[PATCH RESEND] device_cgroup: Fix RCU list debugging warning

Serge E. Hallyn serge at hallyn.com
Mon Jun 8 04:17:34 UTC 2020


On Sun, Jun 07, 2020 at 12:08:40PM -0700, Paul E. McKenney wrote:
> On Sun, Jun 07, 2020 at 06:23:40AM +1000, Stephen Rothwell wrote:
> > Hi all,
> > 
> > On Mon, 6 Apr 2020 16:29:50 +0530 Amol Grover <frextrite at gmail.com> wrote:
> > >
> > > exceptions may be traversed using list_for_each_entry_rcu()
> > > outside of an RCU read side critical section BUT under the
> > > protection of decgroup_mutex. Hence add the corresponding
> > > lockdep expression to fix the following false-positive
> > > warning:
> > > 
> > > [    2.304417] =============================
> > > [    2.304418] WARNING: suspicious RCU usage
> > > [    2.304420] 5.5.4-stable #17 Tainted: G            E
> > > [    2.304422] -----------------------------
> > > [    2.304424] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
> > > 
> > > Signed-off-by: Amol Grover <frextrite at gmail.com>
> > > ---
> > >  security/device_cgroup.c | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/security/device_cgroup.c b/security/device_cgroup.c
> > > index 7d0f8f7431ff..b7da9e0970d9 100644
> > > --- a/security/device_cgroup.c
> > > +++ b/security/device_cgroup.c
> > > @@ -352,7 +352,8 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
> > >  {
> > >  	struct dev_exception_item *ex;
> > >  
> > > -	list_for_each_entry_rcu(ex, exceptions, list) {
> > > +	list_for_each_entry_rcu(ex, exceptions, list,
> > > +				lockdep_is_held(&devcgroup_mutex)) {
> > >  		if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
> > >  			continue;
> > >  		if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))
> > > -- 
> > > 2.24.1
> > > 
> > 
> > I have been carrying the above patch in linux-next for some time now.
> > I have been carrying it because it fixes problems for syzbot (see the
> > third warning in
> > https://lore.kernel.org/linux-next/CACT4Y+YnjK+kq0pfb5fe-q1bqe2T1jq_mvKHf--Z80Z3wkyK1Q@mail.gmail.com/).
> > Is there some reason it has not been applied to some tree?
> 
> The RCU changes on which this patch depends have long since made it to
> mainline, so it can go up any tree.  I can take it if no one else will,
> but it might be better going in via the security tree.
> 
> 							Thanx, Paul

James, do you mind pulling it in?



More information about the Linux-security-module-archive mailing list