Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)

From: Crispin Cowan (crispin@private)
Date: Mon Oct 18 2004 - 10:02:47 PDT


We (Immunix) discovered this bug a few weeks ago. At first we thought it 
was a bug in our SubDomain module, but then determined that any attempt 
to printk from within the scheduler hook was at risk of locking the kernel.

John Johansen (cc'd) has prepared a patch that fixes the problem, and we 
just yesterday sent it to Andrea Arcangeli (scheduler maintainer) for 
comment.

JJ, you wanna share your patch with the LSM list?

Crispin

James Morris wrote:

>On Mon, 18 Oct 2004, Stephen Smalley wrote:
>
>  
>
>>a) Add a flag to avc_audit(), optionally passed via avc_audit_data, that
>>tells it to use audit_log_end_irq() so that it merely enqueues the audit
>>message for later processing, and change capable and setscheduler hooks
>>to pass this flag, or 
>>b) Move the security checks in setscheduler outside of the runqueue
>>lock, then just recheck that no security-relevant conditions changed
>>after taking the lock.
>>    
>>
>
>A seems simpler, but perhaps better to do via a wrapper function.
>
>
>- James
>  
>

-- 
Crispin Cowan, Ph.D.  http://immunix.com/~crispin/
CTO, Immunix          http://immunix.com



This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 10:05:08 PDT