[PATCH V3 5/5 selinux-next] selinux: Switch to rcu read locks for avc_compute

Peter Enderborg peter.enderborg at sony.com
Wed May 30 14:11:04 UTC 2018


To be able to preempt avc_compute we need preemptible
locks, this patch switch the rwlock reads to rcu_read_lock.

Signed-off-by: Peter Enderborg <peter.enderborg at sony.com>
---
 security/selinux/ss/services.c | 152 +++++++++++++++++++++--------------------
 security/selinux/ss/services.h |   2 +-
 2 files changed, 79 insertions(+), 75 deletions(-)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 954ebe490516..a9aa863c47a3 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -84,7 +84,7 @@ static struct selinux_ss selinux_ss;
 
 void selinux_ss_init(struct selinux_ss **ss)
 {
-	rwlock_init(&selinux_ss.policy_rwlock);
+	spin_lock_init(&selinux_ss.policy_lock);
 	mutex_init(&selinux_ss.status_lock);
 	selinux_ss.active_set = kzalloc(sizeof(struct selinux_ruleset),
 					GFP_KERNEL);
@@ -779,7 +779,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
 	if (!state->initialized)
 		return 0;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -837,7 +837,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
 	}
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -879,7 +879,7 @@ int security_bounded_transition(struct selinux_state *state,
 	if (!state->initialized)
 		return 0;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -944,7 +944,7 @@ int security_bounded_transition(struct selinux_state *state,
 		kfree(old_name);
 	}
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 
 	return rc;
 }
@@ -1035,7 +1035,7 @@ void security_compute_xperms_decision(struct selinux_state *state,
 	memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p));
 	memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p));
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	if (!state->initialized)
 		goto allow;
 
@@ -1092,7 +1092,7 @@ void security_compute_xperms_decision(struct selinux_state *state,
 		}
 	}
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return;
 allow:
 	memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p));
@@ -1122,7 +1122,7 @@ void security_compute_av(struct selinux_state *state,
 	u16 tclass;
 	struct context *scontext = NULL, *tcontext = NULL;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	avd_init(state, avd);
 	xperms->len = 0;
 	if (!state->initialized)
@@ -1160,7 +1160,7 @@ void security_compute_av(struct selinux_state *state,
 	map_decision(&state->ss->active_set->map, orig_tclass, avd,
 		     policydb->allow_unknown);
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return;
 allow:
 	avd->allowed = 0xffffffff;
@@ -1177,7 +1177,7 @@ void security_compute_av_user(struct selinux_state *state,
 	struct sidtab *sidtab;
 	struct context *scontext = NULL, *tcontext = NULL;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	avd_init(state, avd);
 	if (!state->initialized)
 		goto allow;
@@ -1212,7 +1212,7 @@ void security_compute_av_user(struct selinux_state *state,
 	context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
 				  NULL);
  out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return;
 allow:
 	avd->allowed = 0xffffffff;
@@ -1319,7 +1319,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
 		rc = -EINVAL;
 		goto out;
 	}
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
 	if (force)
@@ -1335,7 +1335,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
 	rc = context_struct_to_string(policydb, context, scontext,
 				      scontext_len);
 out_unlock:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 out:
 	return rc;
 
@@ -1491,7 +1491,7 @@ static int security_context_to_sid_core(struct selinux_state *state,
 		if (!str)
 			goto out;
 	}
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
 	rc = string_to_context_struct(policydb, sidtab, scontext2,
@@ -1505,7 +1505,7 @@ static int security_context_to_sid_core(struct selinux_state *state,
 	rc = sidtab_context_to_sid(sidtab, &context, sid);
 	context_destroy(&context);
 out_unlock:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 out:
 	kfree(scontext2);
 	kfree(str);
@@ -1666,7 +1666,7 @@ static int security_compute_sid(struct selinux_state *state,
 
 	context_init(&newcontext);
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	if (kern) {
 		tclass = unmap_class(&state->ss->active_set->map, orig_tclass);
@@ -1806,7 +1806,7 @@ static int security_compute_sid(struct selinux_state *state,
 	/* Obtain the sid for the context. */
 	rc = sidtab_context_to_sid(sidtab, &newcontext, out_sid);
 out_unlock:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	context_destroy(&newcontext);
 out:
 	return rc;
@@ -2166,14 +2166,14 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
 	if (rc)
 		goto pdcerr;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	old_set = state->ss->active_set;
 	rc = policydb_copy(&old_set->policydb, pdc, &storage, size);
 
 	/* save seq */
 	seqno = state->ss->latest_granting;
 
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 
 	policydb_flattened_free(storage);
 
@@ -2232,16 +2232,18 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
 		goto maperr;
 	}
 
+
 	next_set->map.mapping = newmap.mapping;
 	next_set->map.size = newmap.size;
 
 	/* Install the new policydb and SID table. */
-	write_lock_irq(&state->ss->policy_rwlock);
-	if (seqno == state->ss->latest_granting) {
+	spin_lock_irq(&state->ss->policy_lock);
+	if (likely(seqno == state->ss->latest_granting)) {
 		security_load_policycaps(state, &next_set->policydb);
 		seqno = ++state->ss->latest_granting;
 		state->ss->active_set = next_set;
-		write_unlock_irq(&state->ss->policy_rwlock);
+		spin_unlock_irq(&state->ss->policy_lock);
+		synchronize_rcu();
 
 		avc_ss_reset(state->avc, seqno);
 		selnl_notify_policyload(seqno);
@@ -2260,7 +2262,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
 		rc = 0;
 		goto out;
 	} else {
-		write_unlock_irq(&state->ss->policy_rwlock);
+		spin_unlock_irq(&state->ss->policy_lock);
 		rc = -EAGAIN;
 	}
 maperr:
@@ -2285,9 +2287,9 @@ size_t security_policydb_len(struct selinux_state *state)
 	struct policydb *p = &state->ss->active_set->policydb;
 	size_t len;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	len = p->len;
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 
 	return len;
 }
@@ -2306,7 +2308,7 @@ int security_port_sid(struct selinux_state *state,
 	struct ocontext *c;
 	int rc = 0;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -2334,7 +2336,7 @@ int security_port_sid(struct selinux_state *state,
 	}
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -2352,7 +2354,7 @@ int security_ib_pkey_sid(struct selinux_state *state,
 	struct ocontext *c;
 	int rc = 0;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -2380,7 +2382,7 @@ int security_ib_pkey_sid(struct selinux_state *state,
 		*out_sid = SECINITSID_UNLABELED;
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -2398,7 +2400,7 @@ int security_ib_endport_sid(struct selinux_state *state,
 	struct ocontext *c;
 	int rc = 0;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -2427,7 +2429,7 @@ int security_ib_endport_sid(struct selinux_state *state,
 		*out_sid = SECINITSID_UNLABELED;
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -2444,7 +2446,7 @@ int security_netif_sid(struct selinux_state *state,
 	int rc = 0;
 	struct ocontext *c;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -2474,7 +2476,7 @@ int security_netif_sid(struct selinux_state *state,
 		*if_sid = SECINITSID_NETIF;
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -2509,7 +2511,7 @@ int security_node_sid(struct selinux_state *state,
 	int rc;
 	struct ocontext *c;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -2567,7 +2569,7 @@ int security_node_sid(struct selinux_state *state,
 
 	rc = 0;
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -2609,7 +2611,7 @@ int security_get_user_sids(struct selinux_state *state,
 	if (!state->initialized)
 		goto out;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -2663,7 +2665,7 @@ int security_get_user_sids(struct selinux_state *state,
 	}
 	rc = 0;
 out_unlock:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	if (rc || !mynel) {
 		kfree(mysids);
 		goto out;
@@ -2705,7 +2707,7 @@ int security_get_user_sids(struct selinux_state *state,
  * cannot support xattr or use a fixed labeling behavior like
  * transition SIDs or task SIDs.
  *
- * The caller must acquire the policy_rwlock before calling this function.
+ * The caller must acquire the policy_lock before calling this function.
  */
 static inline int __security_genfs_sid(struct selinux_state *state,
 				       const char *fstype,
@@ -2767,7 +2769,7 @@ static inline int __security_genfs_sid(struct selinux_state *state,
  * @sclass: file security class
  * @sid: SID for path
  *
- * Acquire policy_rwlock before calling __security_genfs_sid() and release
+ * Acquire policy_lock before calling __security_genfs_sid() and release
  * it afterward.
  */
 int security_genfs_sid(struct selinux_state *state,
@@ -2778,9 +2780,9 @@ int security_genfs_sid(struct selinux_state *state,
 {
 	int retval;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	retval = __security_genfs_sid(state, fstype, path, orig_sclass, sid);
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return retval;
 }
 
@@ -2797,7 +2799,7 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb)
 	struct superblock_security_struct *sbsec = sb->s_security;
 	const char *fstype = sb->s_type->name;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 	sidtab = state->ss->active_set->sidtab;
@@ -2830,7 +2832,7 @@ int security_fs_use(struct selinux_state *state, struct super_block *sb)
 	}
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -2847,7 +2849,7 @@ int security_get_bools(struct selinux_state *state,
 		return 0;
 	}
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 
@@ -2880,7 +2882,7 @@ int security_get_bools(struct selinux_state *state,
 	}
 	rc = 0;
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 err:
 	if (*names) {
@@ -2914,13 +2916,14 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
 		goto errout;
 	}
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	old_set = state->ss->active_set;
 	seqno = state->ss->latest_granting;
 	memcpy(next_set, old_set, sizeof(struct selinux_ruleset));
 	rc = policydb_copy(&old_set->policydb, &next_set->policydb,
 			   &storage, size);
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
+
 	if (rc)
 		goto out;
 
@@ -2956,12 +2959,13 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
 	rc = 0;
 out:
 	if (!rc) {
-		write_lock_irq(&state->ss->policy_rwlock);
+		spin_lock_irq(&state->ss->policy_lock);
 		if (seqno == state->ss->latest_granting) {
 			seqno = ++state->ss->latest_granting;
 			state->ss->active_set = next_set;
 			rc = 0;
-			write_unlock_irq(&state->ss->policy_rwlock);
+			spin_unlock_irq(&state->ss->policy_lock);
+			synchronize_rcu();
 			avc_ss_reset(state->avc, seqno);
 			selnl_notify_policyload(seqno);
 			selinux_status_update_policyload(state, seqno);
@@ -2970,7 +2974,7 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
 			kfree(old_set);
 		} else {
 			rc = -ENOMEM;
-			write_unlock_irq(&state->ss->policy_rwlock);
+			spin_unlock_irq(&state->ss->policy_lock);
 			printk(KERN_ERR "SELinux: %s failed in seqno %d\n",
 			       __func__, rc);
 			policydb_destroy(&next_set->policydb);
@@ -2994,7 +2998,7 @@ int security_get_bool_value(struct selinux_state *state,
 	int rc;
 	int len;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	policydb = &state->ss->active_set->policydb;
 
@@ -3005,7 +3009,7 @@ int security_get_bool_value(struct selinux_state *state,
 
 	rc = policydb->bool_val_to_struct[index]->state;
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -3065,7 +3069,7 @@ int security_sid_mls_copy(struct selinux_state *state,
 
 	context_init(&newcon);
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	rc = -EINVAL;
 	context1 = sidtab_search(sidtab, sid);
@@ -3108,7 +3112,7 @@ int security_sid_mls_copy(struct selinux_state *state,
 
 	rc = sidtab_context_to_sid(sidtab, &newcon, new_sid);
 out_unlock:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	context_destroy(&newcon);
 out:
 	return rc;
@@ -3170,7 +3174,7 @@ int security_net_peersid_resolve(struct selinux_state *state,
 	if (!policydb->mls_enabled)
 		return 0;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	rc = -EINVAL;
 	nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
@@ -3197,7 +3201,7 @@ int security_net_peersid_resolve(struct selinux_state *state,
 	 * expressive */
 	*peer_sid = xfrm_sid;
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -3226,7 +3230,7 @@ int security_get_classes(struct selinux_state *state,
 		return 0;
 	}
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	rc = -ENOMEM;
 	*nclasses = policydb->p_classes.nprim;
@@ -3244,7 +3248,7 @@ int security_get_classes(struct selinux_state *state,
 	}
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -3268,7 +3272,7 @@ int security_get_permissions(struct selinux_state *state,
 	int rc, i;
 	struct class_datum *match;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	rc = -EINVAL;
 	match = hashtab_search(policydb->p_classes.table, class);
@@ -3297,11 +3301,11 @@ int security_get_permissions(struct selinux_state *state,
 		goto err;
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 
 err:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	for (i = 0; i < *nperms; i++)
 		kfree((*perms)[i]);
 	kfree(*perms);
@@ -3334,9 +3338,9 @@ int security_policycap_supported(struct selinux_state *state,
 	struct policydb *policydb = &state->ss->active_set->policydb;
 	int rc;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	rc = ebitmap_get_bit(&policydb->policycaps, req_cap);
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 
 	return rc;
 }
@@ -3402,7 +3406,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
 
 	context_init(&tmprule->au_ctxt);
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	tmprule->au_seqno = state->ss->latest_granting;
 
@@ -3443,7 +3447,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
 	}
 	rc = 0;
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 
 	if (rc) {
 		selinux_audit_rule_free(tmprule);
@@ -3494,7 +3498,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 		return -ENOENT;
 	}
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	if (rule->au_seqno < state->ss->latest_granting) {
 		match = -ESTALE;
@@ -3585,7 +3589,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 	}
 
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return match;
 }
 
@@ -3674,7 +3678,7 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state,
 		return 0;
 	}
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	if (secattr->flags & NETLBL_SECATTR_CACHE)
 		*sid = *(u32 *)secattr->cache->data;
@@ -3710,12 +3714,12 @@ int security_netlbl_secattr_to_sid(struct selinux_state *state,
 	} else
 		*sid = SECSID_NULL;
 
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return 0;
 out_free:
 	ebitmap_destroy(&ctx_new.range.level[0].cat);
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 
@@ -3739,7 +3743,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state,
 	if (!state->initialized)
 		return 0;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 
 	rc = -ENOENT;
 	ctx = sidtab_search(state->ss->active_set->sidtab, sid);
@@ -3757,7 +3761,7 @@ int security_netlbl_sid_to_secattr(struct selinux_state *state,
 	mls_export_netlbl_lvl(policydb, ctx, secattr);
 	rc = mls_export_netlbl_cat(policydb, ctx, secattr);
 out:
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 	return rc;
 }
 #endif /* CONFIG_NETLABEL */
@@ -3787,9 +3791,9 @@ int security_read_policy(struct selinux_state *state,
 	fp.data = *data;
 	fp.len = *len;
 
-	read_lock(&state->ss->policy_rwlock);
+	rcu_read_lock();
 	rc = policydb_write(policydb, &fp);
-	read_unlock(&state->ss->policy_rwlock);
+	rcu_read_unlock();
 
 	if (rc)
 		return rc;
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index 9219649c70ed..84cbcf226551 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -33,7 +33,7 @@ struct selinux_ruleset {
 };
 struct selinux_ss {
 	struct selinux_ruleset *active_set; /* rcu pointer */
-	rwlock_t policy_rwlock;
+	spinlock_t policy_lock;
 	u32 latest_granting;
 	struct page *status_page;
 	struct mutex status_lock;
-- 
2.15.1

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list