Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp5340596ybl; Tue, 14 Jan 2020 07:23:24 -0800 (PST) X-Google-Smtp-Source: APXvYqwg7q03LTNwCs/am+IIxAo2oBPfc8iuGw78iH560sRgLRZ3NDV+SBXvZjpCiyljVWr4Ycza X-Received: by 2002:a9d:402:: with SMTP id 2mr15516444otc.357.1579015404603; Tue, 14 Jan 2020 07:23:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1579015404; cv=none; d=google.com; s=arc-20160816; b=XpVjrG5O/JFM4G1PRP3mBfRXCfYur/ad+8t/VjyCDLDH8TlHuFjNcdP/b/vQIp6eIF ZWxkD0r70d/3D5dQAOmQO8G3rQlZp3BRnO4IR5PUt3pCYoi03BAGFeP4/3Qyog32DgAj SpnbK5E5hhTvA6Cn5kA/HcLzd8Zl2wQFvj0spBgmMYI2ZEwInEYfh5ADGXw5NeQcw+BO Padz7dGdzm75Y9v2GdlWLXJQ0xvD24UMeb4KI9oS4uS/AOP/ZzzCBHzYrKP+VzWhbPe3 CRNcdOX62ecWG1Tc774NEbl75rZ8LK9b5dkCuovZXjPO+BOoSBXOQDw9qMgIjt469XnQ FXJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=0+VTsT8at9VIYcyBlipNY0A9XMLE3LU+9wMyoR7dVL0=; b=tE3F6c6b7vYLJcs5WTmTo27Xlkj3IUwGmdPFZxDdy6BYfjp/7xlsSC4Kk9VlYvkT1A mCE6n4P+l34pBmReTcgjK1xjBL1B4Iihu4fa7jwBEDwSZACvTVpF1ZH9lc+k3GqFIDXt tDU+4rnkr/ZohW2vYMRoTPLSQJiTv7v+fam9Btc65k+dJm80Mmd3zXeyhjRFmHMN5m5T z6qSuxuEVCmGH7JM55JUGhUTssn5BPDI8da7PjmfA6HBZetU3zjAiosYyz5/OFA27eeA NE5zqvbTAL/S3Su3nFPMR4lvp/DoKgQom+M9iavkUBbTC1Fs+COneMva53IZLUYdZWU0 sIHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lL0gwmIh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h128si7879897oif.258.2020.01.14.07.23.12; Tue, 14 Jan 2020 07:23:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=lL0gwmIh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728983AbgANPVU (ORCPT + 99 others); Tue, 14 Jan 2020 10:21:20 -0500 Received: from mail-qk1-f194.google.com ([209.85.222.194]:41111 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725904AbgANPVU (ORCPT ); Tue, 14 Jan 2020 10:21:20 -0500 Received: by mail-qk1-f194.google.com with SMTP id x129so12390887qke.8 for ; Tue, 14 Jan 2020 07:21:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0+VTsT8at9VIYcyBlipNY0A9XMLE3LU+9wMyoR7dVL0=; b=lL0gwmIhu/QDzkMudcYSE1LRGOYpJCSrcnNAnosiNNFrMsIQnFJdQKehKILwE2iJ1+ oLPDtSrEhjqtp4xNou9CkH+yJ5kLYMxJmjRRs4h8GcfvMdzvlOYtwEaIt/Z/hz4etL3m Ml9T7bFe+8SQbg1lX1Fx6K0Y3uU5OQbjTlkF+HwF4e7Uj9O3oPfMsgQju+a4l+oNYyid DwDon1lBHobwlkezy+kQHcCTg4wk3gPhXeAowUOqQDRIGBdirwKzHxRXgJVV/tinq75c 1Fmo8g/Kka4lWODeK0+WZh5RyO/ylvA4TSvlRB0hG4DUX383lclX3Ad9gnPVMpIbv+IP /Rkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0+VTsT8at9VIYcyBlipNY0A9XMLE3LU+9wMyoR7dVL0=; b=PMHfwC/qxNw5NAZggsA6H3IMe1SACsEm5WsguWenwXMiKElp1f+RSWJ6DMk2BAB3U9 4d8fPW5UN5Lve3DqQ6jLGYexMnomftImYy8OcIQ7NjVgC6O11lqJqFvUWLQ9oG1T1v6u 1GoGY+SrCPgOEAqh2UAtzKp4ajpmqTJPpM0zsLFc5hQtfVu/JF2VP7+qGwnN1Bkj5qPS vwigsDzhtwbllP7iqdIZlEsKc08C6koVS2ync1+HlFmyr4No0hlcwIzc9inhXx5MMw3g M3QZiETVnGtOtpLIS5QNF6ksYIA95TFW5D7Y2xzOWYFiStRb5FTKtN3l6sdMSalpwDOw Deag== X-Gm-Message-State: APjAAAXKYs2ScfD+xcPlDtmIBVPxpl8zlVgaHQGDUuhlYrEkrm8hJeJw qA/Bo19kAIujOb6XPR36delV6xxaHFtSXprd/5uxHg== X-Received: by 2002:a37:e312:: with SMTP id y18mr22622227qki.250.1579015278856; Tue, 14 Jan 2020 07:21:18 -0800 (PST) MIME-Version: 1.0 References: <000000000000486474059c19f4d7@google.com> <1579013812.12230.21.camel@linux.ibm.com> In-Reply-To: <1579013812.12230.21.camel@linux.ibm.com> From: Dmitry Vyukov Date: Tue, 14 Jan 2020 16:21:07 +0100 Message-ID: Subject: Re: inconsistent lock state in ima_process_queued_keys To: Mimi Zohar Cc: syzbot , Lakshmi Ramasubramanian , Dmitry Kasatkin , James Morris , linux-integrity@vger.kernel.org, LKML , linux-security-module , "Serge E. Hallyn" , syzkaller-bugs Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 14, 2020 at 3:57 PM Mimi Zohar wrote: > > On Tue, 2020-01-14 at 14:58 +0100, Dmitry Vyukov wrote: > > On Tue, Jan 14, 2020 at 2:56 PM syzbot > > wrote: > > > > > > Hello, > > > > > > syzbot found the following crash on: > > > > > > HEAD commit: 1b851f98 Add linux-next specific files for 20200114 > > > git tree: linux-next > > > console output: https://syzkaller.appspot.com/x/log.txt?x=12bcbb25e00000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=3e7d9cf7ebfa08ad > > > dashboard link: https://syzkaller.appspot.com/bug?extid=a4a503d7f37292ae1664 > > > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > > > > > > Unfortunately, I don't have any reproducer for this crash yet. > > > > > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > > > Reported-by: syzbot+a4a503d7f37292ae1664@syzkaller.appspotmail.com > > > > +Lakshmi, you seem to have submitted a number of changes to this file recently. > > > > This completely breaks linux-next testing for us, every kernel crashes > > a few minutes after boot. > > > > 2020/01/14 14:45:00 vm-26: crash: inconsistent lock state in > > ima_process_queued_keys > > Yikes! Are you running with an IMA policy? I don't know. > I assume this is being > caused by commit 8f5d2d06f217 ("IMA: Defined timer to free queued > keys". Does reverting it prevent this from happening? The following seems to help, but don't know if it's the right fix or not. diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c index 61e478f9e8199..49d559501fe62 100644 --- a/security/integrity/ima/ima_asymmetric_keys.c +++ b/security/integrity/ima/ima_asymmetric_keys.c @@ -103,17 +103,18 @@ static bool ima_queue_key(struct key *keyring, const void *payload, { bool queued = false; struct ima_key_entry *entry; + unsigned long flags; entry = ima_alloc_key_entry(keyring, payload, payload_len); if (!entry) return false; - spin_lock(&ima_keys_lock); + spin_lock_irqsave(&ima_keys_lock, flags); if (!ima_process_keys) { list_add_tail(&entry->list, &ima_keys); queued = true; } - spin_unlock(&ima_keys_lock); + spin_unlock_irqrestore(&ima_keys_lock, flags); if (!queued) ima_free_key_entry(entry);