Hi all, While debugging a KASAN report in the selinux access vector cache hash table, I noticed that it looks like we may block in the inode_follow_link() and inode_permission() callbacks, even when called from the VFS layer as part of an RCU-protected path walk. These two patches attempt to fix that, but since I found this by inspection and I'm not familiar with this code, I'm sending as an RFC in case I missed something that means this cannot happen. Comments very welcome, Will Cc: Paul Moore <paul@xxxxxxxxxxxxxx> Cc: Ondrej Mosnacek <omosnace@xxxxxxxxxx> Cc: Stephen Smalley <sds@xxxxxxxxxxxxx> Cc: Jeffrey Vander Stoep <jeffv@xxxxxxxxxx> --->8 Will Deacon (2): selinux: Don't call avc_compute_av() from RCU path walk selinux: Propagate RCU walk status from 'security_inode_follow_link()' security/selinux/avc.c | 21 +++++++++++++-------- security/selinux/hooks.c | 5 +++-- security/selinux/include/avc.h | 12 ++++++++---- 3 files changed, 24 insertions(+), 14 deletions(-) -- 2.24.0.432.g9d3f5f5b63-goog
