From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
alan@lxorguk.ukuu.org.uk, Dave Jones <davej@redhat.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
Andrew Morton <akpm@linux-foundation.org>,
James Morris <james.l.morris@oracle.com>
Subject: [ 80/83] selinux: fix sel_netnode_insert() suspicious rcu dereference
Date: Wed, 21 Nov 2012 16:42:42 -0800 [thread overview]
Message-ID: <20121122004221.197149857@linuxfoundation.org> (raw)
In-Reply-To: <20121122004212.371862690@linuxfoundation.org>
3.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jones <davej@redhat.com>
commit 88a693b5c1287be4da937699cb82068ce9db0135 upstream.
===============================
[ INFO: suspicious RCU usage. ]
3.5.0-rc1+ #63 Not tainted
-------------------------------
security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by trinity-child1/8750:
#0: (sel_netnode_lock){+.....}, at: [<ffffffff812d8f8a>] sel_netnode_sid+0x16a/0x3e0
stack backtrace:
Pid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63
Call Trace:
[<ffffffff810cec2d>] lockdep_rcu_suspicious+0xfd/0x130
[<ffffffff812d91d1>] sel_netnode_sid+0x3b1/0x3e0
[<ffffffff812d8e20>] ? sel_netnode_find+0x1a0/0x1a0
[<ffffffff812d24a6>] selinux_socket_bind+0xf6/0x2c0
[<ffffffff810cd1dd>] ? trace_hardirqs_off+0xd/0x10
[<ffffffff810cdb55>] ? lock_release_holdtime.part.9+0x15/0x1a0
[<ffffffff81093841>] ? lock_hrtimer_base+0x31/0x60
[<ffffffff812c9536>] security_socket_bind+0x16/0x20
[<ffffffff815550ca>] sys_bind+0x7a/0x100
[<ffffffff816c03d5>] ? sysret_check+0x22/0x5d
[<ffffffff810d392d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
[<ffffffff8133b09e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff816c03a9>] system_call_fastpath+0x16/0x1b
This patch below does what Paul McKenney suggested in the previous thread.
Signed-off-by: Dave Jones <davej@redhat.com>
Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@parisplace.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/selinux/netnode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -174,7 +174,8 @@ static void sel_netnode_insert(struct se
if (sel_netnode_hash[idx].size == SEL_NETNODE_HASH_BKT_LIMIT) {
struct sel_netnode *tail;
tail = list_entry(
- rcu_dereference(sel_netnode_hash[idx].list.prev),
+ rcu_dereference_protected(sel_netnode_hash[idx].list.prev,
+ lockdep_is_held(&sel_netnode_lock)),
struct sel_netnode, list);
list_del_rcu(&tail->list);
kfree_rcu(tail, rcu);
next prev parent reply other threads:[~2012-11-22 18:40 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-22 0:41 [ 00/83] 3.6.8-stable review Greg Kroah-Hartman
2012-11-22 0:41 ` [ 01/83] mm: bugfix: set current->reclaim_state to NULL while returning from kswapd() Greg Kroah-Hartman
2012-11-22 0:41 ` [ 02/83] libata-acpi: Fix NULL ptr derference in ata_acpi_dev_handle Greg Kroah-Hartman
2012-11-22 0:41 ` [ 03/83] xfs: drop buffer io reference when a bad bio is built Greg Kroah-Hartman
2012-11-22 0:41 ` [ 04/83] mac80211: sync acccess to tx_filtered/ps_tx_buf queues Greg Kroah-Hartman
2012-11-22 0:41 ` [ 05/83] mac80211: dont send null data packet when not associated Greg Kroah-Hartman
2012-11-22 0:41 ` [ 06/83] mac80211: call skb_dequeue/ieee80211_free_txskb instead of __skb_queue_purge Greg Kroah-Hartman
2012-11-22 0:41 ` [ 07/83] PCI/PM: Fix deadlock when unbinding device if parent in D3cold Greg Kroah-Hartman
2012-11-22 0:41 ` [ 08/83] PCI/PM: Resume device before shutdown Greg Kroah-Hartman
2012-11-22 0:41 ` [ 09/83] PCI/PM: Fix proc config reg access for D3cold and bridge suspending Greg Kroah-Hartman
2012-11-22 0:41 ` [ 10/83] fanotify: fix missing break Greg Kroah-Hartman
2012-11-22 0:41 ` [ 11/83] module: fix out-by-one error in kallsyms Greg Kroah-Hartman
2012-11-23 10:35 ` satoru takeuchi
2012-11-26 18:43 ` Greg Kroah-Hartman
2012-12-03 0:04 ` Rusty Russell
2012-11-22 0:41 ` [ 12/83] virtio: Dont access index after unregister Greg Kroah-Hartman
2012-11-22 0:41 ` [ 13/83] cifs: fix potential buffer overrun in cifs.idmap handling code Greg Kroah-Hartman
2012-11-22 0:41 ` [ 14/83] cifs: Do not lookup hashed negative dentry in cifs_atomic_open Greg Kroah-Hartman
2012-11-22 0:41 ` [ 15/83] crypto: cryptd - disable softirqs in cryptd_queue_worker to prevent data corruption Greg Kroah-Hartman
2012-11-22 0:41 ` [ 16/83] ARM: at91/AT91SAM9G45: fix crypto peripherals irq issue due to sparse irq support Greg Kroah-Hartman
2012-11-22 0:41 ` [ 17/83] ptp: update adjfreq callback description Greg Kroah-Hartman
2012-11-22 0:41 ` [ 18/83] ALSA: hda: Cirrus: Fix coefficient index for beep configuration Greg Kroah-Hartman
2012-11-22 0:41 ` [ 19/83] ALSA: HDA: Fix digital microphone on CS420x Greg Kroah-Hartman
2012-11-22 0:41 ` [ 20/83] ALSA: hda - Force to reset IEC958 status bits for AD codecs Greg Kroah-Hartman
2012-11-22 0:41 ` [ 21/83] ALSA: hda - Fix empty DAC filling in patch_via.c Greg Kroah-Hartman
2012-11-22 0:41 ` [ 22/83] ALSA: hda - Fix invalid connections in VT1802 codec Greg Kroah-Hartman
2012-11-22 0:41 ` [ 23/83] ALSA: hda - Improve HP depop when system enter to S3 Greg Kroah-Hartman
2012-11-22 0:41 ` [ 24/83] ALSA: hda - Add new codec ALC668 and ALC900 (default name ALC1150) Greg Kroah-Hartman
2012-11-22 0:41 ` [ 25/83] ALSA: hda - Add a missing quirk entry for iMac 9,1 Greg Kroah-Hartman
2012-11-22 0:41 ` [ 26/83] ASoC: wm8978: pll incorrectly configured when codec is master Greg Kroah-Hartman
2012-11-22 0:41 ` [ 27/83] ASoC: cs42l52: fix the return value of cs42l52_set_fmt() Greg Kroah-Hartman
2012-11-22 0:41 ` [ 28/83] ASoC: dapm: Use card_list during DAPM shutdown Greg Kroah-Hartman
2012-11-22 0:41 ` [ 29/83] ASoC: core: Double control update err for snd_soc_put_volsw_sx Greg Kroah-Hartman
2012-11-22 0:41 ` [ 30/83] UBIFS: fix mounting problems after power cuts Greg Kroah-Hartman
2012-11-22 0:41 ` [ 31/83] UBIFS: introduce categorized lprops counter Greg Kroah-Hartman
2012-11-22 0:41 ` [ 32/83] pstore: Fix NULL pointer dereference in console writes Greg Kroah-Hartman
2012-11-22 0:41 ` [ 33/83] regulator: fix voltage check in regulator_is_supported_voltage() Greg Kroah-Hartman
2012-11-22 0:41 ` [ 34/83] i2c-mux-pinctrl: Fix probe error path Greg Kroah-Hartman
2012-11-22 0:41 ` [ 35/83] ARM: imx: ehci: fix host power mask bit Greg Kroah-Hartman
2012-11-22 4:52 ` Michael D. Burkey
2012-11-26 18:44 ` Greg Kroah-Hartman
2012-11-26 19:17 ` Michael D. Burkey
2012-11-22 0:41 ` [ 36/83] ARM: dt: tegra: fix length of pad control and mux registers Greg Kroah-Hartman
2012-11-22 0:41 ` [ 37/83] Revert "Staging: Android alarm: IOCTL command encoding fix" Greg Kroah-Hartman
2012-11-22 0:42 ` [ 38/83] s390/gup: add missing TASK_SIZE check to get_user_pages_fast() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 39/83] USB: keyspan: fix typo causing GPF on open Greg Kroah-Hartman
2012-11-22 0:42 ` [ 40/83] USB: usb_wwan: fix bulk-urb allocation Greg Kroah-Hartman
2012-11-22 0:42 ` [ 41/83] USB: option: add Novatel E362 and Dell Wireless 5800 USB IDs Greg Kroah-Hartman
2012-11-22 0:42 ` [ 42/83] USB: option: add Alcatel X220/X500D " Greg Kroah-Hartman
2012-11-22 0:42 ` [ 43/83] drm/i915/sdvo: clean up connectors on intel_sdvo_init() failures Greg Kroah-Hartman
2012-11-22 0:42 ` [ 44/83] drm/radeon: fix logic error in atombios_encoders.c Greg Kroah-Hartman
2012-11-22 0:42 ` [ 45/83] tmpfs: fix shmem_getpage_gfp() VM_BUG_ON Greg Kroah-Hartman
2012-11-22 0:42 ` [ 46/83] KVM: x86: Fix invalid secondary exec controls in vmx_cpuid_update() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 47/83] ttm: Clear the ttm page allocated from high memory zone correctly Greg Kroah-Hartman
2012-11-22 0:42 ` [ 48/83] memcg: oom: fix totalpages calculation for memory.swappiness==0 Greg Kroah-Hartman
2012-11-22 0:42 ` [ 49/83] memcg: fix hotplugged memory zone oops Greg Kroah-Hartman
2012-11-22 0:42 ` [ 50/83] iwlwifi: handle DMA mapping failures Greg Kroah-Hartman
2012-11-22 0:42 ` [ 51/83] wireless: allow 40 MHz on world roaming channels 12/13 Greg Kroah-Hartman
2012-11-22 0:42 ` [ 52/83] Bluetooth: Fix having bogus entries in mgmt_read_index_list reply Greg Kroah-Hartman
2012-11-22 0:42 ` [ 53/83] m68k: fix sigset_t accessor functions Greg Kroah-Hartman
2012-11-22 0:42 ` [ 54/83] ipv4: avoid undefined behavior in do_ip_setsockopt() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 55/83] ipv4/ip_vti.c: VTI fix post-decryption forwarding Greg Kroah-Hartman
2012-11-22 0:42 ` [ 56/83] ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value Greg Kroah-Hartman
2012-11-22 0:42 ` [ 57/83] net: correct check in dev_addr_del() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 58/83] net-rps: Fix brokeness causing OOO packets Greg Kroah-Hartman
2012-11-22 0:42 ` [ 59/83] tcp: fix retransmission in repair mode Greg Kroah-Hartman
2012-11-22 0:42 ` [ 60/83] tcp: handle tcp_net_metrics_init() order-5 memory allocation failures Greg Kroah-Hartman
2012-11-22 0:42 ` [ 61/83] tmpfs: change final i_blocks BUG to WARNING Greg Kroah-Hartman
2012-11-22 0:42 ` [ 62/83] ALSA: usb-audio: Fix crash at re-preparing the PCM stream Greg Kroah-Hartman
2012-11-22 0:42 ` [ 63/83] GFS2: Dont call file_accessed() with a shared glock Greg Kroah-Hartman
2012-11-22 0:42 ` [ 64/83] r8169: use unlimited DMA burst for TX Greg Kroah-Hartman
2012-11-22 0:42 ` [ 65/83] xen/events: fix RCU warning, or Call idle notifier after irq_enter() Greg Kroah-Hartman
2012-11-22 0:42 ` [ 66/83] SCSI: isci: Allow SSP tasks into the task management path Greg Kroah-Hartman
2012-11-22 0:42 ` [ 67/83] tg3: unconditionally select HWMON support when tg3 is enabled Greg Kroah-Hartman
2012-11-22 0:42 ` [ 68/83] r8169: Fix WoL on RTL8168d/8111d Greg Kroah-Hartman
2012-11-22 0:42 ` [ 69/83] r8169: allow multicast packets on sub-8168f chipset Greg Kroah-Hartman
2012-11-22 0:42 ` [ 70/83] netfilter: nf_nat: dont check for port change on ICMP tuples Greg Kroah-Hartman
2012-11-22 0:42 ` [ 71/83] netfilter: xt_TEE: dont use destination address found in header Greg Kroah-Hartman
2012-11-22 0:42 ` [ 72/83] netfilter: nf_conntrack: fix rt_gateway checks for H.323 helper Greg Kroah-Hartman
2012-11-22 0:42 ` [ 73/83] s390/signal: set correct address space control Greg Kroah-Hartman
2012-11-22 0:42 ` [ 74/83] NFC: Use dynamic initialization for rwlocks Greg Kroah-Hartman
2012-11-22 0:42 ` [ 75/83] reiserfs: Fix lock ordering during remount Greg Kroah-Hartman
2012-11-22 0:42 ` [ 76/83] reiserfs: Protect reiserfs_quota_on() with write lock Greg Kroah-Hartman
2012-11-22 0:42 ` [ 77/83] reiserfs: Move quota calls out of " Greg Kroah-Hartman
2012-11-22 0:42 ` [ 78/83] reiserfs: Protect reiserfs_quota_write() with " Greg Kroah-Hartman
2012-11-22 0:42 ` [ 79/83] intel-iommu: Fix lookup in add device Greg Kroah-Hartman
2012-11-22 0:42 ` Greg Kroah-Hartman [this message]
2012-11-22 0:42 ` [ 81/83] ACPI video: Ignore errors after _DOD evaluation Greg Kroah-Hartman
2012-11-22 20:40 ` Christoph Biedl
2012-11-22 21:27 ` Greg KH
2012-11-22 0:42 ` [ 82/83] Revert "serial: omap: fix software flow control" Greg Kroah-Hartman
2012-11-22 0:42 ` [ 83/83] ext4: fix metadata checksum calculation for the superblock Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121122004221.197149857@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davej@redhat.com \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).