[GIT PULL] security: device_cgroup RCU warning fix

Tue Sep 15 20:21:29 UTC 2020

This was posted a while back and been baking in -next for a while, please 
consider for 5.9.


The following changes since commit bcf876870b95592b52519ed4aafcf9d95999bc9c:

  Linux 5.8 (2020-08-02 14:21:45 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git tags/fixes-v5.9a

for you to fetch changes up to bc62d68e2a0a69fcdcf28aca8edb01abf306b698:

  device_cgroup: Fix RCU list debugging warning (2020-08-20 11:25:03 -0700)

----------------------------------------------------------------
device_cgroup RCU warning fix from Amol Grover <frextrite at gmail.com>

----------------------------------------------------------------

Amol Grover (1):
      device_cgroup: Fix RCU list debugging warning

 security/device_cgroup.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


commit bc62d68e2a0a69fcdcf28aca8edb01abf306b698
Author: Amol Grover <frextrite at gmail.com>
Date:   Mon Apr 6 16:29:50 2020 +0530

    device_cgroup: Fix RCU list debugging warning
    
    exceptions may be traversed using list_for_each_entry_rcu()
    outside of an RCU read side critical section BUT under the
    protection of decgroup_mutex. Hence add the corresponding
    lockdep expression to fix the following false-positive
    warning:
    
    [    2.304417] =============================
    [    2.304418] WARNING: suspicious RCU usage
    [    2.304420] 5.5.4-stable #17 Tainted: G            E
    [    2.304422] -----------------------------
    [    2.304424] security/device_cgroup.c:355 RCU-list traversed in non-reader section!!
    
    Signed-off-by: Amol Grover <frextrite at gmail.com>
    Signed-off-by: James Morris <jmorris at namei.org>

diff --git a/security/device_cgroup.c b/security/device_cgroup.c
index 43ab0ad45c1b..04375df52fc9 100644
--- a/security/device_cgroup.c
+++ b/security/device_cgroup.c
@@ -354,7 +354,8 @@ static bool match_exception_partial(struct list_head *exceptions, short type,
 {
 	struct dev_exception_item *ex;
 
-	list_for_each_entry_rcu(ex, exceptions, list) {
+	list_for_each_entry_rcu(ex, exceptions, list,
+				lockdep_is_held(&devcgroup_mutex)) {
 		if ((type & DEVCG_DEV_BLOCK) && !(ex->type & DEVCG_DEV_BLOCK))
 			continue;
 		if ((type & DEVCG_DEV_CHAR) && !(ex->type & DEVCG_DEV_CHAR))

