linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Tyler Hicks <tyhicks@linux.microsoft.com>
To: Paul Moore <paul@paul-moore.com>,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Ondrej Mosnacek <omosnace@redhat.com>
Cc: selinux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [BUG] Race between policy reload sidtab conversion and live conversion
Date: Tue, 23 Feb 2021 15:50:54 -0600	[thread overview]
Message-ID: <20210223215054.GC6000@sequoia> (raw)
In-Reply-To: <20210223214346.GB6000@sequoia>

On 2021-02-23 15:43:48, Tyler Hicks wrote:
> I'm seeing a race during policy load while the "regular" sidtab
> conversion is happening and a live conversion starts to take place in
> sidtab_context_to_sid().
> 
> We have an initial policy that's loaded by systemd ~0.6s into boot and
> then another policy gets loaded ~2-3s into boot. That second policy load
> is what hits the race condition situation because the sidtab is only
> partially populated and there's a decent amount of filesystem operations
> happening, at the same time, which are triggering live conversions.

Here are the relevant messages written to the ring buffer showing the initial
policy load, the second policy load, the sidtab conversion starting, and then
the stack trace:

[    0.112159] SELinux:  Initializing.
...
[    0.624107] audit: type=1404 audit(0.492:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=selinux res=1
[    0.664063] SELinux:  Permission perfmon in class capability2 not defined in policy.
[    0.664068] SELinux:  Permission bpf in class capability2 not defined in policy.
[    0.664070] SELinux:  Permission checkpoint_restore in class capability2 not defined in policy.
[    0.664077] SELinux:  Permission perfmon in class cap2_userns not defined in policy.
[    0.664079] SELinux:  Permission bpf in class cap2_userns not defined in policy.
[    0.664080] SELinux:  Permission checkpoint_restore in class cap2_userns not defined in policy.
[    0.664114] SELinux:  Class perf_event not defined in policy.
[    0.664115] SELinux:  Class lockdown not defined in policy.
[    0.664117] SELinux: the above unknown classes and permissions will be allowed
[    0.667863] SELinux:  policy capability network_peer_controls=1
[    0.667866] SELinux:  policy capability open_perms=1
[    0.667867] SELinux:  policy capability extended_socket_class=1
[    0.667868] SELinux:  policy capability always_check_network=0
[    0.667870] SELinux:  policy capability cgroup_seclabel=1
[    0.667871] SELinux:  policy capability nnp_nosuid_transition=1
[    0.667873] SELinux:  policy capability genfs_seclabel_symlinks=0
[    0.712152] audit: type=1403 audit(0.584:3): auid=4294967295 ses=4294967295 lsm=selinux res=1
[    0.714430] systemd[1]: Successfully loaded SELinux policy in 91.004ms.
...
[    3.042735] SELinux:  Permission perfmon in class capability2 not defined in policy.
[    3.042741] SELinux:  Permission bpf in class capability2 not defined in policy.
[    3.042743] SELinux:  Permission checkpoint_restore in class capability2 not defined in policy.
[    3.042750] SELinux:  Permission perfmon in class cap2_userns not defined in policy.
[    3.042751] SELinux:  Permission bpf in class cap2_userns not defined in policy.
[    3.042753] SELinux:  Permission checkpoint_restore in class cap2_userns not defined in policy.
[    3.042787] SELinux:  Class perf_event not defined in policy.
[    3.042789] SELinux:  Class lockdown not defined in policy.
[    3.042791] SELinux: the above unknown classes and permissions will be allowed
[    3.042801] SELinux:  Converting 208 SID table entries...
[    3.044951] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000040000028
[    3.050919] SELinux:  policy capability network_peer_controls=1
[    3.055990] Mem abort info:
[    3.055992]   ESR = 0x96000004
[    3.055994]   EC = 0x25: DABT (current EL), IL = 32 bits
[    3.055995]   SET = 0, FnV = 0
[    3.055996]   EA = 0, S1PTW = 0
[    3.055997] Data abort info:
[    3.055998]   ISV = 0, ISS = 0x00000004
[    3.055999]   CM = 0, WnR = 0
[    3.056002] user pgtable: 4k pages, 48-bit VAs, pgdp=00000000940ea000
[    3.056003] [0000000040000028] pgd=0000000000000000, p4d=0000000000000000
[    3.058894] SELinux:  policy capability open_perms=1
[    3.062037] 
[    3.062041] Internal error: Oops: 96000004 [#1] SMP
[    3.062044] Modules linked in: bnxt_en pcie_iproc_platform
[    3.067530] SELinux:  policy capability extended_socket_class=1
[    3.070674]  pcie_iproc diagbe(O)
[    3.070680] CPU: 1 PID: 512 Comm: (tservice) Tainted: G           O      5.10.17.1 #1
[    3.070683] Hardware name: redacted (DT)
[    3.073924] SELinux:  policy capability always_check_network=0
[    3.076890] pstate: 20400085 (nzCv daIf +PAN -UAO -TCO BTYPE=--)
[    3.076904] pc : sidtab_do_lookup+0x128/0x1b4
[    3.076908] lr : sidtab_context_to_sid+0x210/0x378
[    3.080864] SELinux:  policy capability cgroup_seclabel=1
[    3.083920] sp : ffff800011bfbaf0
[    3.083922] x29: ffff800011bfbaf0 
[    3.090570] SELinux:  policy capability nnp_nosuid_transition=1
[    3.097564] x28: 0000000000000000 
[    3.097566] x27: 0000000000000005 x26: ffffd1b6451f2000 
[    3.097568] x25: 00000000ffffffff x24: 0000000000000000 
[    3.102693] SELinux:  policy capability genfs_seclabel_symlinks=0
[    3.104225] x23: 0000000000000001 x22: 0000000000000005 
[    3.104227] x21: 0000000040000028 x20: 0000000000000001 
[    3.104230] x19: 00000000000000d0 x18: 5b00000000000000 
[    3.217640] x17: 0000000077493ecb x16: 00000000c2b2ae35 
[    3.223120] x15: 00000000639285d3 x14: 0000000000000010 
[    3.228600] x13: 00000000128b8525 x12: 000000005128b852 
[    3.234079] x11: 0000000049dd48c1 x10: 0000000000004e00 
[    3.239559] x9 : 00000000000000d1 x8 : 0000000000000005 
[    3.245039] x7 : 0000000000000001 x6 : 0000000000000000 
[    3.250518] x5 : ffff800011bfbc48 x4 : 0000000000000010 
[    3.255998] x3 : 0000000000000002 x2 : 0000000000000001 
[    3.261477] x1 : 00000000000000d0 x0 : 0000000040000000 
[    3.266957] Call trace:
[    3.269480]  sidtab_do_lookup+0x128/0x1b4
[    3.273615]  sidtab_context_to_sid+0x210/0x378
[    3.278198]  security_compute_sid+0x3f4/0x60c
[    3.282692]  security_transition_sid+0x30/0x38
[    3.287277]  selinux_bprm_creds_for_exec+0x11c/0x2e8
[    3.292398]  security_bprm_creds_for_exec+0x30/0x4c
[    3.297432]  bprm_execve+0x100/0x1d4
[    3.301118]  do_execveat_common+0x1e8/0x228
[    3.305432]  __arm64_sys_execve+0x3c/0x4c
[    3.309569]  do_el0_svc+0xec/0x154
[    3.313079]  el0_svc+0xc/0x14
[    3.316139]  el0_sync_handler+0x7c/0xd8
[    3.320095]  el0_sync+0x144/0x180
[    3.323516] Code: 51002718 340001d7 1ad82768 8b284c15 (f94002a0) 
[    3.329808] ---[ end trace 69ebb6381d57e49b ]---

Tyler

  reply	other threads:[~2021-02-23 21:52 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-23 21:43 [BUG] Race between policy reload sidtab conversion and live conversion Tyler Hicks
2021-02-23 21:50 ` Tyler Hicks [this message]
2021-02-23 22:36   ` Tyler Hicks
2021-02-24  0:02     ` Paul Moore
2021-02-24  9:33     ` Ondrej Mosnacek
2021-02-24 14:36       ` Tyler Hicks
2021-02-25 16:38         ` Ondrej Mosnacek
2021-02-25 16:45           ` Tyler Hicks
2021-02-25 23:27           ` Paul Moore
2021-02-26  1:06       ` Paul Moore
2021-02-26 11:11         ` Ondrej Mosnacek
2021-02-28 19:21           ` Paul Moore
2021-03-01 10:35             ` Ondrej Mosnacek
2021-03-01 14:46               ` Paul Moore
     [not found]         ` <20210226040542.1137-1-hdanton@sina.com>
2021-02-26 11:19           ` Ondrej Mosnacek
     [not found]             ` <20210227023524.15844-1-hdanton@sina.com>
2021-03-01 14:35               ` Ondrej Mosnacek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210223215054.GC6000@sequoia \
    --to=tyhicks@linux.microsoft.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=omosnace@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).