Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932746Ab2JWMuz (ORCPT ); Tue, 23 Oct 2012 08:50:55 -0400 Received: from mail-bk0-f46.google.com ([209.85.214.46]:46179 "EHLO mail-bk0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756811Ab2JWMux (ORCPT ); Tue, 23 Oct 2012 08:50:53 -0400 Message-ID: <508692A8.6090706@suse.cz> Date: Tue, 23 Oct 2012 14:50:48 +0200 From: Jiri Slaby User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: Aristeu Rozanski CC: linux-kernel@vger.kernel.org, Dave Jones , Andrew Morton , Tejun Heo , Li Zefan , James Morris , Pavel Emelyanov , Serge Hallyn , cgroups@vger.kernel.org Subject: Re: [PATCH 1/4] cgroup: fix invalid rcu dereference References: <20121022134536.172969567@napanee.usersys.redhat.com> <20121022134536.543579196@napanee.usersys.redhat.com> In-Reply-To: <20121022134536.543579196@napanee.usersys.redhat.com> X-Enigmail-Version: 1.5a1pre Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4408 Lines: 130 On 10/22/2012 03:45 PM, Aristeu Rozanski wrote: > From: Jiri Slaby No, I'm *not* the author of the patch... Or at least I don't remember :P. Where did you take it from? > Commit "device_cgroup: convert device_cgroup internally to policy + > exceptions" removed rcu locks which are needed in task_devcgroup > called in this chain: devcgroup_inode_mknod OR > __devcgroup_inode_permission -> __devcgroup_inode_permission -> > task_devcgroup -> task_subsys_state -> task_subsys_state_check. > > Change the code so that task_devcgroup is safely called with rcu read > lock held. > > =============================== > [ INFO: suspicious RCU usage. ] > 3.6.0-rc5-next-20120913+ #42 Not tainted > ------------------------------- > include/linux/cgroup.h:553 suspicious rcu_dereference_check() usage! > > other info that might help us debug this: > > rcu_scheduler_active = 1, debug_locks = 0 > 2 locks held by kdevtmpfs/23: > #0: (sb_writers){.+.+.+}, at: [] > mnt_want_write+0x1f/0x50 > #1: (&sb->s_type->i_mutex_key#3/1){+.+.+.}, at: [] > kern_path_create+0x7f/0x170 > > stack backtrace: > Pid: 23, comm: kdevtmpfs Not tainted 3.6.0-rc5-next-20120913+ #42 > Call Trace: > [] lockdep_rcu_suspicious+0xfd/0x130 > [] devcgroup_inode_mknod+0x19d/0x240 > [] ? ns_capable+0x44/0x80 > [] vfs_mknod+0x71/0xf0 > [] handle_create.isra.2+0x72/0x200 > [] devtmpfsd+0x114/0x140 > [] ? handle_create.isra.2+0x200/0x200 > [] kthread+0xd6/0xe0 > [] kernel_thread_helper+0x4/0x10 > [] ? retint_restore_args+0xe/0xe > [] ? kthread_create_on_node+0x140/0x140 > [] ? gs_change+0xb/0xb > > Cc: Dave Jones > Cc: Andrew Morton > Cc: Tejun Heo > Cc: Li Zefan > Cc: James Morris > Cc: Pavel Emelyanov > Cc: Serge Hallyn > Signed-off-by: Jiri Slaby > > --- > > And this should fix it. > > security/device_cgroup.c | 15 +++++++-------- > 1 file changed, 7 insertions(+), 8 deletions(-) > > --- github.orig/security/device_cgroup.c 2012-10-17 11:11:08.514793906 -0400 > +++ github/security/device_cgroup.c 2012-10-19 16:35:37.936804289 -0400 > @@ -533,10 +533,10 @@ struct cgroup_subsys devices_subsys = { > * > * returns 0 on success, -EPERM case the operation is not permitted > */ > -static int __devcgroup_check_permission(struct dev_cgroup *dev_cgroup, > - short type, u32 major, u32 minor, > +static int __devcgroup_check_permission(short type, u32 major, u32 minor, > short access) > { > + struct dev_cgroup *dev_cgroup; > struct dev_exception_item ex; > int rc; > > @@ -547,6 +547,7 @@ memset(&ex, 0, sizeof(ex)); > ex.access = access; > > rcu_read_lock(); > + dev_cgroup = task_devcgroup(current); > rc = may_access(dev_cgroup, &ex); > rcu_read_unlock(); > > @@ -558,7 +559,6 @@ return 0; > > int __devcgroup_inode_permission(struct inode *inode, int mask) > { > - struct dev_cgroup *dev_cgroup = task_devcgroup(current); > short type, access = 0; > > if (S_ISBLK(inode->i_mode)) > @@ -570,13 +570,12 @@ short type, access = 0; > if (mask & MAY_READ) > access |= ACC_READ; > > - return __devcgroup_check_permission(dev_cgroup, type, imajor(inode), > - iminor(inode), access); > + return __devcgroup_check_permission(type, imajor(inode), iminor(inode), > + access); > } > > int devcgroup_inode_mknod(int mode, dev_t dev) > { > - struct dev_cgroup *dev_cgroup = task_devcgroup(current); > short type; > > if (!S_ISBLK(mode) && !S_ISCHR(mode)) > @@ -587,7 +586,7 @@ return 0; > else > type = DEV_CHAR; > > - return __devcgroup_check_permission(dev_cgroup, type, MAJOR(dev), > - MINOR(dev), ACC_MKNOD); > + return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev), > + ACC_MKNOD); > > } > -- js suse labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/