lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 14 May 2012 22:16:07 -0700
From:	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:	Dave Jones <davej@...hat.com>, sds@...ho.nsa.gov,
	Linux Kernel <linux-kernel@...r.kernel.org>
Cc:	paul@...l-moore.com
Subject: Re: suspicious RCU usage in security/selinux/netnode.c

On Tue, May 15, 2012 at 12:41:45AM -0400, Dave Jones wrote:
> I just triggered this on Linus' current tree.

This is a bare:

	rcu_dereference(sel_netnode_hash[idx].list.prev)

which needs to be in an RCU read-side critical section.  Alternatively,
the above should instead be something like:

	rcu_dereference_check(sel_netnode_hash[idx].list.prev,
			      lockdep_is_held(&sel_netnode_lock));

This second approach assumes that all modifications to the hash table
are protected by sel_netnode_lock.  Paul Moore, thoughts?

							Thanx, Paul

> 	Dave
> 
>  ===============================
>  [ INFO: suspicious RCU usage. ]
>  3.4.0-rc7+ #93 Not tainted
>  -------------------------------
>  security/selinux/netnode.c:178 suspicious rcu_dereference_check() usage!
> 
>  other info that might help us debug this:
> 
> 
>  rcu_scheduler_active = 1, debug_locks = 0
>  1 lock held by trinity/25132:
>   #0:  (sel_netnode_lock){+.....}, at: [<ffffffff812db738>] sel_netnode_sid+0x148/0x3c0
> 
>  stack backtrace:
>  Pid: 25132, comm: trinity Not tainted 3.4.0-rc7+ #93
>  Call Trace:
>   [<ffffffff810cc7cd>] lockdep_rcu_suspicious+0xfd/0x130
>   [<ffffffff812db981>] sel_netnode_sid+0x391/0x3c0
>   [<ffffffff812db5f0>] ? sel_netnode_find+0x1a0/0x1a0
>   [<ffffffff812d4a84>] selinux_socket_bind+0x104/0x350
>   [<ffffffff810a6648>] ? sched_clock_cpu+0xb8/0x130
>   [<ffffffff816a47b9>] ? sub_preempt_count+0xa9/0xe0
>   [<ffffffff812cb3e6>] security_socket_bind+0x16/0x20
>   [<ffffffff815468aa>] sys_bind+0x7a/0x100
>   [<ffffffff816a8795>] ? sysret_check+0x22/0x5d
>   [<ffffffff810d149d>] ? trace_hardirqs_on_caller+0x10d/0x1a0
>   [<ffffffff810fc18c>] ? __audit_syscall_entry+0xcc/0x310
>   [<ffffffff8133839e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
>   [<ffffffff816a8769>] system_call_fastpath+0x16/0x1b
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ