linux/security/selinux/ss
Waiman Long f31e799459 selinux: no recursive read_lock of policy_rwlock in security_genfs_sid()
With the introduction of fair queued rwlock, recursive read_lock()
may hang the offending process if there is a write_lock() somewhere
in between.

With recursive read_lock checking enabled, the following error was
reported:

=============================================
[ INFO: possible recursive locking detected ]
3.16.0-rc1 #2 Tainted: G            E
---------------------------------------------
load_policy/708 is trying to acquire lock:
 (policy_rwlock){.+.+..}, at: [<ffffffff8125b32a>]
security_genfs_sid+0x3a/0x170

but task is already holding lock:
 (policy_rwlock){.+.+..}, at: [<ffffffff8125b48c>]
security_fs_use+0x2c/0x110

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(policy_rwlock);
  lock(policy_rwlock);

This patch fixes the occurrence of recursive read_lock() of
policy_rwlock by adding a helper function __security_genfs_sid()
which requires caller to take the lock before calling it. The
security_fs_use() was then modified to call the new helper function.

Signed-off-by: Waiman Long <Waiman.Long@hp.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <pmoore@redhat.com>
2014-06-23 16:52:55 -04:00
..
avtab.c SELinux: allow userspace to read policy back out of the kernel 2010-10-21 10:12:58 +11:00
avtab.h SELinux: Use dentry name in new object labeling 2011-02-01 11:12:30 -05:00
conditional.c selinux: fix a possible memory leak in cond_read_node() 2014-06-19 14:56:59 -04:00
conditional.h selinux: sparse fix: fix several warnings in the security server code 2011-09-09 16:56:32 -07:00
constraint.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
context.h SELinux: allow default source/target selectors for user/role/range 2012-04-09 12:22:47 -04:00
ebitmap.c SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
ebitmap.h SELinux: Increase ebitmap_node size for 64-bit configuration 2013-07-25 13:02:31 -04:00
hashtab.c selinux: conditionally reschedule in hashtab_insert while loading selinux policy 2014-05-15 17:07:55 -04:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
mls_types.h SELinux: Reduce overhead of mls_level_isvalid() function call 2013-07-25 13:02:18 -04:00
mls.c selinux: conditionally reschedule in mls_convert_context while loading selinux policy 2014-05-15 17:06:14 -04:00
mls.h doc: Update the email address for Paul Moore in various source files 2011-08-01 17:58:33 -07:00
policydb.c selinux: introduce str_read() helper 2014-06-18 15:55:58 -04:00
policydb.h SELinux: Update policy version to support constraints info 2013-11-19 17:34:23 -05:00
services.c selinux: no recursive read_lock of policy_rwlock in security_genfs_sid() 2014-06-23 16:52:55 -04:00
services.h
sidtab.c selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
sidtab.h selinux: cache sidtab_context_to_sid results 2010-12-07 16:44:01 -05:00
status.c selinux: fix up style problem on /selinux/status 2010-10-21 10:12:41 +11:00
symtab.c selinux: fix error codes in symtab_init() 2010-08-02 15:35:04 +10:00
symtab.h