From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Dave Jones <davej@redhat.com>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Paul Moore <paul@paul-moore.com>,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>
Subject: [ 74/89] selinux: fix sel_netnode_insert() suspicious rcu dereference
Date: Mon, 03 Dec 2012 14:33:00 +0000 [thread overview]
Message-ID: <20121203143157.939764243@decadent.org.uk> (raw)
In-Reply-To: <20121203143146.549859007@decadent.org.uk>
3.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Jones <davej@redhat.com>
commit 88a693b5c1287be4da937699cb82068ce9db0135 upstream.
===============================
[ INFO: suspicious RCU usage. ]
3.5.0-rc1+ #63 Not tainted
-------------------------------
security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by trinity-child1/8750:
#0: (sel_netnode_lock){+.....}, at: [<ffffffff812d8f8a>] sel_netnode_sid+0x16a/0x3e0
stack backtrace:
Pid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63
Call Trace:
[<ffffffff810cec2d>] lockdep_rcu_suspicious+0xfd/0x130
[<ffffffff812d91d1>] sel_netnode_sid+0x3b1/0x3e0
[<ffffffff812d8e20>] ? sel_netnode_find+0x1a0/0x1a0
[<ffffffff812d24a6>] selinux_socket_bind+0xf6/0x2c0
[<ffffffff810cd1dd>] ? trace_hardirqs_off+0xd/0x10
[<ffffffff810cdb55>] ? lock_release_holdtime.part.9+0x15/0x1a0
[<ffffffff81093841>] ? lock_hrtimer_base+0x31/0x60
[<ffffffff812c9536>] security_socket_bind+0x16/0x20
[<ffffffff815550ca>] sys_bind+0x7a/0x100
[<ffffffff816c03d5>] ? sysret_check+0x22/0x5d
[<ffffffff810d392d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
[<ffffffff8133b09e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff816c03a9>] system_call_fastpath+0x16/0x1b
This patch below does what Paul McKenney suggested in the previous thread.
Signed-off-by: Dave Jones <davej@redhat.com>
Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Cc: Eric Paris <eparis@parisplace.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
security/selinux/netnode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 28f911c..c5454c0 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -174,7 +174,8 @@ static void sel_netnode_insert(struct sel_netnode *node)
if (sel_netnode_hash[idx].size == SEL_NETNODE_HASH_BKT_LIMIT) {
struct sel_netnode *tail;
tail = list_entry(
- rcu_dereference(sel_netnode_hash[idx].list.prev),
+ rcu_dereference_protected(sel_netnode_hash[idx].list.prev,
+ lockdep_is_held(&sel_netnode_lock)),
struct sel_netnode, list);
list_del_rcu(&tail->list);
kfree_rcu(tail, rcu);
next prev parent reply other threads:[~2012-12-03 14:48 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-03 14:31 [ 00/89] 3.2.35-stable review Ben Hutchings
2012-12-03 14:31 ` [ 01/89] UBIFS: introduce categorized lprops counter Ben Hutchings
2012-12-03 14:31 ` [ 02/89] UBIFS: fix mounting problems after power cuts Ben Hutchings
2012-12-03 14:31 ` [ 03/89] futex: Handle futex_pi OWNER_DIED take over correctly Ben Hutchings
2012-12-03 14:31 ` [ 04/89] mac80211: sync acccess to tx_filtered/ps_tx_buf queues Ben Hutchings
2012-12-03 14:31 ` [ 05/89] ASoC: wm8978: pll incorrectly configured when codec is master Ben Hutchings
2012-12-03 14:31 ` [ 06/89] device_cgroup: fix RCU usage Ben Hutchings
2012-12-06 19:36 ` Herton Ronaldo Krzesinski
2012-12-07 1:41 ` Ben Hutchings
2012-12-03 14:31 ` [ 07/89] ASoC: dapm: Use card_list during DAPM shutdown Ben Hutchings
2012-12-03 14:31 ` [ 08/89] s390/signal: set correct address space control Ben Hutchings
2012-12-03 14:31 ` [ 09/89] wireless: allow 40 MHz on world roaming channels 12/13 Ben Hutchings
2012-12-03 14:31 ` [ 10/89] drm/i915/sdvo: clean up connectors on intel_sdvo_init() failures Ben Hutchings
2012-12-03 14:31 ` [ 11/89] s390/gup: add missing TASK_SIZE check to get_user_pages_fast() Ben Hutchings
2012-12-03 14:31 ` [ 12/89] USB: option: add Novatel E362 and Dell Wireless 5800 USB IDs Ben Hutchings
2012-12-03 14:31 ` [ 13/89] USB: option: add Alcatel X220/X500D " Ben Hutchings
2012-12-03 14:32 ` [ 14/89] drm/radeon: fix logic error in atombios_encoders.c Ben Hutchings
2012-12-03 14:32 ` [ 15/89] ttm: Clear the ttm page allocated from high memory zone correctly Ben Hutchings
2012-12-03 14:32 ` [ 16/89] memcg: oom: fix totalpages calculation for memory.swappiness==0 Ben Hutchings
2012-12-03 14:32 ` [ 17/89] tmpfs: change final i_blocks BUG to WARNING Ben Hutchings
2012-12-03 14:32 ` [ 18/89] x86: Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping Ben Hutchings
2012-12-03 14:32 ` [ 19/89] x86, mm: Find_early_table_space based on ranges that are actually being mapped Ben Hutchings
2012-12-03 14:32 ` [ 20/89] x86, mm: Undo incorrect revert in arch/x86/mm/init.c Ben Hutchings
2012-12-03 14:32 ` [ 21/89] netfilter: Mark SYN/ACK packets as invalid from original direction Ben Hutchings
2012-12-03 14:32 ` [ 22/89] netfilter: Validate the sequence number of dataless ACK packets as well Ben Hutchings
2012-12-03 14:32 ` [ 23/89] netfilter: nf_nat: dont check for port change on ICMP tuples Ben Hutchings
2012-12-03 14:32 ` [ 24/89] ipv4: avoid undefined behavior in do_ip_setsockopt() Ben Hutchings
2012-12-03 14:32 ` [ 25/89] ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value Ben Hutchings
2012-12-03 14:32 ` [ 26/89] net: correct check in dev_addr_del() Ben Hutchings
2012-12-03 14:32 ` [ 27/89] net-rps: Fix brokeness causing OOO packets Ben Hutchings
2012-12-03 14:32 ` [ 28/89] usb: use usb_serial_put in usb_serial_probe errors Ben Hutchings
2012-12-03 14:32 ` [ 29/89] PCI : Calculate right add_size Ben Hutchings
2012-12-03 14:32 ` [ 30/89] Input: i8042 - also perform controller reset when suspending Ben Hutchings
2012-12-03 14:32 ` [ 31/89] ixgbe: add support for new 82599 device id Ben Hutchings
2012-12-03 14:32 ` [ 32/89] ixgbe: add support for X540-AT1 Ben Hutchings
2012-12-03 14:32 ` [ 33/89] drm/i915: Check VBIOS value for determining LVDS dual channel mode, too Ben Hutchings
2012-12-03 14:32 ` [ 34/89] get_dvb_firmware: fix download site for tda10046 firmware Ben Hutchings
2012-12-03 14:32 ` [ 35/89] m68k: fix sigset_t accessor functions Ben Hutchings
2012-12-03 14:32 ` [ 36/89] HID: add quirk for Freescale i.MX28 ROM recovery Ben Hutchings
2012-12-03 14:32 ` [ 37/89] brcm80211: smac: only print block-ack timeout message at trace level Ben Hutchings
2012-12-03 14:32 ` [ 38/89] bas_gigaset: fix pre_reset handling Ben Hutchings
2012-12-03 14:32 ` [ 39/89] GFS2: Test bufdata with buffer locked and gfs2_log_lock held Ben Hutchings
2012-12-03 14:32 ` [ 40/89] ptp: update adjfreq callback description Ben Hutchings
2012-12-03 14:32 ` [ 41/89] watchdog: iTCO_wdt: add Intel Lynx Point DeviceIDs Ben Hutchings
2012-12-03 14:32 ` [ 42/89] acer-wmi: support for P key on TM8372 Ben Hutchings
2012-12-03 14:32 ` [ 43/89] xhci: Remove warnings about MSI and MSI-X capabilities Ben Hutchings
2012-12-03 14:32 ` [ 44/89] xhci: Remove scary warnings about transfer issues Ben Hutchings
2012-12-03 14:32 ` [ 45/89] x86, mce, therm_throt: Dont report power limit and package level thermal throttle events in mcelog Ben Hutchings
2012-12-03 14:32 ` [ 46/89] Input: bcm5974 - set BUTTONPAD property Ben Hutchings
2012-12-03 14:32 ` [ 47/89] watchdog: using u64 in get_sample_period() Ben Hutchings
2012-12-03 14:32 ` [ 48/89] x86, amd: Disable way access filter on Piledriver CPUs Ben Hutchings
2012-12-03 14:32 ` [ 49/89] mtd: ofpart: Fix incorrect NULL check in parse_ofoldpart_partitions() Ben Hutchings
2012-12-03 14:32 ` [ 50/89] mtd: slram: invalid checking of absolute end address Ben Hutchings
2012-12-03 14:32 ` [ 51/89] jffs2: Fix lock acquisition order bug in jffs2_write_begin Ben Hutchings
2012-12-03 14:32 ` [ 52/89] [SCSI] isci: copy fis 0x34 response into proper buffer Ben Hutchings
2012-12-03 14:32 ` [ 53/89] mac80211: deinitialize ibss-internals after emptiness check Ben Hutchings
2012-12-03 14:32 ` [ 54/89] [PARISC] fix virtual aliasing issue in get_shared_area() Ben Hutchings
2012-12-03 14:32 ` [ 55/89] rtlwifi: rtl8192cu: Add new USB ID Ben Hutchings
2012-12-03 14:32 ` [ 56/89] mwifiex: fix system hang issue in cmd timeout error case Ben Hutchings
2012-12-03 14:32 ` [ 57/89] mwifiex: report error to MMC core if we cannot suspend Ben Hutchings
2012-12-03 14:32 ` [ 58/89] xfs: drop buffer io reference when a bad bio is built Ben Hutchings
2012-12-03 14:32 ` [ 59/89] ALSA: ua101, usx2y: fix broken MIDI output Ben Hutchings
2012-12-03 14:32 ` [ 60/89] sparc64: not any error from do_sigaltstack() should fail rt_sigreturn() Ben Hutchings
2012-12-03 14:32 ` [ 61/89] reiserfs: Fix lock ordering during remount Ben Hutchings
2012-12-03 14:32 ` [ 62/89] reiserfs: Protect reiserfs_quota_on() with write lock Ben Hutchings
2012-12-03 14:32 ` [ 63/89] reiserfs: Protect reiserfs_quota_write() " Ben Hutchings
2012-12-03 14:32 ` [ 64/89] reiserfs: Move quota calls out of " Ben Hutchings
2012-12-03 14:32 ` [ 65/89] md: Reassigned the parameters if read_seqretry returned true in func md_is_badblock Ben Hutchings
2012-12-03 14:32 ` [ 66/89] md: Avoid write invalid address if read_seqretry returned true Ben Hutchings
2012-12-03 14:32 ` [ 67/89] drm/radeon: properly track the crtc not_enabled case evergreen_mc_stop() Ben Hutchings
2012-12-03 15:24 ` Josh Boyer
2012-12-03 15:35 ` Deucher, Alexander
2012-12-03 23:26 ` Josh Boyer
2012-12-03 23:40 ` Deucher, Alexander
2012-12-04 14:35 ` Josh Boyer
2012-12-06 18:14 ` Greg KH
2012-12-09 23:25 ` Ben Hutchings
2012-12-03 14:32 ` [ 68/89] radeon: add AGPMode 1 quirk for RV250 Ben Hutchings
2012-12-03 14:32 ` [ 69/89] x86-32: Fix invalid stack address while in softirq Ben Hutchings
2012-12-03 14:32 ` [ 70/89] x86-32: Export kernel_stack_pointer() for modules Ben Hutchings
2012-12-03 14:32 ` [ 71/89] x86, microcode, AMD: Add support for family 16h processors Ben Hutchings
2012-12-03 14:32 ` [ 72/89] ALSA: hda - Add new codec ALC283 ALC290 support Ben Hutchings
2012-12-03 14:32 ` [ 73/89] ALSA: hda - Add support for Realtek ALC292 Ben Hutchings
2012-12-03 14:33 ` Ben Hutchings [this message]
2012-12-03 14:33 ` [ 75/89] Dove: Attempt to fix PMU/RTC interrupts Ben Hutchings
2012-12-03 14:33 ` [ 76/89] Dove: Fix irq_to_pmu() Ben Hutchings
2012-12-03 14:33 ` [ 77/89] ARM: Kirkwood: Update PCI-E fixup Ben Hutchings
2012-12-03 14:33 ` [ 78/89] [PARISC] fix user-triggerable panic on parisc Ben Hutchings
2012-12-03 14:33 ` [ 79/89] dm: fix deadlock with request based dm and queue request_fn recursion Ben Hutchings
2012-12-03 14:33 ` [ 80/89] block: Dont access request after it might be freed Ben Hutchings
2012-12-03 14:33 ` [ 81/89] jbd: Fix lock ordering bug in journal_unmap_buffer() Ben Hutchings
2012-12-03 14:33 ` [ 82/89] can: bcm: initialize ifindex for timeouts without previous frame reception Ben Hutchings
2012-12-03 14:33 ` [ 83/89] futex: avoid wake_futex() for a PI futex_q Ben Hutchings
2012-12-03 14:33 ` [ 84/89] mm/vmemmap: fix wrong use of virt_to_page Ben Hutchings
2012-12-03 14:33 ` [ 85/89] mm: vmscan: fix endless loop in kswapd balancing Ben Hutchings
2012-12-03 14:33 ` [ 86/89] mm: soft offline: split thp at the beginning of soft_offline_page() Ben Hutchings
2012-12-03 14:33 ` [ 87/89] workqueue: exit rescuer_thread() as TASK_RUNNING Ben Hutchings
2012-12-03 14:33 ` [ 88/89] intel_idle: initial IVB support Ben Hutchings
2012-12-03 14:33 ` [ 89/89] intel_idle: enable IVB Xeon support Ben Hutchings
2012-12-03 15:09 ` [ 00/89] 3.2.35-stable review Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121203143157.939764243@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=davej@redhat.com \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=paulmck@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).