Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp21206pxb;
        Tue, 23 Feb 2021 16:47:14 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwGEJoD0SLMNY6IeBeG/TQxEKXCq2lRiCfjZdtQIiRyQc5L8w0txgmSP76j3lAZR+40U43k
X-Received: by 2002:a17:906:d71:: with SMTP id s17mr29560630ejh.126.1614127634643;
        Tue, 23 Feb 2021 16:47:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614127634; cv=none;
        d=google.com; s=arc-20160816;
        b=ooESZ7moKMPFQhL4sg58wph65NtXvZJKhhadkA8KByfqSxo0QjOKekn3vwWFGc41Pz
         luBPwp17SNMzymeYP4V/S9JFIRqoDxKn6VEB+kZ4BTg3obh5RqRXvBEXh70MBPkYIbHq
         Hh7C2NezZHFfeo/cRU0ihhbYcb3uXCTzfIawDPfR9F0xCinm4fXV3swO5sm1A0EjlbS8
         QXs1dUolWFKEC4Ix7AgnqvbNFwo1Ekw1dkwtz+Akd7mRSsDOTBegdNeYxuN+8JVe0qWu
         aJUryz6dPyUl80Iux1yQ1Sc2o6H1zANOBTqp5gCZ3jJDKwsgS2y2yZ+G18n6spLO/PzZ
         bH8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature
         :dkim-filter;
        bh=u8xSV6mboWtDGea5Rur1TvDYanYtddwU8NnszQ/n/XA=;
        b=RE3+XveukuCKebHqRxo3W6GR7GsZmW9Ww/Sdbf2qdfF/SaWQrRL+KYilfKPCAL2A5q
         +NZIo+wdwM4vlwIyr7lAupRyzYcZpdXUR0teoDLXAwxg6CU00IB5kgolfft7aojyGCGy
         2KYehcK+tKGyJJrs3v7jULeu5YAQEN8HeRib7SwzO1iJR9nu9YBpmiqkOVuz+Ho0z3cn
         QDV+0DJGi+aycXQteYYeNsRA2dIFYyLIU+T5MsotMm7LsMjEuruldfSrw/okHpfwxmD/
         LIklqjFIxmYz5CEkoj2D/1KWNYiz7Ng809LxHN7ydOB1hHb3k4cSFWssz4zNpUHdGg05
         LSFA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b="l/juN9th";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id a6si95398edu.356.2021.02.23.16.45.43;
        Tue, 23 Feb 2021 16:47:14 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.microsoft.com header.s=default header.b="l/juN9th";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233638AbhBWWww (ORCPT <rfc822;lsq991025@gmail.com> + 99 others);
        Tue, 23 Feb 2021 17:52:52 -0500
Received: from linux.microsoft.com ([13.77.154.182]:37036 "EHLO
        linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232831AbhBWWiS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 Feb 2021 17:38:18 -0500
Received: from sequoia (162-237-133-238.lightspeed.rcsntx.sbcglobal.net [162.237.133.238])
        by linux.microsoft.com (Postfix) with ESMTPSA id 011C320B6C40;
        Tue, 23 Feb 2021 14:36:53 -0800 (PST)
DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 011C320B6C40
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com;
        s=default; t=1614119814;
        bh=u8xSV6mboWtDGea5Rur1TvDYanYtddwU8NnszQ/n/XA=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=l/juN9thNxAd+EYyH2zmk6LCkANs5rgZ751fxC58hTY839paqQO8z7oWj+iPq/kUB
         MQ5YVFmUd5adAA3Ysaepwv+AUZWmU8DDrNvSjgf/zge+oqVPplWvj9VfM1CnK9pUWQ
         b4TajhAW7wa29NG/JafB93KZ2bPQuMyrm6+R0hFg=
Date:   Tue, 23 Feb 2021 16:36:52 -0600
From:   Tyler Hicks <tyhicks@linux.microsoft.com>
To:     Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Ondrej Mosnacek <omosnace@redhat.com>
Cc:     selinux@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [BUG] Race between policy reload sidtab conversion and live
 conversion
Message-ID: <20210223223652.GD6000@sequoia>
References: <20210223214346.GB6000@sequoia>
 <20210223215054.GC6000@sequoia>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210223215054.GC6000@sequoia>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2021-02-23 15:50:56, Tyler Hicks wrote:
> On 2021-02-23 15:43:48, Tyler Hicks wrote:
> > I'm seeing a race during policy load while the "regular" sidtab
> > conversion is happening and a live conversion starts to take place in
> > sidtab_context_to_sid().
> > 
> > We have an initial policy that's loaded by systemd ~0.6s into boot and
> > then another policy gets loaded ~2-3s into boot. That second policy load
> > is what hits the race condition situation because the sidtab is only
> > partially populated and there's a decent amount of filesystem operations
> > happening, at the same time, which are triggering live conversions.

Hmm, perhaps this is the same problem that's fixed by Ondrej's proposed
change here:

 https://lore.kernel.org/selinux/20210212185930.130477-3-omosnace@redhat.com/

I'll put these changes through a validation run (the only place that I
can seem to reproduce this crash) and see how it looks.

Tyler