Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp521318pxu; Tue, 5 Jan 2021 18:45:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJwDTvlJNt2z1P2OUoGpfvK21HII6ts0UXcl0lbJWDVGzmUvPJn8ZgSbrkdY2Gv+erEQbmGF X-Received: by 2002:a17:906:1197:: with SMTP id n23mr1492447eja.359.1609901158518; Tue, 05 Jan 2021 18:45:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609901158; cv=none; d=google.com; s=arc-20160816; b=VYRRO1wS/79m73zepogLY9fEc4YcS7d9t30YH/K5GUMGWQ2wa6JNL7cjd4NgekWScV PAjAQc7MMdclI36n7DTWfTyabVTQix9c0VPHpJmdYRsOqIS6fA8WJNxChUVEZdDgZh/p M1SKFEIuRFCcX5W+VyPvntUzZpjYaQeF/PVN/AFF4u/1yZgNk1XUKeSzXsJN95Kf64Uu a1JKnrjXX9s+aYpQoZ+8A7ru2Sm26kwK3V84BloYLRHJRa6L4VxkNwHP8xU3ApcPUzWv kHPOarNLSZoB/1qSKHU2WOBc1l3qcL3SeL3mhvlvc0YMmayZKJowLs/cCRs/sbaaYqz1 S8KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Rl30GHiO7+ok45uxZXaNkdS1h9GOZB8/wNoJsPJg7EY=; b=T+JeVgy8O+Tijnuld2bixrv7Zo2WHb5ECmshVOCpMUXF+SmWCkPWHrfbSqqhQmZvU1 zsXS6HHpvjk05E3Qfww3NmIEPArRSaTvjvruKo1Q05Yd5YZEoNr2ozjkbtZqZ/dDw6DH t4B+z6cXec4hZ7PMqgKnXxgQ/MLLnusGrNCxAD6IteOkgElYgRRxQZHjsg8wH+IaXN5K IM6as74hbX8SEAayyMlw2/OR9zDah/A38bBC8higgonZGlUyuVJ/55g/iMBjirGAcYS1 GWqfVn3dMxZtBMrwohcYq3AG5D3IIpTBImRgOsTPgrmpYrTuHSOsRncAzDXtUAGggK0X NTUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=r3Wpg2DR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cy28si392061edb.535.2021.01.05.18.45.35; Tue, 05 Jan 2021 18:45:58 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=r3Wpg2DR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725948AbhAFCoR (ORCPT + 99 others); Tue, 5 Jan 2021 21:44:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59974 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725925AbhAFCoR (ORCPT ); Tue, 5 Jan 2021 21:44:17 -0500 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 408BFC06134C for ; Tue, 5 Jan 2021 18:43:26 -0800 (PST) Received: by mail-ej1-x62a.google.com with SMTP id ce23so3162011ejb.8 for ; Tue, 05 Jan 2021 18:43:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Rl30GHiO7+ok45uxZXaNkdS1h9GOZB8/wNoJsPJg7EY=; b=r3Wpg2DR14agmLIdTiA23ZamhLdjd5Hm7Yrz7aomhIgcxuBcp/fDg++5xrguOlESBz n2O7qtM4JWyW1jfJKnotNRpb7gQ1dFSi+sT8LKIgj//ooGAkIOe9NfFIfluFrnW7g+ZZ Ez5ejKOt7uptWA4vV4/asbGgisa0Sjv7zlGMd+xUTxJeIc/9gWBjLKuupEPDg7iUyC1a xhUyNX38fpxgcLcOd/XsfrF7ERPBwD97GpFrBiVcE+a91hetKV3oUfAxl0armtD0xI39 ji1CcYPOVCbt3ygNwrOMhU8BekaxTCfYyijIfRkTC4z7ZjipSBnn+/QOrMLq037LCmKU R1BA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Rl30GHiO7+ok45uxZXaNkdS1h9GOZB8/wNoJsPJg7EY=; b=SGjXTLbTFx+twcAbkcg1LWEFQzWCWs/LHBgbht8/GulgvSRo7oCwgsJBszkriNFxIe SdPaBRikjZMnfBEngWr0JCGWouXye3dVhy0c0+pIjosmyoVySlf/DMuvbCrHzGQmanYd hIP0ihR/yMyaRBQUDVW5jPfQrv2d7NzhfVYSH1iWXwgRIsXR6iQgH3dEZytT0T2lBW42 C7LcAEPIwgDwyIcgjQpHN1V0sEe9h1EYXga9VZB+EfIjc6pQv7SYiFMIUjRDiDMw8AA/ /poEJuMNuDyVj0Rdb8AdL7BgPJobNJTVpPs1SgZsI42u6nG8eT00m4fXWsQXwyzYNJIt 217Q== X-Gm-Message-State: AOAM530kVchML3Z+XLEcTtZ7+qj497Rku6iEmfxv9fHaslNjTarALxMQ f4yPVGQGNqR7NT7dqhXCpY2xBSDx0my6YIUelMd4L3qjnA== X-Received: by 2002:a17:906:2e82:: with SMTP id o2mr1559118eji.106.1609901004776; Tue, 05 Jan 2021 18:43:24 -0800 (PST) MIME-Version: 1.0 References: <20210104232123.31378-1-stephen.s.brennan@oracle.com> <20210105055935.GT3579531@ZenIV.linux.org.uk> <20210105165005.GV3579531@ZenIV.linux.org.uk> <20210105195937.GX3579531@ZenIV.linux.org.uk> <87a6tnge5k.fsf@stepbren-lnx.us.oracle.com> <20210106003803.GA3579531@ZenIV.linux.org.uk> In-Reply-To: <20210106003803.GA3579531@ZenIV.linux.org.uk> From: Paul Moore Date: Tue, 5 Jan 2021 21:43:13 -0500 Message-ID: Subject: Re: [PATCH v4] proc: Allow pid_revalidate() during LOOKUP_RCU To: Al Viro Cc: Stephen Brennan , Linus Torvalds , Alexey Dobriyan , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, Stephen Smalley , Eric Paris , selinux@vger.kernel.org, Casey Schaufler , Eric Biederman , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Matthew Wilcox Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 5, 2021 at 7:38 PM Al Viro wrote: > On Tue, Jan 05, 2021 at 07:00:59PM -0500, Paul Moore wrote: ... > > I would expect the problem here to be the currently allocated audit > > buffer isn't large enough to hold the full audit record, in which case > > it will attempt to expand the buffer by a call to pskb_expand_head() - > > don't ask why audit buffers are skbs, it's awful - using a gfp flag > > that was established when the buffer was first created. In this > > particular case it is GFP_ATOMIC|__GFP_NOWARN, which I believe should > > be safe in that it will not sleep on an allocation miss. > > > > I need to go deal with dinner, so I can't trace the entire path at the > > moment, but I believe the potential audit buffer allocation is the > > main issue. > > Nope. dput() in dump_common_audit_data(), OTOH, is certainly not > safe. My mistake. My initial reaction is to always assume audit is the problem; I should have traced everything through before commenting. > OTTH, it's not really needed there - see vfs.git #work.audit > for (untested) turning that sucker non-blocking. I hadn't tried > a followup that would get rid of the entire AVC_NONBLOCKING thing yet, > but I suspect that it should simplify the things in there nicely... It would be nice to be able to get rid of the limitation on when we can update the AVC and do proper auditing. I doubt the impact is anything that anyone notices, but I agree that it should make things much cleaner. Thanks Al. -- paul moore www.paul-moore.com