linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Will Deacon <will@kernel.org>
To: selinux@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Will Deacon <will@kernel.org>
Subject: [RFC PATCH 1/2] selinux: Don't call avc_compute_av() from RCU path walk
Date: Tue, 19 Nov 2019 18:40:56 +0000	[thread overview]
Message-ID: <20191119184057.14961-2-will@kernel.org> (raw)
In-Reply-To: <20191119184057.14961-1-will@kernel.org>

'avc_compute_av()' can block, so we carefully exit the RCU read-side
critical section before calling it in 'avc_has_perm_noaudit()'.
Unfortunately, if we're calling from the VFS layer on the RCU path walk
via 'selinux_inode_permission()' then we're still actually in an RCU
read-side critical section and must not block.

'avc_denied()' already handles this by simply returning success and
postponing the auditing until we're called again on the slowpath, so
follow the same approach here and return early if the node lookup fails
on the RCU walk path.

Signed-off-by: Will Deacon <will@kernel.org>
---
 security/selinux/avc.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index ecd3829996aa..9c183c899e92 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1159,16 +1159,19 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
 	rcu_read_lock();
 
 	node = avc_lookup(state->avc, ssid, tsid, tclass);
-	if (unlikely(!node))
+	if (unlikely(!node)) {
+		if (flags & AVC_NONBLOCKING)
+			goto out;
 		node = avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node);
-	else
+	} else {
 		memcpy(avd, &node->ae.avd, sizeof(*avd));
+	}
 
 	denied = requested & ~(avd->allowed);
 	if (unlikely(denied))
 		rc = avc_denied(state, ssid, tsid, tclass, requested, 0, 0,
 				flags, avd);
-
+out:
 	rcu_read_unlock();
 	return rc;
 }
-- 
2.24.0.432.g9d3f5f5b63-goog


  reply	other threads:[~2019-11-19 18:41 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-11-19 18:40 [RFC PATCH 0/2] Avoid blocking in selinux inode callbacks on RCU walk Will Deacon
2019-11-19 18:40 ` Will Deacon [this message]
2019-11-19 18:59   ` [RFC PATCH 1/2] selinux: Don't call avc_compute_av() from RCU path walk Stephen Smalley
2019-11-20 13:12     ` Will Deacon
2019-11-20 15:28       ` Stephen Smalley
2019-11-20 19:07         ` Paul E. McKenney
2019-11-20 19:13           ` Will Deacon
2019-11-19 18:40 ` [RFC PATCH 2/2] selinux: Propagate RCU walk status from 'security_inode_follow_link()' Will Deacon
2019-11-19 18:46   ` Stephen Smalley
2019-11-20 13:13     ` Will Deacon
2019-11-20 13:31       ` Stephen Smalley
2019-11-29  7:36   ` [selinux] 5149a783b9: WARNING:at_security/selinux/avc.c:#avc_has_perm_flags kernel test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191119184057.14961-2-will@kernel.org \
    --to=will@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=selinux@vger.kernel.org \
    --subject='Re: [RFC PATCH 1/2] selinux: Don'\''t call avc_compute_av() from RCU path walk' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).