Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp15572imm;
        Mon, 2 Jul 2018 06:58:26 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKIVGDtQx7KudfmjcgS7ygeezSJ6hpy3pH9qsdVuvyg5n83W9AO0Va70TB6cgzjuQw6ynSiv
X-Received: by 2002:a17:902:68:: with SMTP id 95-v6mr25951316pla.178.1530539906609;
        Mon, 02 Jul 2018 06:58:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1530539906; cv=none;
        d=google.com; s=arc-20160816;
        b=snEo+GkH6bRy549hFqsvw+aOmRcO2WIsmAg5jRwXkdaI2lFUvpsLDsbPJU1CG8IdKw
         whoPrCBMg0/7t8pK9FlohaNl/pi60OjwaAGI9vy+vHCAIu3IzWBjaTI/n/EffQmM2t71
         Wq0CCnacezRCyRJRol4I7AxWLLo3d5w2JnqhXGETwmQimtbylanYqSjN1fekMPCB5vDl
         1e/CCDcNhbJSG7InCqgkF1kCHakY+KhPAWqpv3kF5M70TbuJ4k0vg6iG4OFiS92WR/nG
         /TUd+Azy+P8Qrd5Tzi6HO+NwPiS6Zp6IhSN6CCpYxmHSsY013pN7f+wS5O6oWExYnfE/
         ifEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature
         :arc-authentication-results;
        bh=iRmzmjgHNHK7Q3hcXhXWZuiHT81sGl3I5E8b3/aAkBc=;
        b=kyLae0yUrn3y0KkPvzrvWAX4R0Dm4fPam3tS5c9ZY18VYUsteLknXq5WPQMMFCdFSC
         YYF/YovnXivaHSt54UqtsWxj+3Dr6Mk6EcFONTpufNwDEhSSdx1Wyi4zFgzNIz9AFmbT
         62N6VGZnRhyTPyNY2Sh8cE4GXk9rZ85LID6WxvpLLOxLSwuVSBsvmeMIZ0MqFZ2A7eg/
         Q3XdWorCRoVevnMXH1NbazuMSbqNbUyMJY6vI23LaUsZ5OOF23pFkvlnhJqrALvBgwyp
         ur08uiXjI+qnLy3GG0DSpIH4v9JCaK/oW2E528zNMgBUR/u3wOEf8unJ1QH2dFaLf17E
         hakw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=cp0ceE44;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s25-v6si14504066pgd.188.2018.07.02.06.58.11;
        Mon, 02 Jul 2018 06:58:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=cp0ceE44;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752318AbeGBN52 (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Mon, 2 Jul 2018 09:57:28 -0400
Received: from mail-oi0-f67.google.com ([209.85.218.67]:41120 "EHLO
        mail-oi0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751535AbeGBN50 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 2 Jul 2018 09:57:26 -0400
Received: by mail-oi0-f67.google.com with SMTP id k12-v6so2771981oiw.8
        for <linux-kernel@vger.kernel.org>; Mon, 02 Jul 2018 06:57:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=iRmzmjgHNHK7Q3hcXhXWZuiHT81sGl3I5E8b3/aAkBc=;
        b=cp0ceE44rbtmefEYe72/TvsmvZJaNVx4vp4lsUctCW/XrkbUtsfS/22BBExB2DrPTx
         2hPGYCYuFV/pM1dQObp1ON8h0GEM7DuLTJvJ+9uVvD068KFG8P/fuWvOhdMEe+tskMGq
         Cuf2QoZ6fFnRmc+NtDdLvuCGdmYDnE31PyfQGSBq5E4E0rXT5nadP/pE4wRkVe6ZEMsg
         HLCWxBNeccOL6j35YM2cNS+ZowBz+RGCzChjxP+EDnlAHWaUtokzk3r3ISCtPP4o44F/
         DwzkOFN43T/V3RIgWltQRdj7/KhjcApqKjOEuqXnFv05d8Y04XbespCzOchByUcQfZQo
         FHYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=iRmzmjgHNHK7Q3hcXhXWZuiHT81sGl3I5E8b3/aAkBc=;
        b=bSGkEFaOBjkg2m8p3sIoAgYDsJAtEU6VbJL8ZkEfbufYzO+Sgxw4xDwobYhqkNP4kF
         8e5wCIqD2ljCq7Hj3jDJZ1CT1RgJyfxujS/vKvCDK6jsL5rBiZr8zy+GrEmKcJJJYyGG
         8Ou30Y+7Z8/VnvbZbr61FEqkxEoflO6pXNTFOkmYWistW6USkfdP9avKJ9vHlE7DaQVE
         scVcISUJUD0ferua9LFAwS0dAWVGarGVVBCyuDjra7Lv51iSG7t9+3hf99VTCRUsKadW
         MHSIT/zjff7uM5vgQKV+3IxHVMQAOAgmfxlihiqPaUjGtqx+2QC4VwAvaJu3S+EFsad+
         P8dg==
X-Gm-Message-State: APt69E0+NzpGXTA5jlO0ckXQzmrQP8Zxsx3lVZHzI6kpaJSw1DBEtl++
        0VOGnt+S2tcBf0e+CZkIQzkzwRH1b8vPzszFdWjEbw==
X-Received: by 2002:aca:3002:: with SMTP id w2-v6mr14824120oiw.29.1530539845931;
 Mon, 02 Jul 2018 06:57:25 -0700 (PDT)
MIME-Version: 1.0
References: <20180625163425.216965-1-jannh@google.com> <9d5d0cb7-5875-0814-835b-097db650b6a1@tycho.nsa.gov>
 <CAHC9VhQ7ep3HSw8iqWBsiW0hhZ-drVtk7bW1rA1uAyUrbm3PqA@mail.gmail.com> <CAHC9VhTcncUn3CgAgG-FiXyyoNiq5DdHF1cSYJeWpu8PvRXucw@mail.gmail.com>
In-Reply-To: <CAHC9VhTcncUn3CgAgG-FiXyyoNiq5DdHF1cSYJeWpu8PvRXucw@mail.gmail.com>
From:   Jann Horn <jannh@google.com>
Date:   Mon, 2 Jul 2018 15:57:14 +0200
Message-ID: <CAG48ez0GDpuFO1-uMv0GGoPjo08QSCv0sL5du2b7_mi0QFcE8Q@mail.gmail.com>
Subject: Re: [PATCH] selinux: move user accesses in selinuxfs out of locked regions
To:     Paul Moore <paul@paul-moore.com>
Cc:     Eric Paris <eparis@parisplace.org>, selinux@tycho.nsa.gov,
        security@kernel.org, kernel list <linux-kernel@vger.kernel.org>,
        Stephen Smalley <sds@tycho.nsa.gov>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jun 29, 2018 at 2:38 AM Paul Moore <paul@paul-moore.com> wrote:
>
> On Thu, Jun 28, 2018 at 8:23 PM Paul Moore <paul@paul-moore.com> wrote:
> > On Tue, Jun 26, 2018 at 8:15 AM Stephen Smalley <sds@tycho.nsa.gov> wrote:
> > > On 06/25/2018 12:34 PM, Jann Horn wrote:
> > > > If a user is accessing a file in selinuxfs with a pointer to a userspace
> > > > buffer that is backed by e.g. a userfaultfd, the userspace access can
> > > > stall indefinitely, which can block fsi->mutex if it is held.
> > > >
> > > > For sel_read_policy(), remove the locking, since this method doesn't seem
> > > > to access anything that requires locking.
> > > >
> > > > For sel_read_bool(), move the user access below the locked region.
> > > >
> > > > For sel_write_bool() and sel_commit_bools_write(), move the user access
> > > > up above the locked region.
> > > >
> > > > Cc: stable@vger.kernel.org
> > > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> > > > Signed-off-by: Jann Horn <jannh@google.com>
> > >
> > > Only question I have is wrt the Fixes line, i.e. was this an issue until userfaultfd was introduced, and if not,
> > > do we need it to be back-ported any further than the commit which introduced it.
> >
> > Considering we are talking about v2.6.12 I have to wonder if anyone is
> > bothering with backports for kernels that old.  Even the RHEL-5.x
> > based systems are at least on v2.6.18.
> >
> > Regardless, I think this is fine to merge as-is; thanks everyone.
>
> FYI, I did have to remove the "fsi" variable from sel_read_policy() to
> keep the compiler happy.  Please double check to make sure your code
> compiles cleanly in the future.

Oof, don't know how I missed that. Sorry, I'll be more careful.