Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3535194ybl; Mon, 3 Feb 2020 02:04:15 -0800 (PST) X-Google-Smtp-Source: APXvYqw+IIf9bUO/YCKGLbxBulSk1kr5I/0nckO7HvQ2xtTF3ZvSQueDs+5DFP/g02oTuz/v7yh0 X-Received: by 2002:a05:6808:ab1:: with SMTP id r17mr13542843oij.141.1580724255203; Mon, 03 Feb 2020 02:04:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580724255; cv=none; d=google.com; s=arc-20160816; b=arf77QP2trNw8KlVjRdoFHMBxbf2dPj7ySf35+pHXr7EctuEoFs+TNzpQ3fPA2pqlX 6fpEuRgQ6RBNmMWgDWl0CtmyuEK8dgUDlZAEafa7gddd+pZWcBjtEX0jB23QIpOKxgiC tqGkVpwRn80UDiiyyN3UT3mIqWNsIXBgqjip3w4CKik3OeRlw4IonsfWZt71WWjOOItY VdjlNBLh/8GBg3goC0zR2JrV7EN3YmVjITdwNXJn9u78EOK086Je7vq+wGCwJWuXl7i7 HgArqPWgsrLkgpBF45sHWleWeEbsn27d2pe4p/1ncSFGveuc0qT3nZhm5JD5fUrhDznu IcNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ZsuCEZWqHm0EboxhQiNEItt1THk0pieZ6uxJHO780LI=; b=KzKmuIWKxDyQtahiqDJ6mP3KBtdCSbah5BpTW9Ry1vLdZ/hTWg/iFPleommE8Rwa8o fll40/MEwSUyD6PllySsS18sIvrIzKmk3xvGOkaD2gDklElM4cnIEXdQDBMPTKYePDdM BGuL7UbF5fD9YxC/gr5H0QrAGU/McSBT08Ml67D/Okrr8Yb5+F8nWb9ZhLC3b/ZPgxsJ E4cxf5Rw2rsDRVM7AK0MaRZusfV+9+ZDcxZYMq2IoJnkpfPfwnkSqs6XE2m5m8748WxR iMuRGiE5Et8BueTnVvEaGqDylvvr/6T06UvA5C9v9tc1ob+7rFNw2720sNWRVJNbyFSs 6hFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=bFwu8jrX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 106si8386229oti.106.2020.02.03.02.04.03; Mon, 03 Feb 2020 02:04:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=bFwu8jrX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727482AbgBCIrI (ORCPT + 99 others); Mon, 3 Feb 2020 03:47:08 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:23389 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727441AbgBCIrI (ORCPT ); Mon, 3 Feb 2020 03:47:08 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580719627; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ZsuCEZWqHm0EboxhQiNEItt1THk0pieZ6uxJHO780LI=; b=bFwu8jrX8uvkRzwdclp8kW3WcsjpVRahIoa/5V+FnXxVPZD2gg2G7gOpiNyOWGNQwmGdN7 QY0FYPVXKp4lkCznYHyFq+h5wHc9pydx8ToGdc6rz0U0N/rB6xfb47SeMZEST9VhKQNmoI y6sKBrU17/qJbFgCCfJc72x4LXl82O8= Received: from mail-oi1-f199.google.com (mail-oi1-f199.google.com [209.85.167.199]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-400-ibx9IA8jPfyDNY4_lL8ohQ-1; Mon, 03 Feb 2020 03:47:04 -0500 X-MC-Unique: ibx9IA8jPfyDNY4_lL8ohQ-1 Received: by mail-oi1-f199.google.com with SMTP id o5so5541934oif.9 for ; Mon, 03 Feb 2020 00:47:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZsuCEZWqHm0EboxhQiNEItt1THk0pieZ6uxJHO780LI=; b=dt27cSPz77JCPo0m52P+22FC0feQtIDhH0M+4iY17B+1bR7u9/Uqrk23tdvl9/Nfj5 +H+/vt1P9HY3uCKbepcf8dwDsqJmkTpetaSEYj+4obyWb9ieHIxCHmlir7MD95GT4BuO S7IQ3gewESNZWurhS+UuqOzddmUF9Nq8exQVIKzGOGblhwhWT0roKSBulvHodQRwkXBN xDf+TkBW4cNSpvsCJrJ4o2fr//QyQotnPQbkZsKwvR4wyeuypcl8tKqi76zeMXy4xY0B IvYKv9q1pry6LZev9ecx6qMsDQJNiVdyQpjzFIv+VrUZ3bHhEMrl6rQXu+r9PivRJazX WNKg== X-Gm-Message-State: APjAAAVj97/tA+/R2eIZSv/b9QjZx1xo3BypeervfgMybp78EvY472Mz bsH2KOi7bB6a20uZm5oJc0WXmhQRpghXmf0zP4N8FSRzIGiMc7dUaLVI+ulaCe/eqQElWcvgfol hXRiFH0Z+iRm3UcaLurI/6NLIlT8tqYNuZKQ0+dKy X-Received: by 2002:a9d:7ccc:: with SMTP id r12mr17777408otn.22.1580719623227; Mon, 03 Feb 2020 00:47:03 -0800 (PST) X-Received: by 2002:a9d:7ccc:: with SMTP id r12mr17777391otn.22.1580719622947; Mon, 03 Feb 2020 00:47:02 -0800 (PST) MIME-Version: 1.0 References: <000000000000143de7059d2ba3e5@google.com> <000000000000fdbd71059d32a906@google.com> <850873b8-8a30-58e5-ad3c-86fb35296130@tycho.nsa.gov> In-Reply-To: From: Ondrej Mosnacek Date: Mon, 3 Feb 2020 09:46:51 +0100 Message-ID: Subject: Re: possible deadlock in sidtab_sid2str_put To: Paul Moore Cc: Stephen Smalley , Jeff Vander Stoep , Eric Paris , Jann Horn , Kees Cook , Linux kernel mailing list , "Paul E. McKenney" , SElinux list , syzkaller-bugs@googlegroups.com, syzbot Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 28, 2020 at 6:29 PM Paul Moore wrote: > On Tue, Jan 28, 2020 at 11:31 AM Ondrej Mosnacek wrote: > > ... the current rawhide 5.5.0-1 kernel seems to have some bug > > that prevents it from booting on anything with more than one core. > > I'll see if I can work around it somehow... > > I'm not sure how you are building your kernels, but gcc v10 is causing > a lot of problems, I would suggest compiling with an earlier gcc for > the near future until things get sorted (I'm doing the kernel-secnext > builds on stable Fedora, not Rawhide, for now). Right, thanks, I was using the Rawhide buildroot to build the test kernel (derived from Rawhide dist-git source + selinux-next + the patch). Fortunately the Rawhide kernel can be also built against the f31 target without any additional hacks, so I managed to build a an upstream-based kernel with GCC 9 and it didn't have the crash-on-multi-core issue. Regardless, I wasn't able to reproduce the syzbot crash locally, so I had to ask syzbot to test the patch from my git tree [1] and it passed. Nonetheless, I checked to see how the sidtab string cache + IRQ-safe locking (assuming mostly cache hits) compares to the non-cache situation with a category-free label (unconfined_u:unconfined_r:unconfined_t:s0) and the cache (3.2% impact when mostly hits) is still faster than the non-cache version (5.5% impact best case, 65% impact worst case). I intend to incorporate all this information into the log message and then post the patch. [1] https://groups.google.com/d/msg/syzkaller-bugs/1UwATFnIiW8/kOpRrjyNAAAJ -- Ondrej Mosnacek Software Engineer, Security Technologies Red Hat, Inc.