From patchwork Mon Jul 10 14:00:48 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Herbert Xu <herbert@gondor.apana.org.au>
X-Patchwork-Id: 9833073
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	10E9560350 for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon, 10 Jul 2017 14:01:55 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 03F87267EC
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon, 10 Jul 2017 14:01:55 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id ECECD26E40; Mon, 10 Jul 2017 14:01:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 79DBF267EC
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon, 10 Jul 2017 14:01:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932221AbdGJOBf (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Mon, 10 Jul 2017 10:01:35 -0400
Received: from orcrist.hmeau.com ([104.223.48.154]:35532 "EHLO
	deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932215AbdGJOBe (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Mon, 10 Jul 2017 10:01:34 -0400
Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4]
	helo=gondobar)
	by deadmen.hmeau.com with esmtp (Exim 4.84_2 #2 (Debian))
	id 1dUZFJ-00086D-BO; Mon, 10 Jul 2017 22:01:05 +0800
Received: from herbert by gondobar with local (Exim 4.84_2)
	(envelope-from <herbert@gondor.apana.org.au>)
	id 1dUZF2-00043f-CW; Mon, 10 Jul 2017 22:00:48 +0800
Date: Mon, 10 Jul 2017 22:00:48 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Cc: David Miller <davem@davemloft.net>, torvalds@linux-foundation.org,
	akpm@linux-foundation.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Miloslav =?utf-8?B?VHJtYcSN?= <mitr@redhat.com>
Subject: Re: [GIT] Networking
Message-ID: <20170710140048.GA15408@gondor.apana.org.au>
References: <20170708.113644.1272962770645338865.davem@davemloft.net>
	<CA+55aFzocFTX5JR9oG_5uKw-fT6OJUMkD71sypbec7JP=_qwpg@mail.gmail.com>
	<20170709191131.GB22224@oracle.com>
	<20170709.214043.1361767365552001158.davem@davemloft.net>
	<20170710100531.GA14940@gondor.apana.org.au>
	<20170710121002.GB21587@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20170710121002.GB21587@oracle.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

On Mon, Jul 10, 2017 at 08:10:02AM -0400, Sowmini Varadhan wrote:
>
> The reason that the WARN_ON is triggered is that af_alg_accept() calls
> sock_init_data() which does 
> 
>    2636         if (sock) {
>     :
>    2639                 sock->sk        =       sk;

Oh yes.  This started out with just sock_init_data which would
not have triggered your warning.  Then someone came along and
added sock_graft which basically duplicates work already done in
sock_init_data.

In fact the reason they wanted sock_graft was purely to call
security_sock_graft to initialise some SELinux state.  So we
could avoid your warning by calling that directly.

---8<---
crypto: af_alg - Avoid sock_graft call warning

The newly added sock_graft warning triggers in af_alg_accept.
It's harmless as we're essentially doing sock->sk = sock->sk.

The sock_graft call is actually redundant because all the work
it does is subsumed by sock_init_data.  However, it was added
to placate SELinux as it uses it to initialise its internal state.

This patch avoisd the warning by making the SELinux call directly.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 3556d8e..92a3d54 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -287,7 +287,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock, bool kern)
 		goto unlock;
 
 	sock_init_data(newsock, sk2);
-	sock_graft(sk2, newsock);
+	security_sock_graft(sk2, newsock);
 	security_sk_clone(sk, sk2);
 
 	err = type->accept(ask->private, sk2);