After hours and hours of getting familiar with dcache and debugging, I think I finally found a solution that works and hopefully stands a chance of being committed. The series still doesn't address the lack of atomicity of the policy reload transition, but this is part of a wider problem and can be resolved later. Let's fix at least the userspace-triggered lockup first. Changes since v1: - switch to hopefully proper and actually working solution instead of the horrible mess I produced last time... v1: https://lore.kernel.org/selinux/20181002111830.26342-1-omosnace@xxxxxxxxxx/T/ Ondrej Mosnacek (4): d_walk: optionally lock also parent inode d_walk: add leave callback dcache: introduce d_genocide_safe() selinux: use d_genocide_safe() in selinuxfs fs/dcache.c | 87 +++++++++++++++++++++++++++++++----- include/linux/dcache.h | 1 + security/selinux/selinuxfs.c | 2 +- 3 files changed, 77 insertions(+), 13 deletions(-) -- 2.21.0
