All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Paris <eparis@parisplace.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mimi Zohar <zohar@us.ibm.com>,
	linux-security-module@vger.kernel.org,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	linux-kernel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH] vfs: fix IMA lockdep circular locking dependency
Date: Tue, 15 May 2012 15:42:57 -0400	[thread overview]
Message-ID: <CACLa4pujEBAS349Pr-EcBmzQgTHWthhCMV0Yqq0BG-F_gDjz4Q@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFyPPZ0wayqPMCZtfP1w9nN-GnKJxYc9i_XM_Qk8d-zJzg@mail.gmail.com>

On Tue, May 15, 2012 at 2:41 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Tue, May 15, 2012 at 10:19 AM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
>>
>>  - move the whole call to security_file_mmap() to outside the
>> mmap_sem, and test the *suggested* address (which is not the same as
>> the final address)
>
> Actually, I think I have a simpler approach.
>
> We already actually have two *different* security_file_mmap() calls:
> it's just that currently the difference is shown by the last argument
> to the function ("addr_only").

I'm the one who introduced that bit of horrific.  I originally did it
the way you describe and someone (it was a long time ago, and I think
it was Ted Tso, but I am probably very very wrong on that) ask me to
tack it on the end like this.  I'd be very happy with the split you
describe.

I'd rather not, however, move the address call site like you described
above, as I don't want to allow NULL + ~MAP_FIXED to be tested until
it has been resolved to a real address.  I don't want someone to find
a way to get the kernel to choose 4096 and avoid the check....

Mimi, would you like to do this (slightly) larger change?  Should I?

  reply	other threads:[~2012-05-15 19:43 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-14  2:47 [PATCH] vfs: fix IMA lockdep circular locking dependency Mimi Zohar
2012-05-15  0:29 ` James Morris
2012-05-15  0:51   ` Mimi Zohar
2012-05-15 15:14     ` James Morris
2012-05-15 16:06       ` Mimi Zohar
2012-05-15 17:19 ` Linus Torvalds
2012-05-15 18:36   ` Mimi Zohar
2012-05-15 18:41   ` Linus Torvalds
2012-05-15 19:42     ` Eric Paris [this message]
2012-05-15 20:07       ` Mimi Zohar
2012-05-15 21:43         ` Linus Torvalds
2012-05-16  0:37           ` Linus Torvalds
2012-05-16  0:42             ` Al Viro
2012-05-16  0:45               ` Linus Torvalds
2012-05-16  1:53                 ` Linus Torvalds
2012-05-16 11:37                   ` James Morris
2012-05-16 11:38                     ` James Morris
2012-05-16 13:27                       ` Mimi Zohar
2012-05-16 13:42                     ` Eric Paris
2012-05-16 13:52                       ` Mimi Zohar
2012-05-16 14:06                         ` Eric Paris
2012-05-16 15:23                           ` Linus Torvalds
2012-05-16 15:47                           ` Mimi Zohar
2012-05-16 16:09                             ` Linus Torvalds
2012-05-16  2:18                 ` Al Viro
2012-05-23 21:18                   ` Mimi Zohar
2012-05-30  4:34                     ` Al Viro
2012-05-30 16:36                       ` Al Viro
2012-05-30 19:42                         ` Eric Paris
2012-05-30 20:24                           ` Al Viro
2012-05-30 20:28                             ` Linus Torvalds
2012-05-30 20:56                               ` Al Viro
2012-05-30 21:04                                 ` Linus Torvalds
2012-05-30 21:36                                   ` Al Viro
2012-05-30 22:51                                     ` Linus Torvalds
2012-05-31  0:28                                       ` Al Viro
2012-05-31  0:40                                         ` Linus Torvalds
2012-05-31  0:56                                           ` Al Viro
2012-05-31  3:55                                             ` Mimi Zohar
2012-05-31  4:20                                         ` James Morris
2012-05-30 20:33                             ` Mimi Zohar
2012-05-30 20:53                               ` Al Viro
2012-05-16 14:13             ` Eric Paris
2012-05-16 15:13               ` Linus Torvalds

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CACLa4pujEBAS349Pr-EcBmzQgTHWthhCMV0Yqq0BG-F_gDjz4Q@mail.gmail.com \
    --to=eparis@parisplace.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=zohar@linux.vnet.ibm.com \
    --cc=zohar@us.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.