The ima_measurements list is append-only and doesn't require rcu_read_lock() protection. However, lockdep issues a warning when traversing RCU lists without the read lock: security/integrity/ima/ima_kexec.c:40 RCU-list traversed in non-reader section!! Fix this by using the variant of list_for_each_entry_rcu() with the last argument set to true. This tells the RCU subsystem that traversing this append-only list without the read lock is intentional and safe. This change silences the lockdep warning while maintaining the correct semantics for the append-only list traversal. Signed-off-by: Breno Leitao <leitao@xxxxxxxxxx> --- Changes in v2: - Do not hold the RCU read lock, but, annotate list_for_each_entry_rcu() that is OK to traverse the list without the RCU read lock. - Link to v1: https://lore.kernel.org/r/20241104-ima_rcu-v1-1-5157460c5907@xxxxxxxxxx --- security/integrity/ima/ima_kexec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 52e00332defed39774c9e23e045f1377cfa30d0c..9d45f4d26f731658a79b94b9f95f4dcc4dcb6325 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -37,7 +37,8 @@ static int ima_dump_measurement_list(unsigned long *buffer_size, void **buffer, memset(&khdr, 0, sizeof(khdr)); khdr.version = 1; - list_for_each_entry_rcu(qe, &ima_measurements, later) { + /* This is an append-only list, no need to hold the RCU read lock */ + list_for_each_entry_rcu(qe, &ima_measurements, later, true) { if (file.count < file.size) { khdr.count++; ima_measurements_show(&file, qe); --- base-commit: ac24e26aa08fe026804f678599f805eb13374a5d change-id: 20241104-ima_rcu-ee83da87d050 Best regards, -- Breno Leitao <leitao@xxxxxxxxxx>