[PATCH] smack: use GFP_NOFS while holding inode_smack::smk_lock

Casey Schaufler casey at schaufler-ca.com
Thu Aug 22 16:44:12 UTC 2019 

On 8/21/2019 10:54 PM, Eric Biggers wrote:
> From: Eric Biggers <ebiggers at google.com>
>
> inode_smack::smk_lock is taken during smack_d_instantiate(), which is
> called during a filesystem transaction when creating a file on ext4.
> Therefore to avoid a deadlock, all code that takes this lock must use
> GFP_NOFS, to prevent memory reclaim from waiting for the filesystem
> transaction to complete.
>
> Reported-by: syzbot+0eefc1e06a77d327a056 at syzkaller.appspotmail.com
> Cc: stable at vger.kernel.org
> Signed-off-by: Eric Biggers <ebiggers at google.com>

I will run tests on this, and will take it in the Smack tree
unless there are unexpected failures.

> ---
>  security/smack/smack_access.c | 6 +++---
>  security/smack/smack_lsm.c    | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
> index f1c93a7be9ec..38ac3da4e791 100644
> --- a/security/smack/smack_access.c
> +++ b/security/smack/smack_access.c
> @@ -465,7 +465,7 @@ char *smk_parse_smack(const char *string, int len)
>  	if (i == 0 || i >= SMK_LONGLABEL)
>  		return ERR_PTR(-EINVAL);
>  
> -	smack = kzalloc(i + 1, GFP_KERNEL);
> +	smack = kzalloc(i + 1, GFP_NOFS);
>  	if (smack == NULL)
>  		return ERR_PTR(-ENOMEM);
>  
> @@ -500,7 +500,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
>  			if ((m & *cp) == 0)
>  				continue;
>  			rc = netlbl_catmap_setbit(&sap->attr.mls.cat,
> -						  cat, GFP_KERNEL);
> +						  cat, GFP_NOFS);
>  			if (rc < 0) {
>  				netlbl_catmap_free(sap->attr.mls.cat);
>  				return rc;
> @@ -536,7 +536,7 @@ struct smack_known *smk_import_entry(const char *string, int len)
>  	if (skp != NULL)
>  		goto freeout;
>  
> -	skp = kzalloc(sizeof(*skp), GFP_KERNEL);
> +	skp = kzalloc(sizeof(*skp), GFP_NOFS);
>  	if (skp == NULL) {
>  		skp = ERR_PTR(-ENOMEM);
>  		goto freeout;
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 50c536cad85b..7e4d3145a018 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -288,7 +288,7 @@ static struct smack_known *smk_fetch(const char *name, struct inode *ip,
>  	if (!(ip->i_opflags & IOP_XATTR))
>  		return ERR_PTR(-EOPNOTSUPP);
>  
> -	buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
> +	buffer = kzalloc(SMK_LONGLABEL, GFP_NOFS);
>  	if (buffer == NULL)
>  		return ERR_PTR(-ENOMEM);
>

More information about the Linux-security-module-archive mailing list