Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp422059imm;
        Thu, 28 Jun 2018 23:35:34 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKJSvaflENooGxbRUWico2NR2eyBKGMxEqTLQvhKw+mxDS02hbDXK0xSkzWaw2FtHT9O9MdU
X-Received: by 2002:a63:8848:: with SMTP id l69-v6mr11221145pgd.377.1530254134483;
        Thu, 28 Jun 2018 23:35:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530254134; cv=none;
        d=google.com; s=arc-20160816;
        b=MS5SBxz8ESRQSYio4ba4nrdCkzRnRLxQchg9D29Cx7EkStxSyjD+IDnWhP2p/eOw86
         cX+fhUYFUF++V1JkMJ6ivDg6/w2sdQ95g/dV730gylV3wloUQGg0n3v75ldx7+dZzn5u
         ymOZ+1QtriNq/LzKmrLEg8BZLy2mP1wHKRHofghzl9ukpnAEtKlU3sgRlx4LAJWvl7fV
         bwLcEWd6BO8qTH/VuaOQQ0z+0FjW1EgG1m9STw8vZwHPOCbxdXoO6GUYctLJIZVSTnva
         mVDjt3uDJqMeDyXcokR6Ce1q2Tns7OIWr7Ud2ldyRXtaoigVAPZD8/fYMMzkhCkvwdyj
         +kSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature
         :arc-authentication-results;
        bh=JUplO1YDLPCIwiehlJJhVY8ZRKx4hS1xrtcVpKSstIA=;
        b=YG3KVYa0kYdweMUqXSLJTW8UKyRxw67+oGBlgsDcHqMS3QC/9aTERCbuzBkDnkOIYQ
         5uhfd/Qcv0q+bhDJMmc5JQOWFg2UhGQY3Xig+G7aSuPJsTEeOQ7FZZ7RSaZZwVR9GM1e
         Nttcc0YvWvAtzm/9U/LoOX4XA4aFXJ85XocYEjCKKn3ZwxfrR0Ko3JklpOSYYfNn9tw5
         MhD1sNR9p2apPI4hHVpulEpO9aCIudhbhmd+V0n9ZM6TLRRQMWF5eI4n7KDkb/UzzFs8
         NY2nTb2Kul0e87O8aW5mhkF04pRDtXoa2wKNhBgxZ/MB0a1WSfK3ky5Yay/6t4rLufT9
         nmsw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b="BnWSXRm/";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s7-v6si7555898pgb.281.2018.06.28.23.35.20;
        Thu, 28 Jun 2018 23:35:34 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b="BnWSXRm/";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S936295AbeF2Ayr (ORCPT <rfc822;mailist1go@gmail.com> + 99 others);
        Thu, 28 Jun 2018 20:54:47 -0400
Received: from mail-lf0-f68.google.com ([209.85.215.68]:34716 "EHLO
        mail-lf0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933008AbeF2Ayq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 28 Jun 2018 20:54:46 -0400
Received: by mail-lf0-f68.google.com with SMTP id n96-v6so5560936lfi.1
        for <linux-kernel@vger.kernel.org>; Thu, 28 Jun 2018 17:54:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=JUplO1YDLPCIwiehlJJhVY8ZRKx4hS1xrtcVpKSstIA=;
        b=BnWSXRm/Wpw3ww0uXoziCNCMO92RxcY/mjn/pnK34Tnna5XsRVJLXb3EteZpwHmtjC
         R+g/HegiKrinHE6MDrIS56pDVED/+IZv1n8P48Eo51J/YxyUv80gNtZABhZmRol+YSoN
         iKYFv055egy0KdtPaaSjf0UR1qIRW/YUqTqAcczYhEPdNVfn65r+xxxMN/tJdQtXJqVM
         o53cjPG1rX0qXXvAZ3n4DX8s34cRDYq3FxK/kMu+iYoZ1O4+Ku9UZG+Zoj6Si0+DZbGc
         XdECA/5kVCjSuKT/LWWD0IiaQ6EoBD6KjWWkm/2YqwLL97Wt8aOQsUM46VKPmovHa0YL
         IRGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=JUplO1YDLPCIwiehlJJhVY8ZRKx4hS1xrtcVpKSstIA=;
        b=E7vI8VeAaQJTvY3hmCzlddQ0xtFshRaAQRH5sSixA5T3G8O+/MSqfI4uDIHEtR7t0J
         clL0Mr3lhomW7wucJ5ff4/OCACAx5mG4CtP3H4eCd0e5hlensyDQHQ9+9HZMvznhPi4q
         THAIt9HRpLjKHj9zpKMoUzzOTp9Kg23zi6n/I4Sb3iB7RCZMRQqHtwmoLwKyHaO1BDKY
         OmJ20zDLwdOnsUgCVomAN0rb2mjapFcMxTI0sODEDdHZ0LWrGHXbFNcClkc3e60gteeD
         Y+yW8l2fF4X1z113F23NdgRxsDcBLdCim4s1tNqXj6kGAlCg2rDJZ0mrY9VmQ3FNBqC3
         POig==
X-Gm-Message-State: APt69E2OykJNh85KSKM/t1BrCu0+EihAmeC5e9b5LMUdpCHKG8V/kWga
        zNJg+KDMEvz3FQ6Z8wkZ94z69uzTUL6S4mba83xt
X-Received: by 2002:a19:a892:: with SMTP id r140-v6mr8090750lfe.39.1530233684556;
 Thu, 28 Jun 2018 17:54:44 -0700 (PDT)
MIME-Version: 1.0
References: <20180625163425.216965-1-jannh@google.com> <9d5d0cb7-5875-0814-835b-097db650b6a1@tycho.nsa.gov>
 <CAHC9VhQ7ep3HSw8iqWBsiW0hhZ-drVtk7bW1rA1uAyUrbm3PqA@mail.gmail.com> <CAHC9VhTcncUn3CgAgG-FiXyyoNiq5DdHF1cSYJeWpu8PvRXucw@mail.gmail.com>
In-Reply-To: <CAHC9VhTcncUn3CgAgG-FiXyyoNiq5DdHF1cSYJeWpu8PvRXucw@mail.gmail.com>
From:   Paul Moore <paul@paul-moore.com>
Date:   Thu, 28 Jun 2018 20:54:33 -0400
Message-ID: <CAHC9VhQxOKk21i0MBMOKr-A7nf+vSbi0_Hxfa8dTDPDdbMyUGg@mail.gmail.com>
Subject: Re: [PATCH] selinux: move user accesses in selinuxfs out of locked regions
To:     jannh@google.com
Cc:     Eric Paris <eparis@parisplace.org>, selinux@tycho.nsa.gov,
        security@kernel.org, linux-kernel@vger.kernel.org,
        Stephen Smalley <sds@tycho.nsa.gov>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Jun 28, 2018 at 8:38 PM Paul Moore <paul@paul-moore.com> wrote:
> On Thu, Jun 28, 2018 at 8:23 PM Paul Moore <paul@paul-moore.com> wrote:
> > On Tue, Jun 26, 2018 at 8:15 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > > On 06/25/2018 12:34 PM, Jann Horn wrote:
> > > > If a user is accessing a file in selinuxfs with a pointer to a userspace
> > > > buffer that is backed by e.g. a userfaultfd, the userspace access can
> > > > stall indefinitely, which can block fsi->mutex if it is held.
> > > >
> > > > For sel_read_policy(), remove the locking, since this method doesn't seem
> > > > to access anything that requires locking.
> > > >
> > > > For sel_read_bool(), move the user access below the locked region.
> > > >
> > > > For sel_write_bool() and sel_commit_bools_write(), move the user access
> > > > up above the locked region.
> > > >
> > > > Cc: stable@vger.kernel.org
> > > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> > > > Signed-off-by: Jann Horn <jannh@google.com>
> > >
> > > Only question I have is wrt the Fixes line, i.e. was this an issue until userfaultfd was introduced, and if not,
> > > do we need it to be back-ported any further than the commit which introduced it.
> >
> > Considering we are talking about v2.6.12 I have to wonder if anyone is
> > bothering with backports for kernels that old.  Even the RHEL-5.x
> > based systems are at least on v2.6.18.
> >
> > Regardless, I think this is fine to merge as-is; thanks everyone.
>
> FYI, I did have to remove the "fsi" variable from sel_read_policy() to
> keep the compiler happy.  Please double check to make sure your code
> compiles cleanly in the future.

I realize I didn't specify this above ... I merged this into
selinux/stable-4.18; I'm building a test kernel now and if everything
looks okay I'll send it to Linus tomorrow.

-- 
paul moore
www.paul-moore.com