permission(type, imajor(inode), iminor(inode), > + access); > } > > int devcgroup_inode_mknod(int mode, dev_t dev) > { > - struct dev_cgroup *dev_cgroup = task_devcgroup(current); > short type; > > if (!S_ISBLK(mode) && !S_ISCHR(mode)) > @@ -587,7 +586,7 @@ return 0; > else > type = DEV_CHAR; > > - return __devcgroup_check_permission(dev_cgroup, type, MAJOR(dev), > - MINOR(dev), ACC_MKNOD); > + return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), > + ACC_MKNOD); > > } > -- js suse labs
WARNING: multiple messages have this Message-ID (diff)
From: Jiri Slaby <jslaby-AlSwsSmVLrQ@public.gmane.org> To: Aristeu Rozanski <aris-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Dave Jones <davej-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>, Andrew Morton <akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>, Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>, Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>, James Morris <jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org>, Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>, Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>, cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org Subject: Re: [PATCH 1/4] cgroup: fix invalid rcu dereference Date: Tue, 23 Oct 2012 14:50:48 +0200 [thread overview] Message-ID: <508692A8.6090706@suse.cz> (raw) In-Reply-To: <20121022134536.543579196-cd6kKtb6gxi3M6m420IelR/sF2h8X+2i0E9HWUfgJXw@public.gmane.org> On 10/22/2012 03:45 PM, Aristeu Rozanski wrote: > From: Jiri Slaby <jslaby-AlSwsSmVLrQ@public.gmane.org> No, I'm *not* the author of the patch... Or at least I don't remember :P. Where did you take it from? > Commit "device_cgroup: convert device_cgroup internally to policy + > exceptions" removed rcu locks which are needed in task_devcgroup > called in this chain: devcgroup_inode_mknod OR > __devcgroup_inode_permission -> __devcgroup_inode_permission -> > task_devcgroup -> task_subsys_state -> task_subsys_state_check. > > Change the code so that task_devcgroup is safely called with rcu read > lock held. > > =============================== > [ INFO: suspicious RCU usage. ] > 3.6.0-rc5-next-20120913+ #42 Not tainted > ------------------------------- > include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage! > > other info that might help us debug this: > > rcu_scheduler_active = 1, debug_locks = 0 > 2 locks held by kdevtmpfs/23: > #0: (sb_writers){.+.+.+}, at: [<ffffffff8116873f>] > mnt_want_write+0x1f/0x50 > #1: (&sb->s_type->i_mutex_key#3/1){+.+.+.}, at: [<ffffffff811558af>] > kern_path_create+0x7f/0x170 > > stack backtrace: > Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42 > Call Trace: > [<ffffffff810c638d>] lockdep_rcu_suspicious+0xfd/0x130 > [<ffffffff8121541d>] devcgroup_inode_mknod+0x19d/0x240 > [<ffffffff8107bf54>] ? ns_capable+0x44/0x80 > [<ffffffff81156b21>] vfs_mknod+0x71/0xf0 > [<ffffffff813a8332>] handle_create.isra.2+0x72/0x200 > [<ffffffff813a85d4>] devtmpfsd+0x114/0x140 > [<ffffffff813a84c0>] ? handle_create.isra.2+0x200/0x200 > [<ffffffff81093ad6>] kthread+0xd6/0xe0 > [<ffffffff81654f24>] kernel_thread_helper+0x4/0x10 > [<ffffffff8165369d>] ? retint_restore_args+0xe/0xe > [<ffffffff81093a00>] ? kthread_create_on_node+0x140/0x140 > [<ffffffff81654f20>] ? gs_change+0xb/0xb > > Cc: Dave Jones <davej-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> > Cc: Andrew Morton <akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org> > Cc: Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org> > Cc: Li Zefan <lizefan-hv44wF8Li93QT0dZR+AlfA@public.gmane.org> > Cc: James Morris <jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org> > Cc: Pavel Emelyanov <xemul-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org> > Cc: Serge Hallyn <serge.hallyn-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org> > Signed-off-by: Jiri Slaby <jslaby-AlSwsSmVLrQ@public.gmane.org> > > --- > > And this should fix it. > > security/device_cgroup.c | 15 +++++++-------- > 1 file changed, 7 insertions(+), 8 deletions(-) > > --- github.orig/security/device_cgroup.c 2012-10-17 11:11:08.514793906 -0400 > +++ github/security/device_cgroup.c 2012-10-19 16:35:37.936804289 -0400 > @@ -533,10 +533,10 @@ struct cgroup_subsys devices_subsys = { > * > * returns 0 on success, -EPERM case the operation is not permitted > */ > -static int __devcgroup_check_permission(struct dev_cgroup *dev_cgroup, > - short type, u32 major, u32 minor, > +static int __devcgroup_check_permission(short type, u32 major, u32 minor, > short access) > { > + struct dev_cgroup *dev_cgroup; > struct dev_exception_item ex; > int rc; > > @@ -547,6 +547,7 @@ memset(&ex, 0, sizeof(ex)); > ex.access = access; > > rcu_read_lock(); > + dev_cgroup = task_devcgroup(current); > rc = may_access(dev_cgroup, &ex); > rcu_read_unlock(); > > @@ -558,7 +559,6 @@ return 0; > > int __devcgroup_inode_permission(struct inode *inode, int mask) > { > - struct dev_cgroup *dev_cgroup = task_devcgroup(current); > short type, access = 0; > > if (S_ISBLK(inode->i_mode)) > @@ -570,13 +570,12 @@ short type, access = 0; > if (mask & MAY_READ) > access |= ACC_READ; > > - return __devcgroup_check_permission(dev_cgroup, type, imajor(inode), > - iminor(inode), access); > + return __devcgroup_check_permission(type, imajor(inode), iminor(inode), > + access); > } > > int devcgroup_inode_mknod(int mode, dev_t dev) > { > - struct dev_cgroup *dev_cgroup = task_devcgroup(current); > short type; > > if (!S_ISBLK(mode) && !S_ISCHR(mode)) > @@ -587,7 +586,7 @@ return 0; > else > type = DEV_CHAR; > > - return __devcgroup_check_permission(dev_cgroup, type, MAJOR(dev), > - MINOR(dev), ACC_MKNOD); > + return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), > + ACC_MKNOD); > > } > -- js suse labs
next prev parent reply other threads:[~2012-10-23 12:50 UTC|newest] Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-10-22 13:45 [PATCH 0/4] Rebase device_cgroup v2 patchset Aristeu Rozanski 2012-10-22 13:45 ` [PATCH 1/4] cgroup: fix invalid rcu dereference Aristeu Rozanski 2012-10-22 16:11 ` Serge Hallyn 2012-10-22 16:11 ` Serge Hallyn 2012-10-23 12:50 ` Jiri Slaby [this message] 2012-10-23 12:50 ` Jiri Slaby 2012-10-23 13:17 ` Aristeu Rozanski 2012-10-23 13:17 ` Aristeu Rozanski 2012-10-23 13:53 ` Jiri Slaby 2012-10-23 13:53 ` Jiri Slaby 2012-10-22 13:45 ` [PATCH 2/4] device_cgroup: rename deny_all to behavior Aristeu Rozanski 2012-10-22 16:12 ` Serge Hallyn 2012-10-22 13:45 ` [PATCH 3/4] device_cgroup: stop using simple_strtoul() Aristeu Rozanski 2012-10-22 16:14 ` Serge Hallyn 2012-10-22 16:14 ` Serge Hallyn 2012-10-22 13:45 ` [PATCH 4/4] device_cgroup: add proper checking when changing default behavior Aristeu Rozanski 2012-10-22 16:16 ` Serge Hallyn 2012-10-22 16:16 ` Serge Hallyn 2012-10-22 19:58 ` [PATCH 0/4] Rebase device_cgroup v2 patchset Andrew Morton 2012-10-22 19:58 ` Andrew Morton 2012-10-22 20:14 ` Aristeu Rozanski 2012-10-22 20:14 ` Aristeu Rozanski 2013-05-14 15:05 ` Serge Hallyn 2013-05-14 15:51 ` Aristeu Rozanski 2013-05-14 15:51 ` Aristeu Rozanski 2013-05-14 16:22 ` Serge Hallyn 2013-05-14 16:22 ` Serge Hallyn 2013-05-14 21:02 ` Eric W. Biederman 2013-05-14 21:02 ` Eric W. Biederman 2013-05-16 1:14 ` Serge E. Hallyn 2013-05-16 1:14 ` Serge E. Hallyn 2013-05-16 1:23 ` Serge E. Hallyn 2013-05-16 1:23 ` Serge E. Hallyn
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=508692A8.6090706@suse.cz \ --to=jslaby@suse.cz \ --cc=akpm@linux-foundation.org \ --cc=aris@redhat.com \ --cc=cgroups@vger.kernel.org \ --cc=davej@redhat.com \ --cc=jmorris@namei.org \ --cc=linux-kernel@vger.kernel.org \ --cc=lizefan@huawei.com \ --cc=serge.hallyn@canonical.com \ --cc=tj@kernel.org \ --cc=xemul@openvz.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.