From patchwork Wed Nov 23 05:01:08 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vishal Goel <vishal.goel@samsung.com>
X-Patchwork-Id: 9442619
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	24D016075F
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 23 Nov 2016 05:06:57 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 17EFF1FEBD
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 23 Nov 2016 05:06:57 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 0C720205AB; Wed, 23 Nov 2016 05:06:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6B3AF205A8
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 23 Nov 2016 05:06:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1750801AbcKWFGu (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Wed, 23 Nov 2016 00:06:50 -0500
Received: from mailout2.samsung.com ([203.254.224.25]:50087 "EHLO
	mailout2.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750710AbcKWFGt (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Wed, 23 Nov 2016 00:06:49 -0500
Received: from epcpsbgm2new.samsung.com (epcpsbgm2 [203.254.230.27])
	by mailout2.samsung.com
	(Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5
	2014)) with ESMTP id <0OH2020CTWT8J740@mailout2.samsung.com> for
	linux-security-module@vger.kernel.org;
	Wed, 23 Nov 2016 14:05:38 +0900 (KST)
X-AuditID: cbfee61b-f796f6d000004092-31-583523a2db78
Received: from epmmp1.local.host ( [203.254.227.16])
	by epcpsbgm2new.samsung.com (EPCPMTA) with SMTP id
	98.EF.16530.2A325385; Wed, 23 Nov 2016 14:05:38 +0900 (KST)
Received: from localhost.localdomain ([107.108.92.210])
	by mmp1.samsung.com (Oracle Communications Messaging Server
	7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id
	<0OH2002UKWT6RW00@mmp1.samsung.com>; Wed,
	23 Nov 2016 14:05:38 +0900 (KST)
From: Vishal Goel <vishal.goel@samsung.com>
To: casey@schaufler-ca.com, linux-security-module@vger.kernel.org
Cc: vishal.goel@samsung.com, himanshu.sh@samsung.com,
	Vishal Goel <vishal.goel@samsung.com>,
	Himanshu Shukla <himanshu.sh@samsung.com>
Subject: [PATCH 1/3] SMACK: Add the rcu synchronization mechanism in ipv6
	hooks
Date: Wed, 23 Nov 2016 10:31:08 +0530
Message-id: <1479877268-46563-1-git-send-email-vishal.goel@samsung.com>
X-Mailer: git-send-email 1.9.1
X-Brightmail-Tracker: 
 H4sIAAAAAAAAA+NgFtrDLMWRmVeSWpSXmKPExsVy+t9jAd1FyqYRBseP8lrc2/aLzWLvkxZW
	iw89j9gs1t0+zejA4tG3ZRWjx9H9i9g8Pm+SC2COcrPJSE1MSS1SSM1Lzk/JzEu3VQoNcdO1
	UFLIS8xNtVWK0PUNCVJSKEvMKQXyjAzQgINzgHuwkr5dglvGiY9bWQuOSFe8/PmMuYFxuVgX
	IyeHhICJxKZdncwQtpjEhXvr2UBsIYGljBKL51t0MXIB2T8ZJVZeXc4OkmAT0JbonXeXCcQW
	EXCUaDy1nAmkiFmgi1Hi7LROVpCEsIC/xJrVu1hAbBYBVYnVnS/ApvIKuEus+tHLCrFNTuLk
	scmsExi5FzAyrGKUSC1ILihOSs81ykst1ytOzC0uzUvXS87P3cQIDrln0jsYD+9yP8QowMGo
	xMOrscUkQog1say4MvcQowQHs5IIb6ycaYQQb0piZVVqUX58UWlOavEhRlOgAyYyS4km5wPj
	Ia8k3tDE3MTc2MDC3NLSxEhJnLdx9rNwIYH0xJLU7NTUgtQimD4mDk6pBsbpRdKKc6pnOT07
	kLk+dWNI3J7vUzv+XXn0bEGulVn2b40Demaaxf7sLfuzNSa9PF9pMUvPbob8lGuuHxpXPJvq
	1n9VteqXgNup9TL63cE3N9rf3HjEM2eVjW3WudWvd5R/+yFfxxUYFS3c4SS1Q2xr+dpzz6JF
	Jm/0fnBc8e5lyTPtMxefrr+uxFKckWioxVxUnAgA+zLb2E8CAAA=
X-MTR: 20000000000000000@CPGS
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Add the rcu synchronization mechanism for accessing smk_ipv6_port_list
in smack IPv6 hooks. Access to the port list is vulnerable to a race
condition issue,it does not apply proper synchronization methods while
working on critical section. It is possible that when one thread is
reading the list, at the same time another thread is modifying the
same port list, which can cause the major problems.

To ensure proper synchronization between two threads, rcu mechanism
has been applied while accessing and modifying the port list. RCU will
also not affect the performance, as there are more accesses than
modification where RCU is most effective synchronization mechanism.

Signed-off-by: Vishal Goel <vishal.goel@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/smack_lsm.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1cb0602..404919d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -52,6 +52,7 @@
 #define SMK_SENDING	2
 
 #ifdef SMACK_IPV6_PORT_LABELING
+DEFINE_MUTEX(smack_ipv6_lock);
 static LIST_HEAD(smk_ipv6_port_list);
 #endif
 static struct kmem_cache *smack_inode_cache;
@@ -2604,17 +2605,20 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
 		 * on the bound socket. Take the changes to the port
 		 * as well.
 		 */
-		list_for_each_entry(spp, &smk_ipv6_port_list, list) {
+		rcu_read_lock();
+		list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
 			if (sk != spp->smk_sock)
 				continue;
 			spp->smk_in = ssp->smk_in;
 			spp->smk_out = ssp->smk_out;
+			rcu_read_unlock();
 			return;
 		}
 		/*
 		 * A NULL address is only used for updating existing
 		 * bound entries. If there isn't one, it's OK.
 		 */
+		rcu_read_unlock();
 		return;
 	}
 
@@ -2630,16 +2634,18 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
 	 * Look for an existing port list entry.
 	 * This is an indication that a port is getting reused.
 	 */
-	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
+	rcu_read_lock();
+	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
 		if (spp->smk_port != port)
 			continue;
 		spp->smk_port = port;
 		spp->smk_sock = sk;
 		spp->smk_in = ssp->smk_in;
 		spp->smk_out = ssp->smk_out;
+		rcu_read_unlock();
 		return;
 	}
-
+	rcu_read_unlock();
 	/*
 	 * A new port entry is required.
 	 */
@@ -2652,7 +2658,9 @@ static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
 	spp->smk_in = ssp->smk_in;
 	spp->smk_out = ssp->smk_out;
 
-	list_add(&spp->list, &smk_ipv6_port_list);
+	mutex_lock(&smack_ipv6_lock);
+	list_add_rcu(&spp->list, &smk_ipv6_port_list);
+	mutex_unlock(&smack_ipv6_lock);
 	return;
 }
 
@@ -2703,7 +2711,8 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
 		return 0;
 
 	port = ntohs(address->sin6_port);
-	list_for_each_entry(spp, &smk_ipv6_port_list, list) {
+	rcu_read_lock();
+	list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
 		if (spp->smk_port != port)
 			continue;
 		object = spp->smk_in;
@@ -2711,6 +2720,7 @@ static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
 			ssp->smk_packet = spp->smk_out;
 		break;
 	}
+	rcu_read_unlock();
 
 	return smk_ipv6_check(skp, object, address, act);
 }