Re: [PATCH] selinux: don't sleep when CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE is true

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 14, 2022 at 6:05 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Thu, Apr 14, 2022 at 4:54 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Thu, Apr 14, 2022 at 4:53 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > >
> > > Unfortunately commit 81200b0265b1 ("selinux: checkreqprot is
> > > deprecated, add some ssleep() discomfort") added a five second sleep
> > > during early kernel boot, e.g. start_kernel(), which could cause a
> > > "scheduling while atomic" panic.  This patch fixes this problem by
> > > moving the sleep out of checkreqprot_set() and into
> > > sel_write_checkreqprot() so that we only sleep when the checkreqprot
> > > setting is set during runtime, after the kernel has booted.  The
> > > error message remains the same in both cases.
> > >
> > > Fixes: 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort")
> > > Reported-by: J. Bruce Fields <bfields@xxxxxxxxxxxx>
> > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> > > ---
> > >  security/selinux/include/security.h |    4 +---
> > >  security/selinux/selinuxfs.c        |    2 ++
> > >  2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > This patch is very trivial, but just a word of warning that I haven't
> > actually tested it yet, so YMMV ... my test kernel is building now.
>
> Everything is behaving sanely on my Rawhide VM, both when built with 0
> and 1 values for checkreqprot, so unless I hear any objections I'll
> merge this later tonight.

.... aaaand it's merged.

-- 
paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux