diff mbox

[3.8.y.z,extended,stable] Patch "selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()" has been added to staging queue

Message ID 1389636640-9948-1-git-send-email-kamal@canonical.com
State New
Headers show

Commit Message

Kamal Mostafa Jan. 13, 2014, 6:10 p.m. UTC 
This is a note to let you know that I have just added a patch titled

    selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.16.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

From fbf8f2e40913388766f54f2b024cb4cb2ea8a4d6 Mon Sep 17 00:00:00 2001
From: Oleg Nesterov <oleg@redhat.com>
Date: Mon, 23 Dec 2013 17:45:01 -0500
Subject: selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()

commit c0c1439541f5305b57a83d599af32b74182933fe upstream.

selinux_setprocattr() does ptrace_parent(p) under task_lock(p),
but task_struct->alloc_lock doesn't pin ->parent or ->ptrace,
this looks confusing and triggers the "suspicious RCU usage"
warning because ptrace_parent() does rcu_dereference_check().

And in theory this is wrong, spin_lock()->preempt_disable()
doesn't necessarily imply rcu_read_lock() we need to access
the ->parent.

Reported-by: Evan McNabb <emcnabb@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 security/selinux/hooks.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--
1.8.3.2
diff mbox

Patch

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0963169..6b0b250 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5455,11 +5455,11 @@  static int selinux_setprocattr(struct task_struct *p,
 		/* Check for ptracing, and update the task SID if ok.
 		   Otherwise, leave SID unchanged and fail. */
 		ptsid = 0;
-		task_lock(p);
+		rcu_read_lock();
 		tracer = ptrace_parent(p);
 		if (tracer)
 			ptsid = task_sid(tracer);
-		task_unlock(p);
+		rcu_read_unlock();

 		if (tracer) {
 			error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,