From: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Tejun Heo <tj@kernel.org>,
"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
Aristeu Rozanski <aris@redhat.com>, Li Zefan <lizefan@huawei.com>
Subject: Re: [ 06/89] device_cgroup: fix RCU usage
Date: Thu, 6 Dec 2012 17:36:02 -0200 [thread overview]
Message-ID: <20121206193602.GD3034@herton-Z68MA-D2H-B3> (raw)
In-Reply-To: <20121203143147.609467839@decadent.org.uk>
On Mon, Dec 03, 2012 at 02:31:52PM +0000, Ben Hutchings wrote:
> 3.2-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Tejun Heo <tj@kernel.org>
>
> commit 201e72acb2d3821e2de9ce6091e98859c316b29a upstream.
>
> dev_cgroup->exceptions is protected with devcgroup_mutex for writes
> and RCU for reads; however, RCU usage isn't correct.
>
> * dev_exception_clean() doesn't use RCU variant of list_del() and
> kfree(). The function can race with may_access() and may_access()
> may end up dereferencing already freed memory. Use list_del_rcu()
> and kfree_rcu() instead.
>
> * may_access() may be called only with RCU read locked but doesn't use
> RCU safe traversal over ->exceptions. Use list_for_each_entry_rcu().
>
> Signed-off-by: Tejun Heo <tj@kernel.org>
> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
> Cc: Aristeu Rozanski <aris@redhat.com>
> Cc: Li Zefan <lizefan@huawei.com>
> [bwh: Backported to 3.2:
> - Adjust context
> - Exception list is called whitelist]
> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
I belive this backport is uneeded for 3.2 (or any stable <= 3.6), since
may_access_whitelist (may_access now in mainline) isn't called under
rcu_read_lock.
> ---
> security/device_cgroup.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> --- a/security/device_cgroup.c
> +++ b/security/device_cgroup.c
> @@ -202,8 +202,8 @@ static void devcgroup_destroy(struct cgr
>
> dev_cgroup = cgroup_to_devcgroup(cgroup);
> list_for_each_entry_safe(wh, tmp, &dev_cgroup->whitelist, list) {
> - list_del(&wh->list);
> - kfree(wh);
> + list_del_rcu(&wh->list);
> + kfree_rcu(wh, rcu);
> }
> kfree(dev_cgroup);
> }
> @@ -278,7 +278,7 @@ static int may_access_whitelist(struct d
> {
> struct dev_whitelist_item *whitem;
>
> - list_for_each_entry(whitem, &c->whitelist, list) {
> + list_for_each_entry_rcu(whitem, &c->whitelist, list) {
> if (whitem->type & DEV_ALL)
> return 1;
> if ((refwh->type & DEV_BLOCK) && !(whitem->type & DEV_BLOCK))
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe stable" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
[]'s
Herton
next prev parent reply other threads:[~2012-12-06 19:36 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-03 14:31 [ 00/89] 3.2.35-stable review Ben Hutchings
2012-12-03 14:31 ` [ 01/89] UBIFS: introduce categorized lprops counter Ben Hutchings
2012-12-03 14:31 ` [ 02/89] UBIFS: fix mounting problems after power cuts Ben Hutchings
2012-12-03 14:31 ` [ 03/89] futex: Handle futex_pi OWNER_DIED take over correctly Ben Hutchings
2012-12-03 14:31 ` [ 04/89] mac80211: sync acccess to tx_filtered/ps_tx_buf queues Ben Hutchings
2012-12-03 14:31 ` [ 05/89] ASoC: wm8978: pll incorrectly configured when codec is master Ben Hutchings
2012-12-03 14:31 ` [ 06/89] device_cgroup: fix RCU usage Ben Hutchings
2012-12-06 19:36 ` Herton Ronaldo Krzesinski [this message]
2012-12-07 1:41 ` Ben Hutchings
2012-12-03 14:31 ` [ 07/89] ASoC: dapm: Use card_list during DAPM shutdown Ben Hutchings
2012-12-03 14:31 ` [ 08/89] s390/signal: set correct address space control Ben Hutchings
2012-12-03 14:31 ` [ 09/89] wireless: allow 40 MHz on world roaming channels 12/13 Ben Hutchings
2012-12-03 14:31 ` [ 10/89] drm/i915/sdvo: clean up connectors on intel_sdvo_init() failures Ben Hutchings
2012-12-03 14:31 ` [ 11/89] s390/gup: add missing TASK_SIZE check to get_user_pages_fast() Ben Hutchings
2012-12-03 14:31 ` [ 12/89] USB: option: add Novatel E362 and Dell Wireless 5800 USB IDs Ben Hutchings
2012-12-03 14:31 ` [ 13/89] USB: option: add Alcatel X220/X500D " Ben Hutchings
2012-12-03 14:32 ` [ 14/89] drm/radeon: fix logic error in atombios_encoders.c Ben Hutchings
2012-12-03 14:32 ` [ 15/89] ttm: Clear the ttm page allocated from high memory zone correctly Ben Hutchings
2012-12-03 14:32 ` [ 16/89] memcg: oom: fix totalpages calculation for memory.swappiness==0 Ben Hutchings
2012-12-03 14:32 ` [ 17/89] tmpfs: change final i_blocks BUG to WARNING Ben Hutchings
2012-12-03 14:32 ` [ 18/89] x86: Exclude E820_RESERVED regions and memory holes above 4 GB from direct mapping Ben Hutchings
2012-12-03 14:32 ` [ 19/89] x86, mm: Find_early_table_space based on ranges that are actually being mapped Ben Hutchings
2012-12-03 14:32 ` [ 20/89] x86, mm: Undo incorrect revert in arch/x86/mm/init.c Ben Hutchings
2012-12-03 14:32 ` [ 21/89] netfilter: Mark SYN/ACK packets as invalid from original direction Ben Hutchings
2012-12-03 14:32 ` [ 22/89] netfilter: Validate the sequence number of dataless ACK packets as well Ben Hutchings
2012-12-03 14:32 ` [ 23/89] netfilter: nf_nat: dont check for port change on ICMP tuples Ben Hutchings
2012-12-03 14:32 ` [ 24/89] ipv4: avoid undefined behavior in do_ip_setsockopt() Ben Hutchings
2012-12-03 14:32 ` [ 25/89] ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value Ben Hutchings
2012-12-03 14:32 ` [ 26/89] net: correct check in dev_addr_del() Ben Hutchings
2012-12-03 14:32 ` [ 27/89] net-rps: Fix brokeness causing OOO packets Ben Hutchings
2012-12-03 14:32 ` [ 28/89] usb: use usb_serial_put in usb_serial_probe errors Ben Hutchings
2012-12-03 14:32 ` [ 29/89] PCI : Calculate right add_size Ben Hutchings
2012-12-03 14:32 ` [ 30/89] Input: i8042 - also perform controller reset when suspending Ben Hutchings
2012-12-03 14:32 ` [ 31/89] ixgbe: add support for new 82599 device id Ben Hutchings
2012-12-03 14:32 ` [ 32/89] ixgbe: add support for X540-AT1 Ben Hutchings
2012-12-03 14:32 ` [ 33/89] drm/i915: Check VBIOS value for determining LVDS dual channel mode, too Ben Hutchings
2012-12-03 14:32 ` [ 34/89] get_dvb_firmware: fix download site for tda10046 firmware Ben Hutchings
2012-12-03 14:32 ` [ 35/89] m68k: fix sigset_t accessor functions Ben Hutchings
2012-12-03 14:32 ` [ 36/89] HID: add quirk for Freescale i.MX28 ROM recovery Ben Hutchings
2012-12-03 14:32 ` [ 37/89] brcm80211: smac: only print block-ack timeout message at trace level Ben Hutchings
2012-12-03 14:32 ` [ 38/89] bas_gigaset: fix pre_reset handling Ben Hutchings
2012-12-03 14:32 ` [ 39/89] GFS2: Test bufdata with buffer locked and gfs2_log_lock held Ben Hutchings
2012-12-03 14:32 ` [ 40/89] ptp: update adjfreq callback description Ben Hutchings
2012-12-03 14:32 ` [ 41/89] watchdog: iTCO_wdt: add Intel Lynx Point DeviceIDs Ben Hutchings
2012-12-03 14:32 ` [ 42/89] acer-wmi: support for P key on TM8372 Ben Hutchings
2012-12-03 14:32 ` [ 43/89] xhci: Remove warnings about MSI and MSI-X capabilities Ben Hutchings
2012-12-03 14:32 ` [ 44/89] xhci: Remove scary warnings about transfer issues Ben Hutchings
2012-12-03 14:32 ` [ 45/89] x86, mce, therm_throt: Dont report power limit and package level thermal throttle events in mcelog Ben Hutchings
2012-12-03 14:32 ` [ 46/89] Input: bcm5974 - set BUTTONPAD property Ben Hutchings
2012-12-03 14:32 ` [ 47/89] watchdog: using u64 in get_sample_period() Ben Hutchings
2012-12-03 14:32 ` [ 48/89] x86, amd: Disable way access filter on Piledriver CPUs Ben Hutchings
2012-12-03 14:32 ` [ 49/89] mtd: ofpart: Fix incorrect NULL check in parse_ofoldpart_partitions() Ben Hutchings
2012-12-03 14:32 ` [ 50/89] mtd: slram: invalid checking of absolute end address Ben Hutchings
2012-12-03 14:32 ` [ 51/89] jffs2: Fix lock acquisition order bug in jffs2_write_begin Ben Hutchings
2012-12-03 14:32 ` [ 52/89] [SCSI] isci: copy fis 0x34 response into proper buffer Ben Hutchings
2012-12-03 14:32 ` [ 53/89] mac80211: deinitialize ibss-internals after emptiness check Ben Hutchings
2012-12-03 14:32 ` [ 54/89] [PARISC] fix virtual aliasing issue in get_shared_area() Ben Hutchings
2012-12-03 14:32 ` [ 55/89] rtlwifi: rtl8192cu: Add new USB ID Ben Hutchings
2012-12-03 14:32 ` [ 56/89] mwifiex: fix system hang issue in cmd timeout error case Ben Hutchings
2012-12-03 14:32 ` [ 57/89] mwifiex: report error to MMC core if we cannot suspend Ben Hutchings
2012-12-03 14:32 ` [ 58/89] xfs: drop buffer io reference when a bad bio is built Ben Hutchings
2012-12-03 14:32 ` [ 59/89] ALSA: ua101, usx2y: fix broken MIDI output Ben Hutchings
2012-12-03 14:32 ` [ 60/89] sparc64: not any error from do_sigaltstack() should fail rt_sigreturn() Ben Hutchings
2012-12-03 14:32 ` [ 61/89] reiserfs: Fix lock ordering during remount Ben Hutchings
2012-12-03 14:32 ` [ 62/89] reiserfs: Protect reiserfs_quota_on() with write lock Ben Hutchings
2012-12-03 14:32 ` [ 63/89] reiserfs: Protect reiserfs_quota_write() " Ben Hutchings
2012-12-03 14:32 ` [ 64/89] reiserfs: Move quota calls out of " Ben Hutchings
2012-12-03 14:32 ` [ 65/89] md: Reassigned the parameters if read_seqretry returned true in func md_is_badblock Ben Hutchings
2012-12-03 14:32 ` [ 66/89] md: Avoid write invalid address if read_seqretry returned true Ben Hutchings
2012-12-03 14:32 ` [ 67/89] drm/radeon: properly track the crtc not_enabled case evergreen_mc_stop() Ben Hutchings
2012-12-03 15:24 ` Josh Boyer
2012-12-03 15:35 ` Deucher, Alexander
2012-12-03 23:26 ` Josh Boyer
2012-12-03 23:40 ` Deucher, Alexander
2012-12-04 14:35 ` Josh Boyer
2012-12-06 18:14 ` Greg KH
2012-12-09 23:25 ` Ben Hutchings
2012-12-03 14:32 ` [ 68/89] radeon: add AGPMode 1 quirk for RV250 Ben Hutchings
2012-12-03 14:32 ` [ 69/89] x86-32: Fix invalid stack address while in softirq Ben Hutchings
2012-12-03 14:32 ` [ 70/89] x86-32: Export kernel_stack_pointer() for modules Ben Hutchings
2012-12-03 14:32 ` [ 71/89] x86, microcode, AMD: Add support for family 16h processors Ben Hutchings
2012-12-03 14:32 ` [ 72/89] ALSA: hda - Add new codec ALC283 ALC290 support Ben Hutchings
2012-12-03 14:32 ` [ 73/89] ALSA: hda - Add support for Realtek ALC292 Ben Hutchings
2012-12-03 14:33 ` [ 74/89] selinux: fix sel_netnode_insert() suspicious rcu dereference Ben Hutchings
2012-12-03 14:33 ` [ 75/89] Dove: Attempt to fix PMU/RTC interrupts Ben Hutchings
2012-12-03 14:33 ` [ 76/89] Dove: Fix irq_to_pmu() Ben Hutchings
2012-12-03 14:33 ` [ 77/89] ARM: Kirkwood: Update PCI-E fixup Ben Hutchings
2012-12-03 14:33 ` [ 78/89] [PARISC] fix user-triggerable panic on parisc Ben Hutchings
2012-12-03 14:33 ` [ 79/89] dm: fix deadlock with request based dm and queue request_fn recursion Ben Hutchings
2012-12-03 14:33 ` [ 80/89] block: Dont access request after it might be freed Ben Hutchings
2012-12-03 14:33 ` [ 81/89] jbd: Fix lock ordering bug in journal_unmap_buffer() Ben Hutchings
2012-12-03 14:33 ` [ 82/89] can: bcm: initialize ifindex for timeouts without previous frame reception Ben Hutchings
2012-12-03 14:33 ` [ 83/89] futex: avoid wake_futex() for a PI futex_q Ben Hutchings
2012-12-03 14:33 ` [ 84/89] mm/vmemmap: fix wrong use of virt_to_page Ben Hutchings
2012-12-03 14:33 ` [ 85/89] mm: vmscan: fix endless loop in kswapd balancing Ben Hutchings
2012-12-03 14:33 ` [ 86/89] mm: soft offline: split thp at the beginning of soft_offline_page() Ben Hutchings
2012-12-03 14:33 ` [ 87/89] workqueue: exit rescuer_thread() as TASK_RUNNING Ben Hutchings
2012-12-03 14:33 ` [ 88/89] intel_idle: initial IVB support Ben Hutchings
2012-12-03 14:33 ` [ 89/89] intel_idle: enable IVB Xeon support Ben Hutchings
2012-12-03 15:09 ` [ 00/89] 3.2.35-stable review Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121206193602.GD3034@herton-Z68MA-D2H-B3 \
--to=herton.krzesinski@canonical.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=aris@redhat.com \
--cc=ben@decadent.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=serge.hallyn@ubuntu.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).