Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp34175pxb; Tue, 23 Feb 2021 17:10:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJzqTVA3GSkbJaS5pYWfgx3RsFDkQeT76NOM8Z2Xm/5GFXguDyUhECipwhRKZ1Q/mCh+w2OG X-Received: by 2002:a17:906:c455:: with SMTP id ck21mr29240984ejb.354.1614129019506; Tue, 23 Feb 2021 17:10:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614129019; cv=none; d=google.com; s=arc-20160816; b=Em5AadRq8ib5bV4CeKvGxHvfXoI8wiL7X3yqbBjkVDj03j2KzALxpye56sBV+Y44Df ZzR192Ns9PuG93gGEsvnl9UnkL6ZyJNf4eaYdKDJJ47SpTxVkIqmsV/69cQWdT2QNV/4 gXvPM8MlYYNbfFPvQ7IXIm3ePz78/GyV/Z6PL5V4lDYbiwMPEwegRGjJFdrpqY2YsJec RMfkRBIaXWarMyK7+1S/R3S9aJvB+Wod3+jKn+m2dKdz7pPyJy0PbCuTsrEFqsUtQ7wG iqx6CnxqOerahN4Xe4PYTS/TpAVmBeollI49ul6FwxMGbBHwGxFBjdB8BoVd7qY9yfZ/ iRow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=teqVJhK4LXz4OZBg8usuG8VfNJnNMz+dTljcctkaNG4=; b=cUHo+bWvUApc+rJDB8g7ipNkK/FPoEdLjJzPcCEEuinXMqo4qq5CdSRZgOc0Bwantd 1k7hL0HaqIMTrkNMuboji9Q7c6SqH4V34KiXRItdyXA31adrR3XL/u1Q+vTEKQMhhe1w r7iOyoL3ISnYPyVAimtumeG5wBoEX7SVwuvi/atrl07gk1VubPV1VHKztk8BdNYzFm7z w+2zvCaU0xATH3kMtXWTpc9cet/jpVOlsYQ5jvqlHZXwKVhiDP2mV8NlfqP2Em11ZcgA ZVxa5QxUr0wzZi+T5o3N7n2aJtCYKcvTWkduQFs1ad1MRUdYsd3mTP1lazndD2pgu41l 3OLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=KdGZTmGs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o26si108567edw.74.2021.02.23.17.09.44; Tue, 23 Feb 2021 17:10:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=KdGZTmGs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234461AbhBXAo0 (ORCPT + 99 others); Tue, 23 Feb 2021 19:44:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234655AbhBXAET (ORCPT ); Tue, 23 Feb 2021 19:04:19 -0500 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6A755C061574 for ; Tue, 23 Feb 2021 16:02:37 -0800 (PST) Received: by mail-ed1-x52c.google.com with SMTP id p2so412993edm.12 for ; Tue, 23 Feb 2021 16:02:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=teqVJhK4LXz4OZBg8usuG8VfNJnNMz+dTljcctkaNG4=; b=KdGZTmGsRPg0mfraFXSTSp/gtdGU7k4ammQ9upVnBXq/Xqb+ZsRIvIaqmyV3pVxo7C Y040vHQJmflrbsQ+9fRB7vQCenEwcGCHPxhTc+dwKFX2p3us0JRO27Zg62jUNVMeHIG9 q1/fIVOksrqcUPr6yZH+k2Vfnjsyu0a4riSCBSB8y+ioY7q34yxUUTrq4N6GhQwKQWNu 17d+2hkaQcEs5OfPaKnzKhA4I4Q9UJzA8VofTtNkrZG9GHTsVwnoJlnHz/zEIgRKrmmo bSg/NOsYK2XzYQFCIZIbQ1GGVNC3b8Ld1Y8O01y5OynRX0jDGH7IYowztBOl+KMxSQFJ RSmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=teqVJhK4LXz4OZBg8usuG8VfNJnNMz+dTljcctkaNG4=; b=Y83+F3GfR1zNvKZ5jbIK3Rb/hMnU+Zec/T3EJETJC6XZTi0rjW9a/QWH2yDzwIOWSi 69Yz2Ee86QRPu4/ZhDLeFT5NAl3SKlVwPryDJmWpxps7LF0DlxYI3iwoM1dlwJKXd4Ul VBBjjqSRI60OCT5wDoRuqXDOG2iHYyovpf/s3icwW+nbwvlPi/p5dhqU2M6kD0CIwd1n zBEZuKmCvJNH8TQekr/Hsc7atwD73ZPy3zVavgptjnIegeNJkNmL1hXwqJTZt1jl9ckd Xu6Yvbddmcehut26bnJK3e67vDE//qJRojD++siku+kbr+v5WYD531c04IH//cx9jT2F iGqg== X-Gm-Message-State: AOAM530RCtN+ANorXQp5fq4y6b0k6YcC5kEDeyfjwuiRr1JN55zJNM9c POm7EwFZ6vCnH0yWO9vAakwnREHCoR4OjnDVvbzX X-Received: by 2002:a05:6402:22e9:: with SMTP id dn9mr21996487edb.269.1614124956065; Tue, 23 Feb 2021 16:02:36 -0800 (PST) MIME-Version: 1.0 References: <20210223214346.GB6000@sequoia> <20210223215054.GC6000@sequoia> <20210223223652.GD6000@sequoia> In-Reply-To: <20210223223652.GD6000@sequoia> From: Paul Moore Date: Tue, 23 Feb 2021 19:02:25 -0500 Message-ID: Subject: Re: [BUG] Race between policy reload sidtab conversion and live conversion To: Tyler Hicks Cc: Stephen Smalley , Ondrej Mosnacek , selinux@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 23, 2021 at 5:36 PM Tyler Hicks wrote: > On 2021-02-23 15:50:56, Tyler Hicks wrote: > > On 2021-02-23 15:43:48, Tyler Hicks wrote: > > > I'm seeing a race during policy load while the "regular" sidtab > > > conversion is happening and a live conversion starts to take place in > > > sidtab_context_to_sid(). > > > > > > We have an initial policy that's loaded by systemd ~0.6s into boot and > > > then another policy gets loaded ~2-3s into boot. That second policy load > > > is what hits the race condition situation because the sidtab is only > > > partially populated and there's a decent amount of filesystem operations > > > happening, at the same time, which are triggering live conversions. > > Hmm, perhaps this is the same problem that's fixed by Ondrej's proposed > change here: > > https://lore.kernel.org/selinux/20210212185930.130477-3-omosnace@redhat.com/ > > I'll put these changes through a validation run (the only place that I > can seem to reproduce this crash) and see how it looks. Thanks, please let us know what you find out. -- paul moore www.paul-moore.com