On Tue, Oct 19, 2021 at 5:34 PM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > On Tue, 19 Oct 2021 at 17:01, Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > > > This series adds basic support for parallel relabeling to the libselinux > > API and the setfiles/restorecon CLI tools. It turns out that doing the > > relabeling in parallel can significantly reduce the time even with a > > relatively simple approach. > > > > The first patch is a small cleanup that was found along the way and can > > be applied independently. Patches 2-4 are small incremental changes that > > make the internal selinux_restorecon functions more thread-safe (I kept > > them separate for ease of of review, but maybe they should be rather > > folded into the netx patch...). Patch 5 then completes the parallel > > relabeling implementation at libselinux level and adds a new function > > to the API that allows to make use of it. Finally, patch 6 adds parallel > > relabeling support to he setfiles/restorecon tools. > > > > The relevant man pages are also updated to reflect the new > > functionality. > > > > The patch descriptions contain more details, namely the last patch has > > also some benchmark numbers. > > > > There seems to be another data race, which however does not occur every time: > > > ================== > WARNING: ThreadSanitizer: data race (pid=4189) > Read of size 8 at 0x7f72252e5908 by thread T3: > #0 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:70:7 > (libselinux.so.1+0x12d86) > #1 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #2 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Previous write of size 8 at 0x7f72252e5908 by thread T1: > #0 get_customizable_type_list > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:58:11 > (libselinux.so.1+0x13027) > #1 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:71:7 > (libselinux.so.1+0x13027) > #2 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #3 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Location is global 'customizable_list' of size 8 at 0x7f72252e5908 > (libselinux.so.1+0x000000036908) > > Thread T3 (tid=4197, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > Thread T1 (tid=4195, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > SUMMARY: ThreadSanitizer: data race > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:70:7 > in is_context_customizable > ================== > ================== > WARNING: ThreadSanitizer: data race (pid=4189) > Read of size 8 at 0x7b080000c000 by thread T3: > #0 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:85:14 > (libselinux.so.1+0x12ddc) > #1 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #2 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Previous write of size 8 at 0x7b080000c000 by thread T1: > [failed to restore the stack] > > Location is heap block of size 32 at 0x7b080000c000 allocated by thread T1: > #0 calloc <null> (setfiles+0x44b249) > #1 get_customizable_type_list > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:34:17 > (libselinux.so.1+0x12ed7) > #2 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:71:7 > (libselinux.so.1+0x12ed7) > #3 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #4 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Thread T3 (tid=4197, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > Thread T1 (tid=4195, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > SUMMARY: ThreadSanitizer: data race > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:85:14 > in is_context_customizable > ================== > ================== > WARNING: ThreadSanitizer: data race (pid=4189) > Read of size 1 at 0x7b080000c040 by thread T3: > #0 strcmp <null> (setfiles+0x4545d4) > #1 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:86:7 > (libselinux.so.1+0x12df7) > #2 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #3 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Previous write of size 8 at 0x7b080000c040 by thread T1: > [failed to restore the stack] > > Location is heap block of size 17 at 0x7b080000c040 allocated by thread T1: > #0 malloc <null> (setfiles+0x44b05d) > #1 strdup <null> (libc.so.6+0x8e4aa) > #2 get_customizable_type_list > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:41:15 > (libselinux.so.1+0x12f45) > #3 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:71:7 > (libselinux.so.1+0x12f45) > #4 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #5 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Thread T3 (tid=4197, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > Thread T1 (tid=4195, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > SUMMARY: ThreadSanitizer: data race > (/home/debianuser/destdir/sbin/setfiles+0x4545d4) in strcmp > ================== > ================== > WARNING: ThreadSanitizer: data race (pid=4189) > Read of size 8 at 0x7b080000c008 by thread T3: > #0 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:85:14 > (libselinux.so.1+0x12e07) > #1 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #2 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Previous write of size 8 at 0x7b080000c008 by thread T1: > [failed to restore the stack] > > Location is heap block of size 32 at 0x7b080000c000 allocated by thread T1: > #0 calloc <null> (setfiles+0x44b249) > #1 get_customizable_type_list > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:34:17 > (libselinux.so.1+0x12ed7) > #2 is_context_customizable > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:71:7 > (libselinux.so.1+0x12ed7) > #3 restorecon_sb > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:696:10 > (libselinux.so.1+0x24b41) > #4 selinux_restorecon_thread > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:943:12 > (libselinux.so.1+0x25695) > > Thread T3 (tid=4197, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > Thread T1 (tid=4195, running) created by main thread at: > #0 pthread_create <null> (setfiles+0x44c6ed) > #1 selinux_restorecon_common > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1193:8 > (libselinux.so.1+0x22ba6) > #2 selinux_restorecon_parallel > /home/debianuser/workspace/selinux/selinux/libselinux/src/selinux_restorecon.c:1310:9 > (libselinux.so.1+0x22da2) > #3 process_glob > /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/restore.c:94:8 > (setfiles+0x4c13b7) > #4 main /home/debianuser/workspace/selinux/selinux/policycoreutils/setfiles/setfiles.c:463:14 > (setfiles+0x4c0938) > > SUMMARY: ThreadSanitizer: data race > /home/debianuser/workspace/selinux/selinux/libselinux/src/is_customizable_type.c:85:14 > in is_context_customizable > ================== True, I had to remove the -n parameter (i.e. enable actual relabeling) to trigger it. Patch 5/8 of v4, which I have just posted, should fix this one. Thanks, -- Ondrej Mosnacek Software Engineer, Linux Security - SELinux kernel Red Hat, Inc.
