Re: cdrecord deadlocks linux (problem in setscheduler)

From: Crispin Cowan (crispin@private)
Date: Mon Oct 18 2004 - 10:02:47 PDT

We (Immunix) discovered this bug a few weeks ago. At first we thought it 
was a bug in our SubDomain module, but then determined that any attempt 
to printk from within the scheduler hook was at risk of locking the kernel.

John Johansen (cc'd) has prepared a patch that fixes the problem, and we 
just yesterday sent it to Andrea Arcangeli (scheduler maintainer) for 

JJ, you wanna share your patch with the LSM list?


James Morris wrote:

>On Mon, 18 Oct 2004, Stephen Smalley wrote:
>>a) Add a flag to avc_audit(), optionally passed via avc_audit_data, that
>>tells it to use audit_log_end_irq() so that it merely enqueues the audit
>>message for later processing, and change capable and setscheduler hooks
>>to pass this flag, or 
>>b) Move the security checks in setscheduler outside of the runqueue
>>lock, then just recheck that no security-relevant conditions changed
>>after taking the lock.
>A seems simpler, but perhaps better to do via a wrapper function.
>- James

Crispin Cowan, Ph.D.
CTO, Immunix

This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 10:05:08 PDT