From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Dave Jones <davej@redhat.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
Andrew Morton <akpm@linux-foundation.org>,
James Morris <james.l.morris@oracle.com>
Subject: [ 36/38] selinux: fix sel_netnode_insert() suspicious rcu dereference
Date: Wed, 21 Nov 2012 16:40:19 -0800 [thread overview]
Message-ID: <20121122003908.302653096@linuxfoundation.org> (raw)
In-Reply-To: <20121122003904.262382971@linuxfoundation.org>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jones <davej@redhat.com>
commit 88a693b5c1287be4da937699cb82068ce9db0135 upstream.
===============================
[ INFO: suspicious RCU usage. ]
3.5.0-rc1+ #63 Not tainted
-------------------------------
security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by trinity-child1/8750:
#0: (sel_netnode_lock){+.....}, at: [<ffffffff812d8f8a>] sel_netnode_sid+0x16a/0x3e0
stack backtrace:
Pid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63
Call Trace:
[<ffffffff810cec2d>] lockdep_rcu_suspicious+0xfd/0x130
[<ffffffff812d91d1>] sel_netnode_sid+0x3b1/0x3e0
[<ffffffff812d8e20>] ? sel_netnode_find+0x1a0/0x1a0
[<ffffffff812d24a6>] selinux_socket_bind+0xf6/0x2c0
[<ffffffff810cd1dd>] ? trace_hardirqs_off+0xd/0x10
[<ffffffff810cdb55>] ? lock_release_holdtime.part.9+0x15/0x1a0
[<ffffffff81093841>] ? lock_hrtimer_base+0x31/0x60
[<ffffffff812c9536>] security_socket_bind+0x16/0x20
[<ffffffff815550ca>] sys_bind+0x7a/0x100
[<ffffffff816c03d5>] ? sysret_check+0x22/0x5d
[<ffffffff810d392d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
[<ffffffff8133b09e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff816c03a9>] system_call_fastpath+0x16/0x1b
This patch below does what Paul McKenney suggested in the previous thread.
Signed-off-by: Dave Jones <davej@redhat.com>
Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@parisplace.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/selinux/netnode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -190,7 +190,8 @@ static void sel_netnode_insert(struct se
if (sel_netnode_hash[idx].size == SEL_NETNODE_HASH_BKT_LIMIT) {
struct sel_netnode *tail;
tail = list_entry(
- rcu_dereference(sel_netnode_hash[idx].list.prev),
+ rcu_dereference_protected(sel_netnode_hash[idx].list.prev,
+ lockdep_is_held(&sel_netnode_lock)),
struct sel_netnode, list);
list_del_rcu(&tail->list);
call_rcu(&tail->rcu, sel_netnode_free);
next prev parent reply other threads:[~2012-11-22 22:04 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20121122003904.262382971@linuxfoundation.org>
2012-11-22 0:39 ` [ 01/38] mm: bugfix: set current->reclaim_state to NULL while returning from kswapd() Greg Kroah-Hartman
2012-11-22 0:39 ` [ 02/38] PCI/PM: Fix deadlock when unbinding device if parent in D3cold Greg Kroah-Hartman
2012-11-23 2:35 ` Ben Hutchings
2012-11-23 3:09 ` Huang Ying
2012-11-23 7:47 ` Huang Ying
2012-11-30 2:01 ` Greg Kroah-Hartman
2012-11-30 2:54 ` Huang Ying
2012-12-11 8:12 ` Huang Ying
2012-12-11 18:08 ` Greg Kroah-Hartman
2012-12-14 7:08 ` Huang Ying
2012-12-14 21:56 ` Greg Kroah-Hartman
2012-11-26 18:55 ` Greg Kroah-Hartman
2012-11-26 19:08 ` Greg Kroah-Hartman
2012-11-26 19:30 ` Greg Kroah-Hartman
2012-11-27 0:28 ` Huang Ying
2012-11-22 0:39 ` [ 03/38] fanotify: fix missing break Greg Kroah-Hartman
2012-11-22 0:39 ` [ 04/38] crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data corruption Greg Kroah-Hartman
2012-11-22 0:39 ` [ 05/38] ptp: update adjfreq callback description Greg Kroah-Hartman
2012-11-24 0:26 ` Herton Ronaldo Krzesinski
2012-11-26 18:46 ` Greg Kroah-Hartman
2012-11-26 21:19 ` Keller, Jacob E
2012-11-22 0:39 ` [ 06/38] ALSA: hda: Cirrus: Fix coefficient index for beep configuration Greg Kroah-Hartman
2012-11-22 0:39 ` [ 07/38] ALSA: hda - Force to reset IEC958 status bits for AD codecs Greg Kroah-Hartman
2012-11-22 0:39 ` [ 08/38] ASoC: wm8978: pll incorrectly configured when codec is master Greg Kroah-Hartman
2012-11-22 0:39 ` [ 09/38] ASoC: dapm: Use card_list during DAPM shutdown Greg Kroah-Hartman
2012-11-22 0:39 ` [ 10/38] UBIFS: fix mounting problems after power cuts Greg Kroah-Hartman
2012-11-22 0:39 ` [ 11/38] UBIFS: introduce categorized lprops counter Greg Kroah-Hartman
2012-11-22 0:39 ` [ 12/38] s390/gup: add missing TASK_SIZE check to get_user_pages_fast() Greg Kroah-Hartman
2012-11-22 0:39 ` [ 13/38] USB: option: add Novatel E362 and Dell Wireless 5800 USB IDs Greg Kroah-Hartman
2012-11-22 0:39 ` [ 14/38] USB: option: add Alcatel X220/X500D " Greg Kroah-Hartman
2012-11-22 0:39 ` [ 15/38] wireless: allow 40 MHz on world roaming channels 12/13 Greg Kroah-Hartman
2012-11-22 0:39 ` [ 16/38] m68k: fix sigset_t accessor functions Greg Kroah-Hartman
2012-11-22 0:40 ` [ 17/38] ipv4: avoid undefined behavior in do_ip_setsockopt() Greg Kroah-Hartman
2012-11-22 0:40 ` [ 18/38] ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value Greg Kroah-Hartman
2012-11-22 0:40 ` [ 19/38] net: correct check in dev_addr_del() Greg Kroah-Hartman
2012-11-22 0:40 ` [ 20/38] net-rps: Fix brokeness causing OOO packets Greg Kroah-Hartman
2012-11-22 0:40 ` [ 21/38] r8169: use unlimited DMA burst for TX Greg Kroah-Hartman
2012-11-22 0:40 ` [ 22/38] kbuild: Fix gcc -x syntax Greg Kroah-Hartman
2012-11-22 0:40 ` [ 23/38] netfilter: Validate the sequence number of dataless ACK packets as well Greg Kroah-Hartman
2012-11-22 0:40 ` [ 24/38] netfilter: Mark SYN/ACK packets as invalid from original direction Greg Kroah-Hartman
2012-11-22 0:40 ` [ 25/38] netfilter: nf_nat: dont check for port change on ICMP tuples Greg Kroah-Hartman
2012-11-22 0:40 ` [ 26/38] usb: use usb_serial_put in usb_serial_probe errors Greg Kroah-Hartman
2012-11-22 0:40 ` [ 27/38] eCryptfs: Copy up POSIX ACL and read-only flags from lower mount Greg Kroah-Hartman
2012-11-22 0:40 ` [ 28/38] eCryptfs: check for eCryptfs cipher support at mount Greg Kroah-Hartman
2012-11-22 0:40 ` [ 29/38] sky2: Fix for interrupt handler Greg Kroah-Hartman
2012-11-22 0:40 ` [ 30/38] drm/i915: fix overlay on i830M Greg Kroah-Hartman
2012-11-22 0:40 ` [ 31/38] NFS: Wait for session recovery to finish before returning Greg Kroah-Hartman
2012-11-22 0:40 ` [ 32/38] reiserfs: Fix lock ordering during remount Greg Kroah-Hartman
2012-11-22 0:40 ` [ 33/38] reiserfs: Protect reiserfs_quota_on() with write lock Greg Kroah-Hartman
2012-11-22 0:40 ` [ 34/38] reiserfs: Move quota calls out of " Greg Kroah-Hartman
2012-11-22 0:40 ` [ 35/38] reiserfs: Protect reiserfs_quota_write() with " Greg Kroah-Hartman
2012-11-22 0:40 ` Greg Kroah-Hartman [this message]
2012-11-22 0:40 ` [ 37/38] PCI : ability to relocate assigned pci-resources Greg Kroah-Hartman
2012-11-23 13:29 ` Herton Ronaldo Krzesinski
[not found] ` <20121124014141.GD2752@ram.oc3035372033.ibm.com>
2012-11-26 18:53 ` Greg Kroah-Hartman
2012-11-22 0:40 ` [ 38/38] PCI : Calculate right add_size Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121122003908.302653096@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davej@redhat.com \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).