RE: [PATCH 1/2] net: af_key: fix sleeping under rcu

kmalloc with locks held in xfrm. · Dave Jones <hidden> · 2014-02-27
Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-02-28
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-28
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-02-28
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-03-02
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-05
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-07
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-03-07
[PATCH 0/2] af_key: fixes for sleeping while atomic · Nikolay Aleksandrov <hidden> · 2014-03-04
[PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-04
Re: [PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: [PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCH 1/2] net: af_key: fix sleeping under rcu · Nikolay Aleksandrov <hidden> · 2014-03-04
RE: [PATCH 1/2] net: af_key: fix sleeping under rcu · David Laight <hidden> · 2014-03-04
Re: [PATCH 1/2] net: af_key: fix sleeping under rcu · David Miller <davem@davemloft.net> · 2014-03-04
Re: [PATCH 0/2] af_key: fixes for sleeping while atomic · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-05
Re: [PATCH 0/2] af_key: fixes for sleeping while atomic · Paul Moore <paul@paul-moore.com> · 2014-03-05
[PATCHv2 0/2] af_key: fixes for sleeping while atomic · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCHv2 1/2] net: af_key: fix sleeping under rcu · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-07
Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-10

From: David Laight <hidden>
Date: 2014-03-04 12:47:15

From: Nikolay Aleksandrov

There's a kmalloc with GFP_KERNEL in a helper
(pfkey_sadb2xfrm_user_sec_ctx) used in pfkey_compile_policy which is
called under rcu_read_lock. Adjust pfkey_sadb2xfrm_user_sec_ctx to have
a gfp argument and adjust the users.

...

quoted hunk ↗ jump to hunk

@@ -3239,7 +3240,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
 		}
 		if ((*dir = verify_sec_ctx_len(p)))
 			goto out;
-		uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
+		uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
 		*dir = security_xfrm_policy_alloc(&xp->security, uctx);
 		kfree(uctx);

This looks like the only one that isn't passed GFP_KERNEL.
It looks as though it is missing the check for the allocation failing
(there might be a check inside security_xfrm_policy_alloc()).

In any case it looks as though this ought to be codeable without
the allocation of 'uctx' - since it is freed a line later.

I'd have thought that some of these paths should be allocating
the memory outside the rcu (where they can sleep) and then
possibly freeing the unused data later.

Returning ENOMEM doesn't really seem helpful.

	David

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help