On Mon, Jun 15, 2015 at 5:58 AM, Morten Stevens
<mstevens(a)fedoraproject.org> wrote:
Hi Josh,
Could you please add this patch to the 4.1-rc8 kernel for rawhide?
https://lkml.org/lkml/2015/6/14/169
Done. I'd been watching that thread as well.
As an aside, it is better to send such requests to the Fedora kernel
list (CC'd now.) That way everyone sees it and it doesn't get lost in
someone's inbox.
josh
mm: shmem_zero_setup skip security check and lockdep conflict with
XFS
It appears that, at some point last year, XFS made directory handling
changes which bring it into lockdep conflict with shmem_zero_setup():
it is surprising that mmap() can clone an inode while holding mmap_sem,
but that has been so for many years.
Since those few lockdep traces that I've seen all implicated selinux,
I'm hoping that we can use the __shmem_file_setup(,,,S_PRIVATE) which
v3.13's commit c7277090927a ("security: shmem: implement kernel private
shmem inodes") introduced to avoid LSM checks on kernel-internal inodes:
the mmap("/dev/zero") cloned inode is indeed a kernel-internal detail.
This also covers the !CONFIG_SHMEM use of ramfs to support /dev/zero
(and MAP_SHARED|MAP_ANONYMOUS). I thought there were also drivers
which cloned inode in mmap(), but if so, I cannot locate them now.
Reported-and-tested-by: Prarit Bhargava <prarit(a)redhat.com>
Reported-by: Daniel Wagner <wagi(a)monom.org>
Reported-by: Morten Stevens <mstevens(a)fedoraproject.org>
Signed-off-by: Hugh Dickins <hughd(a)google.com>
---
mm/shmem.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- 4.1-rc7/mm/shmem.c 2015-04-26 19:16:31.352191298 -0700
+++ linux/mm/shmem.c 2015-06-14 09:26:49.461120166 -0700
@@ -3401,7 +3401,13 @@ int shmem_zero_setup(struct vm_area_stru
struct file *file;
loff_t size = vma->vm_end - vma->vm_start;
- file = shmem_file_setup("dev/zero", size, vma->vm_flags);
+ /*
+ * Cloning a new file under mmap_sem leads to a lock ordering
conflict
+ * between XFS directory reading and selinux: since this file is
only
+ * accessible to the user through its mapping, use S_PRIVATE flag to
+ * bypass file security, in the same way as
shmem_kernel_file_setup().
+ */
+ file = __shmem_file_setup("dev/zero", size, vma->vm_flags,
S_PRIVATE);
if (IS_ERR(file))
return PTR_ERR(file);
Thank you,
Best regards,
Morten