We (Immunix) discovered this bug a few weeks ago. At first we thought it was a bug in our SubDomain module, but then determined that any attempt to printk from within the scheduler hook was at risk of locking the kernel. John Johansen (cc'd) has prepared a patch that fixes the problem, and we just yesterday sent it to Andrea Arcangeli (scheduler maintainer) for comment. JJ, you wanna share your patch with the LSM list? Crispin James Morris wrote: >On Mon, 18 Oct 2004, Stephen Smalley wrote: > > > >>a) Add a flag to avc_audit(), optionally passed via avc_audit_data, that >>tells it to use audit_log_end_irq() so that it merely enqueues the audit >>message for later processing, and change capable and setscheduler hooks >>to pass this flag, or >>b) Move the security checks in setscheduler outside of the runqueue >>lock, then just recheck that no security-relevant conditions changed >>after taking the lock. >> >> > >A seems simpler, but perhaps better to do via a wrapper function. > > >- James > > -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com
This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 10:05:08 PDT