Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp418058ybl; Tue, 28 Jan 2020 05:40:27 -0800 (PST) X-Google-Smtp-Source: APXvYqyF2IabwS1zXkcZzJ6oNQK7DAntj0iXP+pGYWEuKiMsQ8JfSeBllv8H3K4cfp2+jrCx8c9K X-Received: by 2002:a9d:784b:: with SMTP id c11mr15792269otm.246.1580218827474; Tue, 28 Jan 2020 05:40:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580218827; cv=none; d=google.com; s=arc-20160816; b=Xw0zhtn9zm9q2+KEfpFZYfyzSAmPA/ZqolQHWhIf2BPTNG3Vus4wxizQuQDWIPxDB3 AbkbDX7FskxWLozfKNs/AUV4ai4TP3T7Au7wWMOftK8fqeKzQn4Nayg8H8PnNILC42U8 ur7aVS8Hz9dFroEBNRW9HzjlfOFiTN2uUV//OGkm8rune/6EzYV9ca2Z6hHx+jP5t+ZY w/w8Gt/qaIVErCcQuUmZXDBmXa3M3t5S+1yWnBmUOiZiSwyOGcEc0twaeKqYLyE9oxUq lURrqDfagAsTLLmS/EyNXNYYpi2ATOGwB9AOKInFz/0wvgD2Js+DqPt9ZxjG8eznpQ6d wxFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=7gQlXmCvzp08kGMtiAsioGcZjenlFV2a52ez86a8TvM=; b=fyBQv6VGMZX21C1qyjj1Uj2YZJIITK6TpNpg1/wkfKEMaSKsFeYjdjjxB7g6RsiqCP 3ei8HfKhBz90PF1kSCP5pWhsAti0jY02WDJMdUAwcXaK+Az++i/VCqXqpe1XSaF0IpuM 3cTHk+/hyQ2TKzxTpNrQL4fADFcj8hfX5MUVMOaHSG2f82HZO4PrEvMjRatEhT1lQpoe 1pFbRE8cyqmcoITyYBQrJIEHjpqNFtekMriPRxJs5cUtKn2QsRjsTvXMmsHpJFK7QQZa fRhqveCvMvyZV3/PXOU4a8DJiDZkTLnV16oQi3N6J6RUoz8kv8WukR15+3XHfyNS0FRF RCyw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=VFOKJhgu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t1si7572353otq.148.2020.01.28.05.40.15; Tue, 28 Jan 2020 05:40:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=VFOKJhgu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726254AbgA1NjO (ORCPT + 99 others); Tue, 28 Jan 2020 08:39:14 -0500 Received: from mail-ed1-f67.google.com ([209.85.208.67]:33431 "EHLO mail-ed1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725997AbgA1NjN (ORCPT ); Tue, 28 Jan 2020 08:39:13 -0500 Received: by mail-ed1-f67.google.com with SMTP id r21so14746318edq.0 for ; Tue, 28 Jan 2020 05:39:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7gQlXmCvzp08kGMtiAsioGcZjenlFV2a52ez86a8TvM=; b=VFOKJhgujdkq/gdEa8/aLY6TLKbW5ZH4+h3YiOFdmf85n0wsmbEe0p6BjDp+Lvi0nO JaINYGmzgkYF9kQKZVZskThv8vANqd139Zw29wJrI8xlDM1NtW44xHUCgPzkKyK+mEIZ /qjMeSSEyw784neoMlzUlRzPzCbvbwAs70OK7nvbJCZRq5HhN0EhI7XbR91N6nmZXOCH 34wHsz0soFzglkF3vxmKH3jDdkd194jUJmYsu0L2njiKua/UE42gssQqZE224NTZJCIt wUU8gxzx1kYsNzImjBghDtTQ3M7t+2lrBsO//EdnrSF/trAG3QRMJqd06nwflZZztwyF dHlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7gQlXmCvzp08kGMtiAsioGcZjenlFV2a52ez86a8TvM=; b=lrYUPHrnILHqjpUZeYC9AzFjwb1Lvkh9q8kXxe5uqnMMfZkm8VLV4oYS84DnTq34Ot 19lyUHhcMEVfPSYEo0PGmccA2mr6msVnuw1qUi77SbKDdg0V0K9Sc2XcFXkjRHwyu6co Y7nOTPN4jYAj0LOjBnHSxwhjYodtZv785JsnV19CtoQ5EVziTpP1FLdL/Sq+8xFsAAVS aI8Lzcz5rBRLKT3U2eqwhoKSseFM+Kz/I1Hzj3o1uZ9yRYHEtHzpqmRpvnvYzhP2oiqG YwOYlICZW5c7G2jI1kKqbMLFB7KCxrDmRxfvkOqLNlKKEW+5reEextGGC2yslvZu+L0i LnRg== X-Gm-Message-State: APjAAAXfzPD/im8nVdPRpXvEL0KGqyVMEhwd2UQBfwffi9WmuPqYK98L nI4MbNi63zKQ72m/nLBsvbMjPalztu27LXcCi5S/ X-Received: by 2002:a17:906:22cf:: with SMTP id q15mr3104217eja.77.1580218751019; Tue, 28 Jan 2020 05:39:11 -0800 (PST) MIME-Version: 1.0 References: <000000000000143de7059d2ba3e5@google.com> <000000000000fdbd71059d32a906@google.com> In-Reply-To: <000000000000fdbd71059d32a906@google.com> From: Paul Moore Date: Tue, 28 Jan 2020 08:39:00 -0500 Message-ID: Subject: Re: possible deadlock in sidtab_sid2str_put To: jeffv@google.com, omosnace@redhat.com, Stephen Smalley Cc: Eric Paris , jannh@google.com, keescook@chromium.org, linux-kernel@vger.kernel.org, paulmck@kernel.org, selinux@vger.kernel.org, syzkaller-bugs@googlegroups.com, syzbot Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 28, 2020 at 7:50 AM syzbot wrote: > > syzbot has found a reproducer for the following crash on: > > HEAD commit: b0be0eff Merge tag 'x86-pti-2020-01-28' of git://git.kerne.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=1432aebee00000 > kernel config: https://syzkaller.appspot.com/x/.config?x=9784e57c96a92f20 > dashboard link: https://syzkaller.appspot.com/bug?extid=61cba5033e2072d61806 > compiler: gcc (GCC) 9.0.0 20181231 (experimental) > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10088e95e00000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=13fa605ee00000 > > IMPORTANT: if you fix the bug, please add the following tag to the commit: > Reported-by: syzbot+61cba5033e2072d61806@syzkaller.appspotmail.com > > ===================================================== > WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected > 5.5.0-syzkaller #0 Not tainted > ----------------------------------------------------- > syz-executor305/10624 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: > ffff888098c14098 (&(&s->cache_lock)->rlock){+.+.}, at: spin_lock include/linux/spinlock.h:338 [inline] > ffff888098c14098 (&(&s->cache_lock)->rlock){+.+.}, at: sidtab_sid2str_put.part.0+0x36/0x880 security/selinux/ss/sidtab.c:533 > > and this task is already holding: > ffffffff89865770 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] > ffffffff89865770 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: nf_conntrack_lock+0x17/0x70 net/netfilter/nf_conntrack_core.c:91 > which would create a new lock dependency: > (&(&nf_conntrack_locks[i])->rlock){+.-.} -> (&(&s->cache_lock)->rlock){+.+.} > > but this new dependency connects a SOFTIRQ-irq-safe lock: > (&(&nf_conntrack_locks[i])->rlock){+.-.} > > ... which became SOFTIRQ-irq-safe at: > lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4484 > __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] > _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:151 > spin_lock include/linux/spinlock.h:338 [inline] > nf_conntrack_lock+0x17/0x70 net/netfilter/nf_conntrack_core.c:91 ... > to a SOFTIRQ-irq-unsafe lock: > (&(&s->cache_lock)->rlock){+.+.} > > ... which became SOFTIRQ-irq-unsafe at: > ... > lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4484 > __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] > _raw_spin_lock+0x2f/0x40 kernel/locking/spinlock.c:151 > spin_lock include/linux/spinlock.h:338 [inline] > sidtab_sid2str_put.part.0+0x36/0x880 security/selinux/ss/sidtab.c:533 > sidtab_sid2str_put+0xa0/0xc0 security/selinux/ss/sidtab.c:566 > sidtab_entry_to_string security/selinux/ss/services.c:1279 [inline] > sidtab_entry_to_string+0xf2/0x110 security/selinux/ss/services.c:1266 > security_sid_to_context_core+0x2c6/0x3c0 security/selinux/ss/services.c:1361 > security_sid_to_context+0x34/0x40 security/selinux/ss/services.c:1384 > avc_audit_post_callback+0x102/0x790 security/selinux/avc.c:709 > common_lsm_audit+0x5ac/0x1e00 security/lsm_audit.c:466 > slow_avc_audit+0x16a/0x1f0 security/selinux/avc.c:782 > avc_audit security/selinux/include/avc.h:140 [inline] > avc_has_perm+0x543/0x610 security/selinux/avc.c:1185 > inode_has_perm+0x1a8/0x230 security/selinux/hooks.c:1631 > selinux_mmap_file+0x10a/0x1d0 security/selinux/hooks.c:3701 > security_mmap_file+0xa4/0x1e0 security/security.c:1482 > vm_mmap_pgoff+0xf0/0x230 mm/util.c:502 ... > other info that might help us debug this: > > Possible interrupt unsafe locking scenario: > > CPU0 CPU1 > ---- ---- > lock(&(&s->cache_lock)->rlock); > local_irq_disable(); > lock(&(&nf_conntrack_locks[i])->rlock); > lock(&(&s->cache_lock)->rlock); > > lock(&(&nf_conntrack_locks[i])->rlock); > > *** DEADLOCK *** > > 4 locks held by syz-executor305/10624: > #0: ffffffff8c1acc68 (&table[i].mutex){+.+.}, at: nfnl_lock net/netfilter/nfnetlink.c:62 [inline] > #0: ffffffff8c1acc68 (&table[i].mutex){+.+.}, at: nfnetlink_rcv_msg+0x9ee/0xfb0 net/netfilter/nfnetlink.c:224 > #1: ffff8880836415d8 (nlk_cb_mutex-NETFILTER){+.+.}, at: netlink_dump+0xe7/0xfb0 net/netlink/af_netlink.c:2199 > #2: ffffffff89865770 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] > #2: ffffffff89865770 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: nf_conntrack_lock+0x17/0x70 net/netfilter/nf_conntrack_core.c:91 > #3: ffffffff8b7df008 (&selinux_ss.policy_rwlock){.+.?}, at: security_sid_to_context_core+0x1ca/0x3c0 security/selinux/ss/services.c:1344 I think this is going to be tricky to fix due to the differing contexts from which sidtab_sid2str_put() may be called. We already have a check for !in_task() in sidtab_sid2str_put(), do we want to add a check for !in_serving_softirq() too? -- paul moore www.paul-moore.com