* [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer @ 2020-04-02 5:56 Amol Grover 2020-04-02 5:56 ` [PATCH 2/3 RESEND] cred: Do not use RCU primitives to access " Amol Grover ` (2 more replies) 0 siblings, 3 replies; 13+ messages in thread From: Amol Grover @ 2020-04-02 5:56 UTC (permalink / raw) To: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Peter Zijlstra, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Paul Moore, Eric Paris Cc: linux-kernel-mentees, linux-kernel, linux-audit, Joel Fernandes, Madhuparna Bhowmik, Paul E . McKenney, Amol Grover task_struct::cred (subjective credentials) is *always* used task-synchronously, hence, does not require RCU semantics. task_struct::real_cred (objective credentials) can be used in RCU context and its __rcu annotation is retained. However, task_struct::cred and task_struct::real_cred *may* point to the same object, hence, the object pointed to by task_struct::cred *may* have RCU delayed freeing. Suggested-by: Jann Horn <jannh@google.com> Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Amol Grover <frextrite@gmail.com> --- include/linux/sched.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/linux/sched.h b/include/linux/sched.h index 716ad1d8d95e..39924e6e0cf2 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -879,8 +879,11 @@ struct task_struct { /* Objective and real subjective task credentials (COW): */ const struct cred __rcu *real_cred; - /* Effective (overridable) subjective task credentials (COW): */ - const struct cred __rcu *cred; + /* + * Effective (overridable) subjective task credentials (COW) + * which is used task-synchronously + */ + const struct cred *cred; #ifdef CONFIG_KEYS /* Cached requested key. */ -- 2.24.1 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 2/3 RESEND] cred: Do not use RCU primitives to access cred pointer 2020-04-02 5:56 [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer Amol Grover @ 2020-04-02 5:56 ` Amol Grover 2020-04-02 5:56 ` [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from " Amol Grover 2020-05-24 8:11 ` [PATCH 1/3 RESEND] sched: Remove __rcu annotation " Amol Grover 2 siblings, 0 replies; 13+ messages in thread From: Amol Grover @ 2020-04-02 5:56 UTC (permalink / raw) To: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Peter Zijlstra, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Paul Moore, Eric Paris Cc: linux-kernel-mentees, linux-kernel, linux-audit, Joel Fernandes, Madhuparna Bhowmik, Paul E . McKenney, Amol Grover Since task_struct::cred can only be used task-synchronously, and is not visible to other threads under RCU context, we do not require RCU primitives to read/write to it and incur heavy barriers. Suggested-by: Jann Horn <jannh@google.com> Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Amol Grover <frextrite@gmail.com> --- include/linux/cred.h | 5 ++--- kernel/cred.c | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/linux/cred.h b/include/linux/cred.h index 18639c069263..5973791e5fe4 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -291,11 +291,10 @@ static inline void put_cred(const struct cred *_cred) /** * current_cred - Access the current task's subjective credentials * - * Access the subjective credentials of the current task. RCU-safe, - * since nobody else can modify it. + * Access the subjective credentials of the current task. */ #define current_cred() \ - rcu_dereference_protected(current->cred, 1) + (current->cred) /** * current_real_cred - Access the current task's objective credentials diff --git a/kernel/cred.c b/kernel/cred.c index 809a985b1793..3956c31d068d 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -485,7 +485,7 @@ int commit_creds(struct cred *new) if (new->user != old->user) atomic_inc(&new->user->processes); rcu_assign_pointer(task->real_cred, new); - rcu_assign_pointer(task->cred, new); + task->cred = new; if (new->user != old->user) atomic_dec(&old->user->processes); alter_cred_subscribers(old, -2); @@ -562,7 +562,7 @@ const struct cred *override_creds(const struct cred *new) */ get_new_cred((struct cred *)new); alter_cred_subscribers(new, 1); - rcu_assign_pointer(current->cred, new); + current->cred = new; alter_cred_subscribers(old, -1); kdebug("override_creds() = %p{%d,%d}", old, @@ -590,7 +590,7 @@ void revert_creds(const struct cred *old) validate_creds(old); validate_creds(override); alter_cred_subscribers(old, 1); - rcu_assign_pointer(current->cred, old); + current->cred = old; alter_cred_subscribers(override, -1); put_cred(override); } -- 2.24.1 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from cred pointer 2020-04-02 5:56 [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer Amol Grover 2020-04-02 5:56 ` [PATCH 2/3 RESEND] cred: Do not use RCU primitives to access " Amol Grover @ 2020-04-02 5:56 ` Amol Grover 2020-04-02 12:56 ` Paul Moore 2020-05-24 8:11 ` [PATCH 1/3 RESEND] sched: Remove __rcu annotation " Amol Grover 2 siblings, 1 reply; 13+ messages in thread From: Amol Grover @ 2020-04-02 5:56 UTC (permalink / raw) To: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Peter Zijlstra, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Paul Moore, Eric Paris Cc: linux-kernel-mentees, linux-kernel, linux-audit, Joel Fernandes, Madhuparna Bhowmik, Paul E . McKenney, Amol Grover task_struct::cred is only used task-synchronously and does not require any RCU locks, hence, rcu_dereference_check is not required to read from it. Suggested-by: Jann Horn <jannh@google.com> Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Amol Grover <frextrite@gmail.com> --- kernel/auditsc.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4effe01ebbe2..d3510513cdd1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -430,24 +430,19 @@ static int audit_field_compare(struct task_struct *tsk, /* Determine if any context name data matches a rule's watch data */ /* Compare a task_struct with an audit_rule. Return 1 on match, 0 * otherwise. - * - * If task_creation is true, this is an explicit indication that we are - * filtering a task rule at task creation time. This and tsk == current are - * the only situations where tsk->cred may be accessed without an rcu read lock. */ static int audit_filter_rules(struct task_struct *tsk, struct audit_krule *rule, struct audit_context *ctx, struct audit_names *name, - enum audit_state *state, - bool task_creation) + enum audit_state *state) { const struct cred *cred; int i, need_sid = 1; u32 sid; unsigned int sessionid; - cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); + cred = tsk->cred; for (i = 0; i < rule->field_count; i++) { struct audit_field *f = &rule->fields[i]; @@ -745,7 +740,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) rcu_read_lock(); list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { if (audit_filter_rules(tsk, &e->rule, NULL, NULL, - &state, true)) { + &state)) { if (state == AUDIT_RECORD_CONTEXT) *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); rcu_read_unlock(); @@ -791,7 +786,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, list_for_each_entry_rcu(e, list, list) { if (audit_in_mask(&e->rule, ctx->major) && audit_filter_rules(tsk, &e->rule, ctx, NULL, - &state, false)) { + &state)) { rcu_read_unlock(); ctx->current_state = state; return state; @@ -815,7 +810,7 @@ static int audit_filter_inode_name(struct task_struct *tsk, list_for_each_entry_rcu(e, list, list) { if (audit_in_mask(&e->rule, ctx->major) && - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { + audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { ctx->current_state = state; return 1; } -- 2.24.1 ^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from cred pointer 2020-04-02 5:56 ` [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from " Amol Grover @ 2020-04-02 12:56 ` Paul Moore 2020-04-03 7:56 ` Amol Grover 0 siblings, 1 reply; 13+ messages in thread From: Paul Moore @ 2020-04-02 12:56 UTC (permalink / raw) To: Amol Grover Cc: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Eric Paris, linux-kernel-mentees, linux-kernel, linux-audit, Joel Fernandes, Madhuparna Bhowmik, Paul E . McKenney On Thu, Apr 2, 2020 at 1:57 AM Amol Grover <frextrite@gmail.com> wrote: > task_struct::cred is only used task-synchronously and does > not require any RCU locks, hence, rcu_dereference_check is > not required to read from it. > > Suggested-by: Jann Horn <jannh@google.com> > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > Signed-off-by: Amol Grover <frextrite@gmail.com> > --- > kernel/auditsc.c | 15 +++++---------- > 1 file changed, 5 insertions(+), 10 deletions(-) This is the exact same patch I ACK'd back in February, yes? https://lore.kernel.org/linux-audit/CAHC9VhQCbg1V290bYEZM+izDPRpr=XYXakohnDaMphkBBFgUaA@mail.gmail.com > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index 4effe01ebbe2..d3510513cdd1 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -430,24 +430,19 @@ static int audit_field_compare(struct task_struct *tsk, > /* Determine if any context name data matches a rule's watch data */ > /* Compare a task_struct with an audit_rule. Return 1 on match, 0 > * otherwise. > - * > - * If task_creation is true, this is an explicit indication that we are > - * filtering a task rule at task creation time. This and tsk == current are > - * the only situations where tsk->cred may be accessed without an rcu read lock. > */ > static int audit_filter_rules(struct task_struct *tsk, > struct audit_krule *rule, > struct audit_context *ctx, > struct audit_names *name, > - enum audit_state *state, > - bool task_creation) > + enum audit_state *state) > { > const struct cred *cred; > int i, need_sid = 1; > u32 sid; > unsigned int sessionid; > > - cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); > + cred = tsk->cred; > > for (i = 0; i < rule->field_count; i++) { > struct audit_field *f = &rule->fields[i]; > @@ -745,7 +740,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) > rcu_read_lock(); > list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { > if (audit_filter_rules(tsk, &e->rule, NULL, NULL, > - &state, true)) { > + &state)) { > if (state == AUDIT_RECORD_CONTEXT) > *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); > rcu_read_unlock(); > @@ -791,7 +786,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, > list_for_each_entry_rcu(e, list, list) { > if (audit_in_mask(&e->rule, ctx->major) && > audit_filter_rules(tsk, &e->rule, ctx, NULL, > - &state, false)) { > + &state)) { > rcu_read_unlock(); > ctx->current_state = state; > return state; > @@ -815,7 +810,7 @@ static int audit_filter_inode_name(struct task_struct *tsk, > > list_for_each_entry_rcu(e, list, list) { > if (audit_in_mask(&e->rule, ctx->major) && > - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { > + audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { > ctx->current_state = state; > return 1; > } > -- > 2.24.1 -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from cred pointer 2020-04-02 12:56 ` Paul Moore @ 2020-04-03 7:56 ` Amol Grover 2020-04-03 19:25 ` Paul Moore 2020-04-03 21:21 ` Richard Guy Briggs 0 siblings, 2 replies; 13+ messages in thread From: Amol Grover @ 2020-04-03 7:56 UTC (permalink / raw) To: Paul Moore Cc: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Eric Paris, linux-kernel-mentees, linux-kernel, linux-audit, Joel Fernandes, Madhuparna Bhowmik, Paul E . McKenney On Thu, Apr 02, 2020 at 08:56:36AM -0400, Paul Moore wrote: > On Thu, Apr 2, 2020 at 1:57 AM Amol Grover <frextrite@gmail.com> wrote: > > task_struct::cred is only used task-synchronously and does > > not require any RCU locks, hence, rcu_dereference_check is > > not required to read from it. > > > > Suggested-by: Jann Horn <jannh@google.com> > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > --- > > kernel/auditsc.c | 15 +++++---------- > > 1 file changed, 5 insertions(+), 10 deletions(-) > > This is the exact same patch I ACK'd back in February, yes? > > https://lore.kernel.org/linux-audit/CAHC9VhQCbg1V290bYEZM+izDPRpr=XYXakohnDaMphkBBFgUaA@mail.gmail.com > Hi Paul, That's correct. I've resend the series out of the fear that the first 2 patches might've gotten lost as it's been almost a month since I last sent them. Could you please ack this again, and if you don't mind could you please go through the other 2 patches and ack them aswell? Thanks Amol > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > index 4effe01ebbe2..d3510513cdd1 100644 > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -430,24 +430,19 @@ static int audit_field_compare(struct task_struct *tsk, > > /* Determine if any context name data matches a rule's watch data */ > > /* Compare a task_struct with an audit_rule. Return 1 on match, 0 > > * otherwise. > > - * > > - * If task_creation is true, this is an explicit indication that we are > > - * filtering a task rule at task creation time. This and tsk == current are > > - * the only situations where tsk->cred may be accessed without an rcu read lock. > > */ > > static int audit_filter_rules(struct task_struct *tsk, > > struct audit_krule *rule, > > struct audit_context *ctx, > > struct audit_names *name, > > - enum audit_state *state, > > - bool task_creation) > > + enum audit_state *state) > > { > > const struct cred *cred; > > int i, need_sid = 1; > > u32 sid; > > unsigned int sessionid; > > > > - cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); > > + cred = tsk->cred; > > > > for (i = 0; i < rule->field_count; i++) { > > struct audit_field *f = &rule->fields[i]; > > @@ -745,7 +740,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) > > rcu_read_lock(); > > list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { > > if (audit_filter_rules(tsk, &e->rule, NULL, NULL, > > - &state, true)) { > > + &state)) { > > if (state == AUDIT_RECORD_CONTEXT) > > *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); > > rcu_read_unlock(); > > @@ -791,7 +786,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, > > list_for_each_entry_rcu(e, list, list) { > > if (audit_in_mask(&e->rule, ctx->major) && > > audit_filter_rules(tsk, &e->rule, ctx, NULL, > > - &state, false)) { > > + &state)) { > > rcu_read_unlock(); > > ctx->current_state = state; > > return state; > > @@ -815,7 +810,7 @@ static int audit_filter_inode_name(struct task_struct *tsk, > > > > list_for_each_entry_rcu(e, list, list) { > > if (audit_in_mask(&e->rule, ctx->major) && > > - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { > > + audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { > > ctx->current_state = state; > > return 1; > > } > > -- > > 2.24.1 > > -- > paul moore > www.paul-moore.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from cred pointer 2020-04-03 7:56 ` Amol Grover @ 2020-04-03 19:25 ` Paul Moore 2020-04-03 21:21 ` Richard Guy Briggs 1 sibling, 0 replies; 13+ messages in thread From: Paul Moore @ 2020-04-03 19:25 UTC (permalink / raw) To: Amol Grover Cc: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Eric Paris, linux-kernel-mentees, linux-kernel, linux-audit, Joel Fernandes, Madhuparna Bhowmik, Paul E . McKenney On Fri, Apr 3, 2020 at 3:56 AM Amol Grover <frextrite@gmail.com> wrote: > On Thu, Apr 02, 2020 at 08:56:36AM -0400, Paul Moore wrote: > > On Thu, Apr 2, 2020 at 1:57 AM Amol Grover <frextrite@gmail.com> wrote: > > > task_struct::cred is only used task-synchronously and does > > > not require any RCU locks, hence, rcu_dereference_check is > > > not required to read from it. > > > > > > Suggested-by: Jann Horn <jannh@google.com> > > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > > --- > > > kernel/auditsc.c | 15 +++++---------- > > > 1 file changed, 5 insertions(+), 10 deletions(-) > > > > This is the exact same patch I ACK'd back in February, yes? > > > > https://lore.kernel.org/linux-audit/CAHC9VhQCbg1V290bYEZM+izDPRpr=XYXakohnDaMphkBBFgUaA@mail.gmail.com > > > > Hi Paul, > > That's correct. I've resend the series out of the fear that the first 2 > patches might've gotten lost as it's been almost a month since I last > sent them. Could you please ack this again, and if you don't mind could > you please go through the other 2 patches and ack them aswell? If you hadn't changed the patch at all, and it doesn't look like you did, you could have (and likely should have) just carried over my ACK. Regardless, I'll re-ACK it now (below). As far as the other two patches are concerned, they look okay to me but I would defer my ACK to maintainer of that code. Acked-by: Paul Moore <paul@paul-moore.com> -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from cred pointer 2020-04-03 7:56 ` Amol Grover 2020-04-03 19:25 ` Paul Moore @ 2020-04-03 21:21 ` Richard Guy Briggs 2020-04-03 21:43 ` Paul Moore 1 sibling, 1 reply; 13+ messages in thread From: Richard Guy Briggs @ 2020-04-03 21:21 UTC (permalink / raw) To: Amol Grover Cc: Paul Moore, Juri Lelli, Peter Zijlstra, David Howells, Joel Fernandes, Vincent Guittot, James Morris, Madhuparna Bhowmik, Ingo Molnar, Mel Gorman, linux-kernel-mentees, Paul E . McKenney, Jann Horn, Steven Rostedt, Shakeel Butt, Thomas Gleixner, Dietmar Eggemann, Ben Segall, linux-kernel, linux-audit, Eric W . Biederman, Andrew Morton On 2020-04-03 13:26, Amol Grover wrote: > On Thu, Apr 02, 2020 at 08:56:36AM -0400, Paul Moore wrote: > > On Thu, Apr 2, 2020 at 1:57 AM Amol Grover <frextrite@gmail.com> wrote: > > > task_struct::cred is only used task-synchronously and does > > > not require any RCU locks, hence, rcu_dereference_check is > > > not required to read from it. > > > > > > Suggested-by: Jann Horn <jannh@google.com> > > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > > --- > > > kernel/auditsc.c | 15 +++++---------- > > > 1 file changed, 5 insertions(+), 10 deletions(-) > > > > This is the exact same patch I ACK'd back in February, yes? > > > > https://lore.kernel.org/linux-audit/CAHC9VhQCbg1V290bYEZM+izDPRpr=XYXakohnDaMphkBBFgUaA@mail.gmail.com > > > > Hi Paul, > > That's correct. I've resend the series out of the fear that the first 2 > patches might've gotten lost as it's been almost a month since I last > sent them. Could you please ack this again, and if you don't mind could > you please go through the other 2 patches and ack them aswell? Via who's tree are you expecting this will make it upstream? > Thanks > Amol > > > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > > index 4effe01ebbe2..d3510513cdd1 100644 > > > --- a/kernel/auditsc.c > > > +++ b/kernel/auditsc.c > > > @@ -430,24 +430,19 @@ static int audit_field_compare(struct task_struct *tsk, > > > /* Determine if any context name data matches a rule's watch data */ > > > /* Compare a task_struct with an audit_rule. Return 1 on match, 0 > > > * otherwise. > > > - * > > > - * If task_creation is true, this is an explicit indication that we are > > > - * filtering a task rule at task creation time. This and tsk == current are > > > - * the only situations where tsk->cred may be accessed without an rcu read lock. > > > */ > > > static int audit_filter_rules(struct task_struct *tsk, > > > struct audit_krule *rule, > > > struct audit_context *ctx, > > > struct audit_names *name, > > > - enum audit_state *state, > > > - bool task_creation) > > > + enum audit_state *state) > > > { > > > const struct cred *cred; > > > int i, need_sid = 1; > > > u32 sid; > > > unsigned int sessionid; > > > > > > - cred = rcu_dereference_check(tsk->cred, tsk == current || task_creation); > > > + cred = tsk->cred; > > > > > > for (i = 0; i < rule->field_count; i++) { > > > struct audit_field *f = &rule->fields[i]; > > > @@ -745,7 +740,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) > > > rcu_read_lock(); > > > list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { > > > if (audit_filter_rules(tsk, &e->rule, NULL, NULL, > > > - &state, true)) { > > > + &state)) { > > > if (state == AUDIT_RECORD_CONTEXT) > > > *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); > > > rcu_read_unlock(); > > > @@ -791,7 +786,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, > > > list_for_each_entry_rcu(e, list, list) { > > > if (audit_in_mask(&e->rule, ctx->major) && > > > audit_filter_rules(tsk, &e->rule, ctx, NULL, > > > - &state, false)) { > > > + &state)) { > > > rcu_read_unlock(); > > > ctx->current_state = state; > > > return state; > > > @@ -815,7 +810,7 @@ static int audit_filter_inode_name(struct task_struct *tsk, > > > > > > list_for_each_entry_rcu(e, list, list) { > > > if (audit_in_mask(&e->rule, ctx->major) && > > > - audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { > > > + audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { > > > ctx->current_state = state; > > > return 1; > > > } > > > -- > > > 2.24.1 > > > > paul moore - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from cred pointer 2020-04-03 21:21 ` Richard Guy Briggs @ 2020-04-03 21:43 ` Paul Moore 2020-04-04 2:53 ` Richard Guy Briggs 0 siblings, 1 reply; 13+ messages in thread From: Paul Moore @ 2020-04-03 21:43 UTC (permalink / raw) To: Richard Guy Briggs Cc: Amol Grover, Juri Lelli, Peter Zijlstra, David Howells, Joel Fernandes, Vincent Guittot, James Morris, Madhuparna Bhowmik, Ingo Molnar, Mel Gorman, linux-kernel-mentees, Paul E . McKenney, Jann Horn, Steven Rostedt, Shakeel Butt, Thomas Gleixner, Dietmar Eggemann, Ben Segall, linux-kernel, linux-audit, Eric W . Biederman, Andrew Morton On Fri, Apr 3, 2020 at 5:22 PM Richard Guy Briggs <rgb@redhat.com> wrote: > On 2020-04-03 13:26, Amol Grover wrote: > > On Thu, Apr 02, 2020 at 08:56:36AM -0400, Paul Moore wrote: > > > On Thu, Apr 2, 2020 at 1:57 AM Amol Grover <frextrite@gmail.com> wrote: > > > > task_struct::cred is only used task-synchronously and does > > > > not require any RCU locks, hence, rcu_dereference_check is > > > > not required to read from it. > > > > > > > > Suggested-by: Jann Horn <jannh@google.com> > > > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > > > --- > > > > kernel/auditsc.c | 15 +++++---------- > > > > 1 file changed, 5 insertions(+), 10 deletions(-) > > > > > > This is the exact same patch I ACK'd back in February, yes? > > > > > > https://lore.kernel.org/linux-audit/CAHC9VhQCbg1V290bYEZM+izDPRpr=XYXakohnDaMphkBBFgUaA@mail.gmail.com > > > > > > > Hi Paul, > > > > That's correct. I've resend the series out of the fear that the first 2 > > patches might've gotten lost as it's been almost a month since I last > > sent them. Could you please ack this again, and if you don't mind could > > you please go through the other 2 patches and ack them aswell? > > Via who's tree are you expecting this will make it upstream? When I asked a similar question back in February the response was basically not the audit tree. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from cred pointer 2020-04-03 21:43 ` Paul Moore @ 2020-04-04 2:53 ` Richard Guy Briggs 0 siblings, 0 replies; 13+ messages in thread From: Richard Guy Briggs @ 2020-04-04 2:53 UTC (permalink / raw) To: Paul Moore Cc: Amol Grover, Juri Lelli, Peter Zijlstra, David Howells, Joel Fernandes, Vincent Guittot, James Morris, Madhuparna Bhowmik, Ingo Molnar, Mel Gorman, linux-kernel-mentees, Paul E . McKenney, Jann Horn, Steven Rostedt, Shakeel Butt, Thomas Gleixner, Dietmar Eggemann, Ben Segall, linux-kernel, linux-audit, Eric W . Biederman, Andrew Morton On 2020-04-03 17:43, Paul Moore wrote: > On Fri, Apr 3, 2020 at 5:22 PM Richard Guy Briggs <rgb@redhat.com> wrote: > > On 2020-04-03 13:26, Amol Grover wrote: > > > On Thu, Apr 02, 2020 at 08:56:36AM -0400, Paul Moore wrote: > > > > On Thu, Apr 2, 2020 at 1:57 AM Amol Grover <frextrite@gmail.com> wrote: > > > > > task_struct::cred is only used task-synchronously and does > > > > > not require any RCU locks, hence, rcu_dereference_check is > > > > > not required to read from it. > > > > > > > > > > Suggested-by: Jann Horn <jannh@google.com> > > > > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > > > > --- > > > > > kernel/auditsc.c | 15 +++++---------- > > > > > 1 file changed, 5 insertions(+), 10 deletions(-) > > > > > > > > This is the exact same patch I ACK'd back in February, yes? > > > > > > > > https://lore.kernel.org/linux-audit/CAHC9VhQCbg1V290bYEZM+izDPRpr=XYXakohnDaMphkBBFgUaA@mail.gmail.com > > > > > > > > > > Hi Paul, > > > > > > That's correct. I've resend the series out of the fear that the first 2 > > > patches might've gotten lost as it's been almost a month since I last > > > sent them. Could you please ack this again, and if you don't mind could > > > you please go through the other 2 patches and ack them aswell? > > > > Via who's tree are you expecting this will make it upstream? > > When I asked a similar question back in February the response was > basically not the audit tree. Well, I went checking mingo and akpm's trees and didn't find 1/3 and 2/3 there even though I thought 3/3 was in audit/stable-5.6. I was mistaken, that patch in audit/stable-5.6 is a previous rcu fix for auditd_conn and not 3/3. > paul moore - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer 2020-04-02 5:56 [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer Amol Grover 2020-04-02 5:56 ` [PATCH 2/3 RESEND] cred: Do not use RCU primitives to access " Amol Grover 2020-04-02 5:56 ` [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from " Amol Grover @ 2020-05-24 8:11 ` Amol Grover 2020-05-25 13:17 ` Richard Guy Briggs 2 siblings, 1 reply; 13+ messages in thread From: Amol Grover @ 2020-05-24 8:11 UTC (permalink / raw) To: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Paul Moore, Eric Paris Cc: linux-kernel-mentees, linux-kernel, linux-audit, Joel Fernandes, Madhuparna Bhowmik, Paul E . McKenney On Thu, Apr 02, 2020 at 11:26:38AM +0530, Amol Grover wrote: > task_struct::cred (subjective credentials) is *always* used > task-synchronously, hence, does not require RCU semantics. > > task_struct::real_cred (objective credentials) can be used in > RCU context and its __rcu annotation is retained. > > However, task_struct::cred and task_struct::real_cred *may* > point to the same object, hence, the object pointed to by > task_struct::cred *may* have RCU delayed freeing. > > Suggested-by: Jann Horn <jannh@google.com> > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > Signed-off-by: Amol Grover <frextrite@gmail.com> Hello everyone, Could you please go through patches 1/3 and 2/3 and if deemed OK, give your acks. I sent the original patch in beginning of February (~4 months back) and resent the patches again in beginning of April due to lack of traffic. Paul Moore was kind enough to ack twice - the 3/3 and its resend patch. However these 2 patches still remain. I'd really appreciate if someone reviewed them. Thanks Amol ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer 2020-05-24 8:11 ` [PATCH 1/3 RESEND] sched: Remove __rcu annotation " Amol Grover @ 2020-05-25 13:17 ` Richard Guy Briggs 2020-05-25 18:04 ` Amol Grover 0 siblings, 1 reply; 13+ messages in thread From: Richard Guy Briggs @ 2020-05-25 13:17 UTC (permalink / raw) To: Amol Grover Cc: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Paul Moore, Eric Paris, Paul E . McKenney, linux-kernel, Madhuparna Bhowmik, linux-audit, Joel Fernandes, linux-kernel-mentees On 2020-05-24 13:41, Amol Grover wrote: > On Thu, Apr 02, 2020 at 11:26:38AM +0530, Amol Grover wrote: > > task_struct::cred (subjective credentials) is *always* used > > task-synchronously, hence, does not require RCU semantics. > > > > task_struct::real_cred (objective credentials) can be used in > > RCU context and its __rcu annotation is retained. > > > > However, task_struct::cred and task_struct::real_cred *may* > > point to the same object, hence, the object pointed to by > > task_struct::cred *may* have RCU delayed freeing. > > > > Suggested-by: Jann Horn <jannh@google.com> > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > Hello everyone, > > Could you please go through patches 1/3 and 2/3 and if deemed OK, give > your acks. I sent the original patch in beginning of February (~4 months > back) and resent the patches again in beginning of April due to lack of > traffic. Paul Moore was kind enough to ack twice - the 3/3 and its > resend patch. However these 2 patches still remain. I'd really > appreciate if someone reviewed them. I asked on April 3 which upstream tree you expect this patchset to go through and I did not see a reply. Do you have a specific target or is the large addressee list assuming someone else is taking this set? All we have seen is that it is not intended to go through the audit tree. > Thanks > Amol - RGB -- Richard Guy Briggs <rgb@redhat.com> Sr. S/W Engineer, Kernel Security, Base Operating Systems Remote, Ottawa, Red Hat Canada IRC: rgb, SunRaycer Voice: +1.647.777.2635, Internal: (81) 32635 ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer 2020-05-25 13:17 ` Richard Guy Briggs @ 2020-05-25 18:04 ` Amol Grover 2020-05-26 12:34 ` Paul Moore 0 siblings, 1 reply; 13+ messages in thread From: Amol Grover @ 2020-05-25 18:04 UTC (permalink / raw) To: Richard Guy Briggs Cc: Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Paul Moore, Eric Paris, Paul E . McKenney, linux-kernel, Madhuparna Bhowmik, linux-audit, Joel Fernandes, linux-kernel-mentees On Mon, May 25, 2020 at 09:17:41AM -0400, Richard Guy Briggs wrote: > On 2020-05-24 13:41, Amol Grover wrote: > > On Thu, Apr 02, 2020 at 11:26:38AM +0530, Amol Grover wrote: > > > task_struct::cred (subjective credentials) is *always* used > > > task-synchronously, hence, does not require RCU semantics. > > > > > > task_struct::real_cred (objective credentials) can be used in > > > RCU context and its __rcu annotation is retained. > > > > > > However, task_struct::cred and task_struct::real_cred *may* > > > point to the same object, hence, the object pointed to by > > > task_struct::cred *may* have RCU delayed freeing. > > > > > > Suggested-by: Jann Horn <jannh@google.com> > > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > > > Hello everyone, > > > > Could you please go through patches 1/3 and 2/3 and if deemed OK, give > > your acks. I sent the original patch in beginning of February (~4 months > > back) and resent the patches again in beginning of April due to lack of > > traffic. Paul Moore was kind enough to ack twice - the 3/3 and its > > resend patch. However these 2 patches still remain. I'd really > > appreciate if someone reviewed them. > > I asked on April 3 which upstream tree you expect this patchset to go > through and I did not see a reply. Do you have a specific target or is > the large addressee list assuming someone else is taking this set? All > we have seen is that it is not intended to go through the audit tree. > Apologies for it. As Paul Moore replied, initially I assumed this patchset to not go through the audit tree as the audit specific changes were secondary to the main change (though certainly I did not think which upstream tree the patchset would go through). But now I am okay with the patchset making it to upstream via audit tree if it is fine by the maintainers. Thanks Amol > > Thanks > > Amol > > - RGB > > -- > Richard Guy Briggs <rgb@redhat.com> > Sr. S/W Engineer, Kernel Security, Base Operating Systems > Remote, Ottawa, Red Hat Canada > IRC: rgb, SunRaycer > Voice: +1.647.777.2635, Internal: (81) 32635 > ^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer 2020-05-25 18:04 ` Amol Grover @ 2020-05-26 12:34 ` Paul Moore 0 siblings, 0 replies; 13+ messages in thread From: Paul Moore @ 2020-05-26 12:34 UTC (permalink / raw) To: Amol Grover Cc: Richard Guy Briggs, Ingo Molnar, Peter Zijlstra, Juri Lelli, Vincent Guittot, Dietmar Eggemann, Steven Rostedt, Ben Segall, Mel Gorman, James Morris, Thomas Gleixner, Jann Horn, David Howells, Shakeel Butt, Eric W . Biederman, Andrew Morton, Eric Paris, Paul E . McKenney, linux-kernel, Madhuparna Bhowmik, linux-audit, Joel Fernandes, linux-kernel-mentees On Mon, May 25, 2020 at 2:04 PM Amol Grover <frextrite@gmail.com> wrote: > On Mon, May 25, 2020 at 09:17:41AM -0400, Richard Guy Briggs wrote: > > On 2020-05-24 13:41, Amol Grover wrote: > > > On Thu, Apr 02, 2020 at 11:26:38AM +0530, Amol Grover wrote: > > > > task_struct::cred (subjective credentials) is *always* used > > > > task-synchronously, hence, does not require RCU semantics. > > > > > > > > task_struct::real_cred (objective credentials) can be used in > > > > RCU context and its __rcu annotation is retained. > > > > > > > > However, task_struct::cred and task_struct::real_cred *may* > > > > point to the same object, hence, the object pointed to by > > > > task_struct::cred *may* have RCU delayed freeing. > > > > > > > > Suggested-by: Jann Horn <jannh@google.com> > > > > Co-developed-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > > Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org> > > > > Signed-off-by: Amol Grover <frextrite@gmail.com> > > > > > > Hello everyone, > > > > > > Could you please go through patches 1/3 and 2/3 and if deemed OK, give > > > your acks. I sent the original patch in beginning of February (~4 months > > > back) and resent the patches again in beginning of April due to lack of > > > traffic. Paul Moore was kind enough to ack twice - the 3/3 and its > > > resend patch. However these 2 patches still remain. I'd really > > > appreciate if someone reviewed them. > > > > I asked on April 3 which upstream tree you expect this patchset to go > > through and I did not see a reply. Do you have a specific target or is > > the large addressee list assuming someone else is taking this set? All > > we have seen is that it is not intended to go through the audit tree. > > > > Apologies for it. As Paul Moore replied, initially I assumed this > patchset to not go through the audit tree as the audit specific changes > were secondary to the main change (though certainly I did not think > which upstream tree the patchset would go through). But now I am okay > with the patchset making it to upstream via audit tree if it is fine by > the maintainers. This patchset is not appropriate for the audit tree as the most significant changes are not audit related. My ACK on patch 3/3 was, and is, conditional on the previous patches being acceptable to the greater kernel community; this is the main reason why I didn't ACK patch 1/3 or 2/3. -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2020-05-26 12:34 UTC | newest] Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-04-02 5:56 [PATCH 1/3 RESEND] sched: Remove __rcu annotation from cred pointer Amol Grover 2020-04-02 5:56 ` [PATCH 2/3 RESEND] cred: Do not use RCU primitives to access " Amol Grover 2020-04-02 5:56 ` [PATCH 3/3 RESEND] auditsc: Do not use RCU primitive to read from " Amol Grover 2020-04-02 12:56 ` Paul Moore 2020-04-03 7:56 ` Amol Grover 2020-04-03 19:25 ` Paul Moore 2020-04-03 21:21 ` Richard Guy Briggs 2020-04-03 21:43 ` Paul Moore 2020-04-04 2:53 ` Richard Guy Briggs 2020-05-24 8:11 ` [PATCH 1/3 RESEND] sched: Remove __rcu annotation " Amol Grover 2020-05-25 13:17 ` Richard Guy Briggs 2020-05-25 18:04 ` Amol Grover 2020-05-26 12:34 ` Paul Moore
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).