Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp876875ybc; Tue, 19 Nov 2019 10:43:31 -0800 (PST) X-Google-Smtp-Source: APXvYqzZ0fVD5SR3AzGobcQ+rpTRWdWxzwvv1ybq69Ko96IXEkQjoG99jYusbpJQcmjnGKneBzGc X-Received: by 2002:a7b:c7c7:: with SMTP id z7mr7187582wmk.133.1574189011035; Tue, 19 Nov 2019 10:43:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574189011; cv=none; d=google.com; s=arc-20160816; b=yOoChLiu4O6AQCgV+MNVhUDL4wot7LBzjRw32h1n6cBb1rngFpIqQyzAa9+Wy4wkzb 02n7SP7tS1Kp5tQCzXK5Ygh7PXOuf3+QayqQQmrePjtZZiSPD4hIaOKZ+2jlxQRZ/QJm LNHv1vOUrfeyVv/aIT9r6DHlHfSOOe3PoTYq1UQQxAzlOBr6sj5qhc42sMxjMtz8BLt2 GPl/WoM91wKL2SRY5i2FjcGkm4C+o7qP7lXyVBW3+zJIzH6w1TQk3Fp5kmLPcpS91ZPO mRwnGrcnT/w6NvssSb6NJPWz3V9dIP6C9JNCcgnrQ4d6R4x3dTC4H8MyIDXI75mlbfSM kbNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=S4oXoiaSENmT54jJKWEzIw5jYw7fHAfm6P8ca6GeQTE=; b=BaRG5WjzHtW9JvbApvrrhCB/UouYT7kidQZi5mRFbuzefWoae6BSpc8F4LLcYWhpX1 SoWeJBlMfMAKS3ADr2uwD6YPH33rYpKe0OnQ7GMxkOqJCBkPHHboxsl7bpJnprMathk9 G5FGMC90fnLf1qZQP8Y2zz98jgOXb8kfaFKks14Pc7s0f7qisJMYKRII7fayg20+Hzqw vLqbw0cWofmsxz+L8VIlbPyQjp96Rb1aqtKeqNEziJJPCD97oRLfq1UZV7ZWnlbbdlON 3f4Z7SpaaFvkjwptvl2IDzMSWI4Kz1nnpwV4tsZP7d5HAyry6c09KSZyxh1G3FCA7V6M fPlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qQeCmPx7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z44si18549347edz.211.2019.11.19.10.43.07; Tue, 19 Nov 2019 10:43:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=qQeCmPx7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727437AbfKSSlG (ORCPT + 99 others); Tue, 19 Nov 2019 13:41:06 -0500 Received: from mail.kernel.org ([198.145.29.99]:52788 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726792AbfKSSlF (ORCPT ); Tue, 19 Nov 2019 13:41:05 -0500 Received: from localhost.localdomain (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 1FCEF2240B; Tue, 19 Nov 2019 18:41:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1574188864; bh=ID5i6LVxAXJWLxbt0faGOihxGx2WttitYMxA2sPDKsg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qQeCmPx7uvR5TXjLvO7hl3dDLVDJuANdiapoBJXvEorZvmmemwQ1gwz7fDtcYWOFE LguQTyU5XUPAOyclY6HGobwDxqVnAgqEwpEH7X539g6d2bxf16aacY1YSLQwNaaRY6 SnmG7fnRc750oLaOnarXXwH/xG4CXev6Q8uU5VtM= From: Will Deacon To: selinux@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Will Deacon Subject: [RFC PATCH 1/2] selinux: Don't call avc_compute_av() from RCU path walk Date: Tue, 19 Nov 2019 18:40:56 +0000 Message-Id: <20191119184057.14961-2-will@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191119184057.14961-1-will@kernel.org> References: <20191119184057.14961-1-will@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 'avc_compute_av()' can block, so we carefully exit the RCU read-side critical section before calling it in 'avc_has_perm_noaudit()'. Unfortunately, if we're calling from the VFS layer on the RCU path walk via 'selinux_inode_permission()' then we're still actually in an RCU read-side critical section and must not block. 'avc_denied()' already handles this by simply returning success and postponing the auditing until we're called again on the slowpath, so follow the same approach here and return early if the node lookup fails on the RCU walk path. Signed-off-by: Will Deacon --- security/selinux/avc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index ecd3829996aa..9c183c899e92 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -1159,16 +1159,19 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, rcu_read_lock(); node = avc_lookup(state->avc, ssid, tsid, tclass); - if (unlikely(!node)) + if (unlikely(!node)) { + if (flags & AVC_NONBLOCKING) + goto out; node = avc_compute_av(state, ssid, tsid, tclass, avd, &xp_node); - else + } else { memcpy(avd, &node->ae.avd, sizeof(*avd)); + } denied = requested & ~(avd->allowed); if (unlikely(denied)) rc = avc_denied(state, ssid, tsid, tclass, requested, 0, 0, flags, avd); - +out: rcu_read_unlock(); return rc; } -- 2.24.0.432.g9d3f5f5b63-goog