On Thu, Apr 14, 2022 at 6:05 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> On Thu, Apr 14, 2022 at 4:54 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > On Thu, Apr 14, 2022 at 4:53 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
> > >
> > > Unfortunately commit 81200b0265b1 ("selinux: checkreqprot is
> > > deprecated, add some ssleep() discomfort") added a five second sleep
> > > during early kernel boot, e.g. start_kernel(), which could cause a
> > > "scheduling while atomic" panic. This patch fixes this problem by
> > > moving the sleep out of checkreqprot_set() and into
> > > sel_write_checkreqprot() so that we only sleep when the checkreqprot
> > > setting is set during runtime, after the kernel has booted. The
> > > error message remains the same in both cases.
> > >
> > > Fixes: 81200b0265b1 ("selinux: checkreqprot is deprecated, add some ssleep() discomfort")
> > > Reported-by: J. Bruce Fields <bfields@xxxxxxxxxxxx>
> > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> > > ---
> > > security/selinux/include/security.h | 4 +---
> > > security/selinux/selinuxfs.c | 2 ++
> > > 2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > This patch is very trivial, but just a word of warning that I haven't
> > actually tested it yet, so YMMV ... my test kernel is building now.
>
> Everything is behaving sanely on my Rawhide VM, both when built with 0
> and 1 values for checkreqprot, so unless I hear any objections I'll
> merge this later tonight.
.... aaaand it's merged.
--
paul-moore.com
