exceptions may be traversed using list_for_each_entry_rcu()
outside of an RCU read side critical section BUT under the
protection of decgroup_mutex. Hence add the corresponding
lockdep expression to fix the following false-positive
warning:
[ 2.304417] =============================
[ 2.304418] WARNING: suspicious RCU usage
[ 2.304420] 5.5.4-stable #17 Tainted: G E
[ 2.304422] -----------------------------
[ 2.304424] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
Signed-off-by: Amol Grover <[email protected]>
---
security/device_cgroup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 7d0f8f7431ff..b7da9e0970d9 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -352,7 +352,8 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
{
struct dev_exception_item *ex;
- list_for_each_entry_rcu(ex, exceptions, list) {
+ list_for_each_entry_rcu(ex, exceptions, list,
+ lockdep_is_held(&devcgroup_mutex)) {
if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
continue;
if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
--
2.24.1
Hi all,
On Mon, 6 Apr 2020 16:29:50 +0530 Amol Grover <[email protected]> wrote:
>
> exceptions may be traversed using list_for_each_entry_rcu()
> outside of an RCU read side critical section BUT under the
> protection of decgroup_mutex. Hence add the corresponding
> lockdep expression to fix the following false-positive
> warning:
>
> [ 2.304417] =============================
> [ 2.304418] WARNING: suspicious RCU usage
> [ 2.304420] 5.5.4-stable #17 Tainted: G E
> [ 2.304422] -----------------------------
> [ 2.304424] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
>
> Signed-off-by: Amol Grover <[email protected]>
> ---
> security/device_cgroup.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> index 7d0f8f7431ff..b7da9e0970d9 100644
> --- a/security/device_cgroup.c
> +++ b/security/device_cgroup.c
> @@ -352,7 +352,8 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
> {
> struct dev_exception_item *ex;
>
> - list_for_each_entry_rcu(ex, exceptions, list) {
> + list_for_each_entry_rcu(ex, exceptions, list,
> + lockdep_is_held(&devcgroup_mutex)) {
> if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
> continue;
> if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
> --
> 2.24.1
>
I have been carrying the above patch in linux-next for some time now.
I have been carrying it because it fixes problems for syzbot (see the
third warning in
https://lore.kernel.org/linux-next/CACT4Y+YnjK+kq0pfb5fe-q1bqe2T1jq_mvKHf--Z80Z3wkyK1Q@mail.gmail.com/).
Is there some reason it has not been applied to some tree?
--
Cheers,
Stephen Rothwell
On Sun, Jun 07, 2020 at 06:23:40AM +1000, Stephen Rothwell wrote:
> Hi all,
>
> On Mon, 6 Apr 2020 16:29:50 +0530 Amol Grover <[email protected]> wrote:
> >
> > exceptions may be traversed using list_for_each_entry_rcu()
> > outside of an RCU read side critical section BUT under the
> > protection of decgroup_mutex. Hence add the corresponding
> > lockdep expression to fix the following false-positive
> > warning:
> >
> > [ 2.304417] =============================
> > [ 2.304418] WARNING: suspicious RCU usage
> > [ 2.304420] 5.5.4-stable #17 Tainted: G E
> > [ 2.304422] -----------------------------
> > [ 2.304424] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
> >
> > Signed-off-by: Amol Grover <[email protected]>
> > ---
> > security/device_cgroup.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> > index 7d0f8f7431ff..b7da9e0970d9 100644
> > --- a/security/device_cgroup.c
> > +++ b/security/device_cgroup.c
> > @@ -352,7 +352,8 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
> > {
> > struct dev_exception_item *ex;
> >
> > - list_for_each_entry_rcu(ex, exceptions, list) {
> > + list_for_each_entry_rcu(ex, exceptions, list,
> > + lockdep_is_held(&devcgroup_mutex)) {
> > if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
> > continue;
> > if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
> > --
> > 2.24.1
> >
>
> I have been carrying the above patch in linux-next for some time now.
> I have been carrying it because it fixes problems for syzbot (see the
> third warning in
> https://lore.kernel.org/linux-next/CACT4Y+YnjK+kq0pfb5fe-q1bqe2T1jq_mvKHf--Z80Z3wkyK1Q@mail.gmail.com/).
> Is there some reason it has not been applied to some tree?
The RCU changes on which this patch depends have long since made it to
mainline, so it can go up any tree. I can take it if no one else will,
but it might be better going in via the security tree.
Thanx, Paul
On Sun, Jun 07, 2020 at 12:08:40PM -0700, Paul E. McKenney wrote:
> On Sun, Jun 07, 2020 at 06:23:40AM +1000, Stephen Rothwell wrote:
> > Hi all,
> >
> > On Mon, 6 Apr 2020 16:29:50 +0530 Amol Grover <[email protected]> wrote:
> > >
> > > exceptions may be traversed using list_for_each_entry_rcu()
> > > outside of an RCU read side critical section BUT under the
> > > protection of decgroup_mutex. Hence add the corresponding
> > > lockdep expression to fix the following false-positive
> > > warning:
> > >
> > > [ 2.304417] =============================
> > > [ 2.304418] WARNING: suspicious RCU usage
> > > [ 2.304420] 5.5.4-stable #17 Tainted: G E
> > > [ 2.304422] -----------------------------
> > > [ 2.304424] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
> > >
> > > Signed-off-by: Amol Grover <[email protected]>
> > > ---
> > > security/device_cgroup.c | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> > > index 7d0f8f7431ff..b7da9e0970d9 100644
> > > --- a/security/device_cgroup.c
> > > +++ b/security/device_cgroup.c
> > > @@ -352,7 +352,8 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
> > > {
> > > struct dev_exception_item *ex;
> > >
> > > - list_for_each_entry_rcu(ex, exceptions, list) {
> > > + list_for_each_entry_rcu(ex, exceptions, list,
> > > + lockdep_is_held(&devcgroup_mutex)) {
> > > if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
> > > continue;
> > > if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
> > > --
> > > 2.24.1
> > >
> >
> > I have been carrying the above patch in linux-next for some time now.
> > I have been carrying it because it fixes problems for syzbot (see the
> > third warning in
> > https://lore.kernel.org/linux-next/CACT4Y+YnjK+kq0pfb5fe-q1bqe2T1jq_mvKHf--Z80Z3wkyK1Q@mail.gmail.com/).
> > Is there some reason it has not been applied to some tree?
>
> The RCU changes on which this patch depends have long since made it to
> mainline, so it can go up any tree. I can take it if no one else will,
> but it might be better going in via the security tree.
>
> Thanx, Paul
James, do you mind pulling it in?
Hi all,
On Sun, 7 Jun 2020 23:17:34 -0500 "Serge E. Hallyn" <[email protected]> wrote:
> On Sun, Jun 07, 2020 at 12:08:40PM -0700, Paul E. McKenney wrote:
> > On Sun, Jun 07, 2020 at 06:23:40AM +1000, Stephen Rothwell wrote:
> > >
> > > On Mon, 6 Apr 2020 16:29:50 +0530 Amol Grover <[email protected]> wrote:
> > > >
> > > > exceptions may be traversed using list_for_each_entry_rcu()
> > > > outside of an RCU read side critical section BUT under the
> > > > protection of decgroup_mutex. Hence add the corresponding
> > > > lockdep expression to fix the following false-positive
> > > > warning:
> > > >
> > > > [ 2.304417] =============================
> > > > [ 2.304418] WARNING: suspicious RCU usage
> > > > [ 2.304420] 5.5.4-stable #17 Tainted: G E
> > > > [ 2.304422] -----------------------------
> > > > [ 2.304424] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
> > > >
> > > > Signed-off-by: Amol Grover <[email protected]>
> > > > ---
> > > > security/device_cgroup.c | 3 ++-
> > > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> > > > index 7d0f8f7431ff..b7da9e0970d9 100644
> > > > --- a/security/device_cgroup.c
> > > > +++ b/security/device_cgroup.c
> > > > @@ -352,7 +352,8 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
> > > > {
> > > > struct dev_exception_item *ex;
> > > >
> > > > - list_for_each_entry_rcu(ex, exceptions, list) {
> > > > + list_for_each_entry_rcu(ex, exceptions, list,
> > > > + lockdep_is_held(&devcgroup_mutex)) {
> > > > if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
> > > > continue;
> > > > if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
> > >
> > > I have been carrying the above patch in linux-next for some time now.
> > > I have been carrying it because it fixes problems for syzbot (see the
> > > third warning in
> > > https://lore.kernel.org/linux-next/CACT4Y+YnjK+kq0pfb5fe-q1bqe2T1jq_mvKHf--Z80Z3wkyK1Q@mail.gmail.com/).
> > > Is there some reason it has not been applied to some tree?
> >
> > The RCU changes on which this patch depends have long since made it to
> > mainline, so it can go up any tree. I can take it if no one else will,
> > but it might be better going in via the security tree.
>
> James, do you mind pulling it in?
I am still carrying this patch. Has it been superceded, or is it still
necessary?
--
Cheers,
Stephen Rothwell
On Mon, 17 Aug 2020, Stephen Rothwell wrote:
> > > mainline, so it can go up any tree. I can take it if no one else will,
> > > but it might be better going in via the security tree.
> >
> > James, do you mind pulling it in?
>
> I am still carrying this patch. Has it been superceded, or is it still
> necessary?
It appears to be necessary.
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v5.9
--
James Morris
<[email protected]>
Hi James,
On Fri, 21 Aug 2020 04:28:34 +1000 (AEST) James Morris <[email protected]> wrote:
>
> On Mon, 17 Aug 2020, Stephen Rothwell wrote:
>
> > > > mainline, so it can go up any tree. I can take it if no one else will,
> > > > but it might be better going in via the security tree.
> > >
> > > James, do you mind pulling it in?
> >
> > I am still carrying this patch. Has it been superceded, or is it still
> > necessary?
>
> It appears to be necessary.
>
> Applied to
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git fixes-v5.9
Thanks, I have dropped my copy.
--
Cheers,
Stephen Rothwell