Add patch from Dave Jones to fix suspicious RCU usage in SELinux (rhbz 846037)
This commit is contained in:
Josh Boyer
parent
47b9eb26ca
commit
78739288e5
|
|
@ -752,6 +752,9 @@ Patch22065: fbcon-fix-race-condition-between-console-lock-and-cursor-timer.patch
|
|||
#rhbz 847548
|
||||
Patch22066: virtio-scsi-Initialize-scatterlist-structure.patch
|
||||
|
||||
#rhbz 846037
|
||||
Patch22067: selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -1447,6 +1450,9 @@ ApplyPatch fbcon-fix-race-condition-between-console-lock-and-cursor-timer.patch
|
|||
#rhbz 847548
|
||||
ApplyPatch virtio-scsi-Initialize-scatterlist-structure.patch
|
||||
|
||||
#rhbz 846037
|
||||
ApplyPatch selinux-Fix-sel_netnode_insert-suspicious-rcu-dereference.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
|
@ -2310,6 +2316,7 @@ fi
|
|||
# || ||
|
||||
%changelog
|
||||
* Tue Aug 21 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Add patch from Dave Jones to fix suspicious RCU usage in SELinux (rhbz 846037)
|
||||
- Add patch from Richard W.M. Jones to fix virtio scsi oops (rhbz 847548)
|
||||
- Add patch from Dave Airlie to fix fb cursor vs grub2 gfxterm hang
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,54 @@
|
|||
From: Dave Jones <>
|
||||
Subject: Fix sel_netnode_insert suspicious rcu dereference.
|
||||
|
||||
|
||||
I reported this a year ago (https://lkml.org/lkml/2011/4/20/308).
|
||||
It's still a problem apparently ...
|
||||
|
||||
===============================
|
||||
[ INFO: suspicious RCU usage. ]
|
||||
3.5.0-rc1+ #63 Not tainted
|
||||
-------------------------------
|
||||
security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!
|
||||
other info that might help us debug this:
|
||||
|
||||
|
||||
rcu_scheduler_active = 1, debug_locks = 0
|
||||
1 lock held by trinity-child1/8750:
|
||||
#0: (sel_netnode_lock){+.....}, at: [<ffffffff812d8f8a>] sel_netnode_sid+0x16a/0x3e0
|
||||
stack backtrace:
|
||||
Pid: 8750, comm: trinity-child1 Not tainted 3.5.0-rc1+ #63
|
||||
Call Trace:
|
||||
[<ffffffff810cec2d>] lockdep_rcu_suspicious+0xfd/0x130
|
||||
[<ffffffff812d91d1>] sel_netnode_sid+0x3b1/0x3e0
|
||||
[<ffffffff812d8e20>] ? sel_netnode_find+0x1a0/0x1a0
|
||||
[<ffffffff812d24a6>] selinux_socket_bind+0xf6/0x2c0
|
||||
[<ffffffff810cd1dd>] ? trace_hardirqs_off+0xd/0x10
|
||||
[<ffffffff810cdb55>] ? lock_release_holdtime.part.9+0x15/0x1a0
|
||||
[<ffffffff81093841>] ? lock_hrtimer_base+0x31/0x60
|
||||
[<ffffffff812c9536>] security_socket_bind+0x16/0x20
|
||||
[<ffffffff815550ca>] sys_bind+0x7a/0x100
|
||||
[<ffffffff816c03d5>] ? sysret_check+0x22/0x5d
|
||||
[<ffffffff810d392d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
|
||||
[<ffffffff8133b09e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
|
||||
[<ffffffff816c03a9>] system_call_fastpath+0x16/0x1b
|
||||
This patch below does what Paul McKenney suggested in the previous thread.
|
||||
|
||||
Signed-off-by: Dave Jones <davej@redhat.com>
|
||||
|
||||
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
|
||||
index 28f911c..c5454c0 100644
|
||||
--- a/security/selinux/netnode.c
|
||||
+++ b/security/selinux/netnode.c
|
||||
@@ -174,7 +174,8 @@ static void sel_netnode_insert(struct sel_netnode *node)
|
||||
if (sel_netnode_hash[idx].size == SEL_NETNODE_HASH_BKT_LIMIT) {
|
||||
struct sel_netnode *tail;
|
||||
tail = list_entry(
|
||||
- rcu_dereference(sel_netnode_hash[idx].list.prev),
|
||||
+ rcu_dereference_protected(sel_netnode_hash[idx].list.prev,
|
||||
+ lockdep_is_held(&sel_netnode_lock)),
|
||||
struct sel_netnode, list);
|
||||
list_del_rcu(&tail->list);
|
||||
kfree_rcu(tail, rcu);
|
||||
|
||||
|
||||
Loading…
Reference in New Issue