lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <9617acf2-293f-430d-a421-59c7675be7f7@canonical.com>
Date: Tue, 22 Jul 2025 10:32:47 -0700
From: John Johansen <john.johansen@...onical.com>
To: Steven Rostedt <rostedt@...dmis.org>, LKML
 <linux-kernel@...r.kernel.org>, apparmor@...ts.ubuntu.com
Subject: Re: Lockdep warning for non-static key in apparmor code

On 7/22/25 07:24, Steven Rostedt wrote:
> On Tue, 22 Jul 2025 10:04:13 -0400
> Steven Rostedt <rostedt@...dmis.org> wrote:
> 
>> Booting latest linux-next, I triggered this warning.
>>
>> Looks to be associated to apparmor. Was there an allocated spinlock not
>> initialized properly?
> 
> Yeah, you don't initialize the spin lock. Is there a reason you commented
> out the spin lock initialization in 88fec3526e841 ("apparmor: make sure
> unix socket labeling is correctly updated.")?
> 
Ooops yes sorry, I split out the lock here to a second patch so I could do
some testing around the impact the lock would have against the unix socket
case. That patch was supposed to get folded back in, but it looks like
I picked the wrong sha (from the branch with it not folded in) into the next
tree.

I get that fixed asap



> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -508,7 +508,6 @@ static int apparmor_file_alloc_security(struct file *file)
>          struct aa_file_ctx *ctx = file_ctx(file);
>          struct aa_label *label = begin_current_label_crit_section();
>   
> -       spin_lock_init(&ctx->lock);
>          rcu_assign_pointer(ctx->label, aa_get_label(label));
>          end_current_label_crit_section(label);
>          return 0;
> @@ -1076,12 +1075,29 @@ static int apparmor_userns_create(const struct cred *cred)
>          return error;
>   }
>   
> +static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t gfp)
> +{
> +       struct aa_sk_ctx *ctx = aa_sock(sk);
> +       struct aa_label *label;
> +       bool needput;
> +
> +       label = __begin_current_label_crit_section(&needput);
> 
> +       //spin_lock_init(&ctx->lock);
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> +       rcu_assign_pointer(ctx->label, aa_get_label(label));
> +       rcu_assign_pointer(ctx->peer, NULL);
> +       rcu_assign_pointer(ctx->peer_lastupdate, NULL);
> +       __end_current_label_crit_section(label, needput);
> +       return 0;
> +}
> 
> -- Steve


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ