On Thu, Apr 14, 2022 at 4:54 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Thu, Apr 14, 2022 at 4:53 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> >
> > Unfortunately commit 81200b0265b1 ("selinux: checkreqprot is
> > deprecated, add some ssleep() discomfort") added a five second sleep
> > during early kernel boot, e.g. start_kernel(), which could cause a
> > "scheduling while atomic" panic. This patch fixes this problem by
> > moving the sleep out of checkreqprot_set() and into
> > sel_write_checkreqprot() so that we only sleep when the checkreqprot
> > setting is set during runtime, after the kernel has booted. The
> > error message remains the same in both cases.
> >
> > Fixes: 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort")
> > Reported-by: J. Bruce Fields <bfields@xxxxxxxxxxxx>
> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> > ---
> > security/selinux/include/security.h | 4 +---
> > security/selinux/selinuxfs.c | 2 ++
> > 2 files changed, 3 insertions(+), 3 deletions(-)
>
> This patch is very trivial, but just a word of warning that I haven't
> actually tested it yet, so YMMV ... my test kernel is building now.
Everything is behaving sanely on my Rawhide VM, both when built with 0
and 1 values for checkreqprot, so unless I hear any objections I'll
merge this later tonight.
--
paul-moore.com
