From 7051aa7c8d04c3bf80f517ec3a0f542c191f92f5 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Tue, 21 Aug 2012 13:18:03 -0400 Subject: [PATCH] Add patch from Dave Jones to fix suspicious RCU usage in SELinux (rhbz 846037) --- kernel.spec | 7 +++ ...de_insert-suspicious-rcu-dereference.patch | 54 +++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch diff --git a/kernel.spec b/kernel.spec index 5fd90d063..9d3cc3434 100644 --- a/kernel.spec +++ b/kernel.spec @@ -752,6 +752,9 @@ Patch22065: fbcon-fix-race-condition-between-console-lock-and-cursor-timer.patch #rhbz 847548 Patch22066: virtio-scsi-Initialize-scatterlist-structure.patch +#rhbz 846037 +Patch22067: selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch + # END OF PATCH DEFINITIONS %endif @@ -1447,6 +1450,9 @@ ApplyPatch fbcon-fix-race-condition-between-console-lock-and-cursor-timer.patch #rhbz 847548 ApplyPatch virtio-scsi-Initialize-scatterlist-structure.patch +#rhbz 846037 +ApplyPatch selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch + # END OF PATCH APPLICATIONS %endif @@ -2310,6 +2316,7 @@ fi # || || %changelog * Tue Aug 21 2012 Josh Boyer +- Add patch from Dave Jones to fix suspicious RCU usage in SELinux (rhbz 846037) - Add patch from Richard W.M. Jones to fix virtio scsi oops (rhbz 847548) - Add patch from Dave Airlie to fix fb cursor vs grub2 gfxterm hang diff --git a/selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch b/selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch new file mode 100644 index 000000000..43fddf73d --- /dev/null +++ b/selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch @@ -0,0 +1,54 @@ +From: Dave Jones <> +Subject: Fix sel_netnode_insert suspicious rcu dereference. + + +I reported this a year ago (https://lkml.org/lkml/2011/4/20/308). +It's still a problem apparently ... + +=============================== +[ INFO: suspicious RCU usage. ] +3.5.0-rc1+ #63 Not tainted +------------------------------- +security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage! +other info that might help us debug this: + + +rcu_scheduler_active = 1, debug_locks = 0 +1 lock held by trinity-child1/8750: + #0: (sel_netnode_lock){+.....}, at: [] sel_netnode_sid+0x16a/0x3e0 +stack backtrace: +Pid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63 +Call Trace: + [] lockdep_rcu_suspicious+0xfd/0x130 + [] sel_netnode_sid+0x3b1/0x3e0 + [] ? sel_netnode_find+0x1a0/0x1a0 + [] selinux_socket_bind+0xf6/0x2c0 + [] ? trace_hardirqs_off+0xd/0x10 + [] ? lock_release_holdtime.part.9+0x15/0x1a0 + [] ? lock_hrtimer_base+0x31/0x60 + [] security_socket_bind+0x16/0x20 + [] sys_bind+0x7a/0x100 + [] ? sysret_check+0x22/0x5d + [] ? trace_hardirqs_on_caller+0x10d/0x1a0 + [] ? trace_hardirqs_on_thunk+0x3a/0x3f + [] system_call_fastpath+0x16/0x1b +This patch below does what Paul McKenney suggested in the previous thread. + +Signed-off-by: Dave Jones + +diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c +index 28f911c..c5454c0 100644 +--- a/security/selinux/netnode.c ++++ b/security/selinux/netnode.c +@@ -174,7 +174,8 @@ static void sel_netnode_insert(struct sel_netnode *node) + if (sel_netnode_hash[idx].size == SEL_NETNODE_HASH_BKT_LIMIT) { + struct sel_netnode *tail; + tail = list_entry( +- rcu_dereference(sel_netnode_hash[idx].list.prev), ++ rcu_dereference_protected(sel_netnode_hash[idx].list.prev, ++ lockdep_is_held(&sel_netnode_lock)), + struct sel_netnode, list); + list_del_rcu(&tail->list); + kfree_rcu(tail, rcu); + +