Re: [PATCH 04/13] security/selinux: check for LOOKUP_RCU in _follow_link.

[Al Viro]

On Mon, Mar 16, 2015 at 03:43:19PM +1100, NeilBrown wrote:
> Some of dentry_has_perm() is not rcu-safe, so if LOOKUP_RCU
> is set in selinux_inode_follow_link(), give up with
> -ECHILD.
> 
> It is possible that dentry_has_perm could sometimes complete
> in RCU more, in which case the flag could be propagated further
> down the stack...

It bloody well can.  Expand it a bit and you'll see - the nastiness
comes from avc_audit() doing
        return slow_avc_audit(ssid, tsid, tclass,
                              requested, audited, denied, result,
                              a, 0);
and passing that 0 to slow_avc_audit().  Pass it MAY_NOT_BLOCK instead
and it'll bugger off with -ECHILD in blocking case.

Call chain is dentry_has_perm -> inode_has_perm -> avc_has_perm -> avc_audit.
Expand those (including avc_audit()) and make slow_avc_audit() get
flags & LOOKUP_RCU ? MAY_NOT_BLOCK : 0.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/