selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

selinux_setprocattr() does ptrace_parent(p) under task_lock(p),
but task_struct->alloc_lock doesn't pin ->parent or ->ptrace,
this looks confusing and triggers the "suspicious RCU usage"
warning because ptrace_parent() does rcu_dereference_check().

And in theory this is wrong, spin_lock()->preempt_disable()
doesn't necessarily imply rcu_read_lock() we need to access
the ->parent.

Reported-by: Evan McNabb <emcnabb@redhat.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moore <pmoore@redhat.com>

authored by

Oleg Nesterov and committed by

Paul Moore 12 years ago 465954cd a5e333d3

+2 -2

1 changed file

expand all

security

selinux

hooks.c

+2 -2

security/selinux/hooks.c

··· 5583 5583 /* Check for ptracing, and update the task SID if ok. 5584 5584 Otherwise, leave SID unchanged and fail. */ 5585 5585 ptsid = 0; 5586 - task_lock(p); 5586 + rcu_read_lock(); 5587 5587 tracer = ptrace_parent(p); 5588 5588 if (tracer) 5589 5589 ptsid = task_sid(tracer); 5590 - task_unlock(p); 5590 + rcu_read_unlock(); 5591 5591 5592 5592 if (tracer) { 5593 5593 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,

Configure Feed

Configure Feed