Re: cdrecord deadlocks linux 2.6.8.1 (problem in setscheduler)

From: Stephen Smalley (sds@private)
Date: Mon Oct 18 2004 - 12:07:22 PDT


On Mon, 2004-10-18 at 13:02, Crispin Cowan wrote:
> We (Immunix) discovered this bug a few weeks ago. At first we thought it 
> was a bug in our SubDomain module, but then determined that any attempt 
> to printk from within the scheduler hook was at risk of locking the kernel.
> 
> John Johansen (cc'd) has prepared a patch that fixes the problem, and we 
> just yesterday sent it to Andrea Arcangeli (scheduler maintainer) for 
> comment.
> 
> JJ, you wanna share your patch with the LSM list?

Does the patch address both the security_task_setscheduler() hook call
and the capable(CAP_SYS_NICE) calls by the setscheduler function? 
SELinux was already suppressing audit from its setscheduler hook to
avoid this deadlock, but was not doing so for the CAP_SYS_NICE check.
  
-- 
Stephen Smalley <sds@private>
National Security Agency



This archive was generated by hypermail 2.1.3 : Mon Oct 18 2004 - 12:11:05 PDT