Message ID | 164996959615.228204.13557296900347416352.stgit@olly (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Paul Moore |
Headers | show |
Series | selinux: don't sleep when CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is true | expand |
On Thu, Apr 14, 2022 at 4:53 PM Paul Moore <paul@paul-moore.com> wrote: > > Unfortunately commit 81200b0265b1 ("selinux: checkreqprot is > deprecated, add some ssleep() discomfort") added a five second sleep > during early kernel boot, e.g. start_kernel(), which could cause a > "scheduling while atomic" panic. This patch fixes this problem by > moving the sleep out of checkreqprot_set() and into > sel_write_checkreqprot() so that we only sleep when the checkreqprot > setting is set during runtime, after the kernel has booted. The > error message remains the same in both cases. > > Fixes: 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort") > Reported-by: J. Bruce Fields <bfields@fieldses.org> > Signed-off-by: Paul Moore <paul@paul-moore.com> > --- > security/selinux/include/security.h | 4 +--- > security/selinux/selinuxfs.c | 2 ++ > 2 files changed, 3 insertions(+), 3 deletions(-) This patch is very trivial, but just a word of warning that I haven't actually tested it yet, so YMMV ... my test kernel is building now. > diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h > index f7e6be63adfb..393aff41d3ef 100644 > --- a/security/selinux/include/security.h > +++ b/security/selinux/include/security.h > @@ -152,10 +152,8 @@ static inline bool checkreqprot_get(const struct selinux_state *state) > > static inline void checkreqprot_set(struct selinux_state *state, bool value) > { > - if (value) { > + if (value) > pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot\n"); > - ssleep(5); > - } > WRITE_ONCE(state->checkreqprot, value); > } > > diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c > index 6c8b6a0ddecf..8fcdd494af27 100644 > --- a/security/selinux/selinuxfs.c > +++ b/security/selinux/selinuxfs.c > @@ -762,6 +762,8 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, > } > > checkreqprot_set(fsi->state, (new_value ? 1 : 0)); > + if (new_value) > + ssleep(5); > length = count; > > selinux_ima_measure_state(fsi->state); >
On Thu, Apr 14, 2022 at 4:54 PM Paul Moore <paul@paul-moore.com> wrote: > On Thu, Apr 14, 2022 at 4:53 PM Paul Moore <paul@paul-moore.com> wrote: > > > > Unfortunately commit 81200b0265b1 ("selinux: checkreqprot is > > deprecated, add some ssleep() discomfort") added a five second sleep > > during early kernel boot, e.g. start_kernel(), which could cause a > > "scheduling while atomic" panic. This patch fixes this problem by > > moving the sleep out of checkreqprot_set() and into > > sel_write_checkreqprot() so that we only sleep when the checkreqprot > > setting is set during runtime, after the kernel has booted. The > > error message remains the same in both cases. > > > > Fixes: 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort") > > Reported-by: J. Bruce Fields <bfields@fieldses.org> > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > --- > > security/selinux/include/security.h | 4 +--- > > security/selinux/selinuxfs.c | 2 ++ > > 2 files changed, 3 insertions(+), 3 deletions(-) > > This patch is very trivial, but just a word of warning that I haven't > actually tested it yet, so YMMV ... my test kernel is building now. Everything is behaving sanely on my Rawhide VM, both when built with 0 and 1 values for checkreqprot, so unless I hear any objections I'll merge this later tonight.
On Thu, Apr 14, 2022 at 6:05 PM Paul Moore <paul@paul-moore.com> wrote: > On Thu, Apr 14, 2022 at 4:54 PM Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Apr 14, 2022 at 4:53 PM Paul Moore <paul@paul-moore.com> wrote: > > > > > > Unfortunately commit 81200b0265b1 ("selinux: checkreqprot is > > > deprecated, add some ssleep() discomfort") added a five second sleep > > > during early kernel boot, e.g. start_kernel(), which could cause a > > > "scheduling while atomic" panic. This patch fixes this problem by > > > moving the sleep out of checkreqprot_set() and into > > > sel_write_checkreqprot() so that we only sleep when the checkreqprot > > > setting is set during runtime, after the kernel has booted. The > > > error message remains the same in both cases. > > > > > > Fixes: 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort") > > > Reported-by: J. Bruce Fields <bfields@fieldses.org> > > > Signed-off-by: Paul Moore <paul@paul-moore.com> > > > --- > > > security/selinux/include/security.h | 4 +--- > > > security/selinux/selinuxfs.c | 2 ++ > > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > This patch is very trivial, but just a word of warning that I haven't > > actually tested it yet, so YMMV ... my test kernel is building now. > > Everything is behaving sanely on my Rawhide VM, both when built with 0 > and 1 values for checkreqprot, so unless I hear any objections I'll > merge this later tonight. .... aaaand it's merged.
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index f7e6be63adfb..393aff41d3ef 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -152,10 +152,8 @@ static inline bool checkreqprot_get(const struct selinux_state *state) static inline void checkreqprot_set(struct selinux_state *state, bool value) { - if (value) { + if (value) pr_err("SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot\n"); - ssleep(5); - } WRITE_ONCE(state->checkreqprot, value); } diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 6c8b6a0ddecf..8fcdd494af27 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -762,6 +762,8 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, } checkreqprot_set(fsi->state, (new_value ? 1 : 0)); + if (new_value) + ssleep(5); length = count; selinux_ima_measure_state(fsi->state);
Unfortunately commit 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort") added a five second sleep during early kernel boot, e.g. start_kernel(), which could cause a "scheduling while atomic" panic. This patch fixes this problem by moving the sleep out of checkreqprot_set() and into sel_write_checkreqprot() so that we only sleep when the checkreqprot setting is set during runtime, after the kernel has booted. The error message remains the same in both cases. Fixes: 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort") Reported-by: J. Bruce Fields <bfields@fieldses.org> Signed-off-by: Paul Moore <paul@paul-moore.com> --- security/selinux/include/security.h | 4 +--- security/selinux/selinuxfs.c | 2 ++ 2 files changed, 3 insertions(+), 3 deletions(-)