Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory Access Control Kernel

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Al Viro

Subject: Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory Access Control Kernel

Date: Wednesday, October 17, 2007 - 9:57 pm

On Tue, Oct 16, 2007 at 09:17:40PM -0700, Casey Schaufler wrote:

At random:

quoted text> +static int smack_netlabel(struct sock *sk)
> +{
> +	static int initialized;
> +	struct socket_smack *ssp = sk->sk_security;
> +	struct netlbl_lsm_secattr secattr;
> +	int rc = 0;
> +
> +	if (!initialized) {
> +		smk_cipso_doi();
> +		initialized = 1;
> +	}

And just what happens if another task calls the same while we are
blocked on allocation in smk_cipso_doi()?

Another problem is your handling of smk_known - you add to head under
mutex; fine.  However, you read without one _and_ have no barriers
in initializing new list entries.

Think what happens if CPU1 adds to list and CPU2 sees write to smk_known
*before* it sees write to ->smk_next.  We see a single-element list and
we'll be lucky if that single entry won't be FUBAR.
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory Acc ..., Casey Schaufler, (Tue Oct 16, 9:17 pm)

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory ..., Al Viro, (Wed Oct 17, 9:57 pm)

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory ..., Al Viro, (Wed Oct 17, 10:10 pm)

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory ..., Casey Schaufler, (Thu Oct 18, 1:13 pm)

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory ..., Al Viro, (Thu Oct 18, 1:26 pm)

Re: [PATCH] Version 8 (2.6.23) Smack: Simplified Mandatory ..., Ahmed S. Darwish, (Fri Oct 19, 5:39 am)

[PATCH] Smackv8: Omit non-cipso labels in cipso_seq_start, Ahmed S. Darwish, (Sat Oct 20, 6:40 pm)

[PATCH] Smackv8: Safe lockless {cipso,load} read operation, Ahmed S. Darwish, (Sat Oct 20, 7:25 pm)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Mr. James W. Laferriere	Re: Linux 2.6.25-rc1 , syntax error near unexpected token `;'
Linus Torvalds	Linux 2.6.34-rc4
Colin Cross	[PATCH 12/21] ARM: tegra: Add suspend and hotplug support
Chuck Ebbert	Re: PCI: Unable to reserve mem region problem
git:
Fredrik Kuivinen	Re: fatal: unable to create '.git/index': File exists
Wink Saville	How-to combine several separate git repos?
Emily Ren	How to pull remote branch with specified commit id?
Denis Bueno	Git clone error
pradeep singh	git-update-server-info may be required,cannot clone and pull from a remote reposit...
linux-netdev:
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Timo Teräs	ip xfrm policy semantics
Jarek Poplawski	Re: socket api problem: can't bind an ipv6 socket to ::ffff:0.0.0.0
Michael S. Tsirkin	[PATCH 3/3] vhost: fix get_user_pages_fast error handling
Jeff Garzik	Re: [0/3] POHMELFS high performance network filesystem. First steps in parallel pr...
openbsd-misc:
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Siju George	This is what Linus Torvalds calls openBSD crowd
Darrin Chandler	Re: OT: Python (was Re: vi in /bin)
frantisek holop	Re: splassert: vwakeup: and friends
git-commits-head:
Linux Kernel Mailing List	ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	powerpc/fsl_msi: enable msi allocation in all banks
Linux Kernel Mailing List	bnx2x: Moving includes
Linux Kernel Mailing List	nfsd41: sanity check client drc maxreqs