Re: selinux networking: sleeping functin called from invalid contextin 2.6.20-rc[12]
From: Parag Warudkar
Date: Sun Dec 24 2006 - 19:27:36 EST
On Mon, 25 Dec 2006, Adam J. Richter wrote:
Under 2.6.20-rc1 and 2.6.20-rc2, I get the following complaint
for several network programs running on my system:
[ 156.381868] BUG: sleeping function called from invalid context at net/core/sock.c:1523
[ 156.381876] in_atomic():1, irqs_disabled():0
[ 156.381881] no locks held by kio_http/9693.
[ 156.381886] [<c01057a2>] show_trace_log_lvl+0x1a/0x2f
[ 156.381900] [<c0105dab>] show_trace+0x12/0x14
[ 156.381908] [<c0105e48>] dump_stack+0x16/0x18
[ 156.381917] [<c011e30f>] __might_sleep+0xe5/0xeb
[ 156.381926] [<c025942a>] lock_sock_nested+0x1d/0xc4
[ 156.381937] [<c01cc570>] selinux_netlbl_inode_permission+0x5a/0x8e
[ 156.381946] [<c01c2505>] selinux_file_permission+0x96/0x9b
[ 156.381954] [<c0175a0a>] vfs_write+0x8d/0x167
[ 156.381962] [<c017605a>] sys_write+0x3f/0x63
[ 156.381971] [<c01040c0>] syscall_call+0x7/0xb
[ 156.381980] =======================
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() probably needs to use the BH counterpart
unconditionally. But I am not sure if that function is always called from an atomic context. Assuming it is, the
attached patch should fix this.
Compile tested.
Signed-off-by: Parag Warudkar <paragw@xxxxxxxxxxxxxxxx>
Parag
--- linux-2.6/security/selinux/ss/services.c.orig 2006-12-24 18:52:42.000000000 -0500
+++ linux-2.6/security/selinux/ss/services.c 2006-12-24 19:00:22.000000000 -0500
@@ -2660,9 +2660,9 @@
rcu_read_unlock();
return 0;
}
- lock_sock(sock->sk);
+ bh_lock_sock_nested(sock->sk);
rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
- release_sock(sock->sk);
+ bh_unlock_sock(sock->sk);
rcu_read_unlock();
return rc;