linux

mainlining shenanigans

Go to file

Ondrej Mosnacek 39a706fbcf selinux: fix sidtab string cache locking Avoiding taking a lock in an IRQ context is not enough to prevent deadlocks, as discovered by syzbot: === WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected 5.5.0-syzkaller #0 Not tainted ----------------------------------------------------- syz-executor.0/8927 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: ffff888027c94098 (&(&s->cache_lock)->rlock){+.+.}, at: spin_lock include/linux/spinlock.h:338 [inline] ffff888027c94098 (&(&s->cache_lock)->rlock){+.+.}, at: sidtab_sid2str_put.part.0+0x36/0x880 security/selinux/ss/sidtab.c:533 and this task is already holding: ffffffff898639b0 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] ffffffff898639b0 (&(&nf_conntrack_locks[i])->rlock){+.-.}, at: nf_conntrack_lock+0x17/0x70 net/netfilter/nf_conntrack_core.c:91 which would create a new lock dependency: (&(&nf_conntrack_locks[i])->rlock){+.-.} -> (&(&s->cache_lock)->rlock){+.+.} but this new dependency connects a SOFTIRQ-irq-safe lock: (&(&nf_conntrack_locks[i])->rlock){+.-.} [...] other info that might help us debug this: Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&(&s->cache_lock)->rlock); local_irq_disable(); lock(&(&nf_conntrack_locks[i])->rlock); lock(&(&s->cache_lock)->rlock); <Interrupt> lock(&(&nf_conntrack_locks[i])->rlock); * DEADLOCK * [...] === Fix this by simply locking with irqsave/irqrestore and stop giving up on !in_task(). It makes the locking a bit slower, but it shouldn't make a big difference in real workloads. Under the scenario from [1] (only cache hits) it only increased the runtime overhead from the security_secid_to_secctx() function from ~2% to ~3% (it was ~5-65% before introducing the cache). [1] https://bugzilla.redhat.com/show_bug.cgi?id=1733259 Fixes: `d97bd23c2d` ("selinux: cache the SID -> context string translation") Reported-by: syzbot+61cba5033e2072d61806@syzkaller.appspotmail.com Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>		2020-02-05 18:31:10 -05:00
arch	ARM fixes for 5.5-rc:	2019-12-06 16:12:39 -08:00
block	block: fix memleak of bio integrity data	2019-12-05 11:38:36 -07:00
certs	certs: Add wrapper function to check blacklisted binary hash	2019-11-12 12:25:50 +11:00
crypto	Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6	2019-11-25 19:49:58 -08:00
Documentation	Documentation,selinux: fix references to old selinuxfs mount point	2020-01-07 12:46:53 -05:00
drivers	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-12-08 13:28:11 -08:00
fs	9 cifs/smb3 fixes: two timestamp fixes, one oops fix (during oplock break) for stable, two fixes found in multichannel testing, two fixes for file create when using modeforsid mount parm	2019-12-08 12:12:18 -08:00
include	security,lockdown,selinux: implement SELinux lockdown	2019-12-09 17:53:58 -05:00
init	init/Kconfig: fix indentation	2019-12-04 19:44:13 -08:00
ipc	y2038: remove CONFIG_64BIT_TIME	2019-11-15 14:38:27 +01:00
kernel	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-12-08 13:28:11 -08:00
lib	lib/: fix Kconfig indentation	2019-12-07 11:00:19 -08:00
LICENSES	LICENSES: Rename other to deprecated	2019-05-03 06:34:32 -06:00
mm	Merge branch 'akpm' (patches from Andrew)	2019-12-05 09:46:26 -08:00
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-12-08 13:28:11 -08:00
samples	samples/bpf: Fix broken xdp_rxq_info due to map order assumptions	2019-12-04 17:54:15 -08:00
scripts	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-12-08 13:28:11 -08:00
security	selinux: fix sidtab string cache locking	2020-02-05 18:31:10 -05:00
sound	sound updates #2 for 5.5-rc1	2019-12-06 13:06:14 -08:00
tools	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-12-08 13:28:11 -08:00
usr	arch: sembuf.h: make uapi asm/sembuf.h self-contained	2019-12-04 19:44:14 -08:00
virt	KVM: Fix jump label out_free_* in kvm_init()	2019-11-23 11:29:17 +01:00
.clang-format	clang-format: Update with the latest for_each macro list	2019-08-31 10:00:51 +02:00
.cocciconfig
.get_maintainer.ignore	Opt out of scripts/get_maintainer.pl	2019-05-16 10:53:40 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	modpost: dump missing namespaces into a single modules.nsdeps file	2019-11-11 20:10:01 +09:00
.mailmap	Merge mainline/master into arm/fixes	2019-12-05 13:18:54 -08:00
COPYING
CREDITS	Linux 5.4-rc4	2019-10-29 04:43:29 -06:00
Kbuild	kbuild: do not descend to ./Kbuild when cleaning	2019-08-21 21:03:58 +09:00
Kconfig	docs: kbuild: convert docs to ReST and rename to *.rst	2019-06-14 14:21:21 -06:00
MAINTAINERS	selinux: deprecate disabling SELinux and runtime	2020-01-07 10:19:43 -05:00
Makefile	Linux 5.5-rc1	2019-12-08 14:57:55 -08:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.