[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <9617acf2-293f-430d-a421-59c7675be7f7@canonical.com>
Date: Tue, 22 Jul 2025 10:32:47 -0700
From: John Johansen <john.johansen@...onical.com>
To: Steven Rostedt <rostedt@...dmis.org>, LKML
<linux-kernel@...r.kernel.org>, apparmor@...ts.ubuntu.com
Subject: Re: Lockdep warning for non-static key in apparmor code
On 7/22/25 07:24, Steven Rostedt wrote:
> On Tue, 22 Jul 2025 10:04:13 -0400
> Steven Rostedt <rostedt@...dmis.org> wrote:
>
>> Booting latest linux-next, I triggered this warning.
>>
>> Looks to be associated to apparmor. Was there an allocated spinlock not
>> initialized properly?
>
> Yeah, you don't initialize the spin lock. Is there a reason you commented
> out the spin lock initialization in 88fec3526e841 ("apparmor: make sure
> unix socket labeling is correctly updated.")?
>
Ooops yes sorry, I split out the lock here to a second patch so I could do
some testing around the impact the lock would have against the unix socket
case. That patch was supposed to get folded back in, but it looks like
I picked the wrong sha (from the branch with it not folded in) into the next
tree.
I get that fixed asap
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -508,7 +508,6 @@ static int apparmor_file_alloc_security(struct file *file)
> struct aa_file_ctx *ctx = file_ctx(file);
> struct aa_label *label = begin_current_label_crit_section();
>
> - spin_lock_init(&ctx->lock);
> rcu_assign_pointer(ctx->label, aa_get_label(label));
> end_current_label_crit_section(label);
> return 0;
> @@ -1076,12 +1075,29 @@ static int apparmor_userns_create(const struct cred *cred)
> return error;
> }
>
> +static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t gfp)
> +{
> + struct aa_sk_ctx *ctx = aa_sock(sk);
> + struct aa_label *label;
> + bool needput;
> +
> + label = __begin_current_label_crit_section(&needput);
>
> + //spin_lock_init(&ctx->lock);
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> + rcu_assign_pointer(ctx->label, aa_get_label(label));
> + rcu_assign_pointer(ctx->peer, NULL);
> + rcu_assign_pointer(ctx->peer_lastupdate, NULL);
> + __end_current_label_crit_section(label, needput);
> + return 0;
> +}
>
> -- Steve
Powered by blists - more mailing lists