linux-audit / audit-kernel

GitHub mirror of the Linux Kernel's audit repository
https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git
Other
140 stars 37 forks source link

BUG: locking regression in v4.9-rcX kernels #22

Closed pcmoore closed 8 years ago

pcmoore commented 8 years ago

The commit below, present in the v4.9-rcX kernels, causes a regression in the selinux-testsuite that appears to be triggered whenever audit_log() is called under write_lock_irq(). Thanks to @stephensmalley for identifying the problem and contacting the patch's author. We are currently awaiting a fix from the author.

commit bc51dddf98c907b598e645ae4b277ed1295b6d5f
Author: WANG Cong <xiyou.wangcong@gmail.com>
Date:   Thu Sep 1 21:53:45 2016 -0700

    netns: avoid disabling irq for netns id

    We never read or change netns id in hardirq context,
    the only place we read netns id in softirq context
    is in vxlan_xmit(). So, it should be enough to just
    disable BH.

    Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
pcmoore commented 8 years ago

Upstream discussion:

pcmoore commented 8 years ago

Upstream discussion (part two):

pcmoore commented 8 years ago

Revert merged into netdev/master, yet absent in 4.9-rc2; it should appear during the week:

commit 2a73306b6096fafd5c2ae06ded1f92bbacb39df2
Author: Paul Moore <paul@paul-moore.com>
Date:   Fri Oct 21 21:49:14 2016 -0400

    netns: revert "netns: avoid disabling irq for netns id"

    This reverts commit bc51dddf98c9 ("netns: avoid disabling irq for
    netns id") as it was found to cause problems with systems running
    SELinux/audit, see the mailing list thread below:

     * http://marc.info/?t=147694653900002&r=1&w=2

    Eventually we should be able to reintroduce this code once we have
    rewritten the audit multicast code to queue messages much the same
    way we do for unicast messages.  A tracking issue for this can be
    found below:

     * https://github.com/linux-audit/audit-kernel/issues/23

    Reported-by: Stephen Smalley <sds@tycho.nsa.gov>
    Reported-by: Elad Raz <e@eladraz.com>
    Cc: Cong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: Paul Moore <paul@paul-moore.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
pcmoore commented 8 years ago

The patch above is in Linus' v4.9-rc4 tree, marking this as closed.