Re: [PATCH 1/2] net: af_key: fix sleeping under rcu

kmalloc with locks held in xfrm. · Dave Jones <hidden> · 2014-02-27
Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-27
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-02-28
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-02-28
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-02-28
Re: Possible fix · Nikolay Aleksandrov <hidden> · 2014-03-02
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-05
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: Possible fix · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-07
Re: Possible fix · Paul Moore <paul@paul-moore.com> · 2014-03-07
[PATCH 0/2] af_key: fixes for sleeping while atomic · Nikolay Aleksandrov <hidden> · 2014-03-04
[PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-04
Re: [PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: [PATCH 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCH 1/2] net: af_key: fix sleeping under rcu · Nikolay Aleksandrov <hidden> · 2014-03-04
RE: [PATCH 1/2] net: af_key: fix sleeping under rcu · David Laight <hidden> · 2014-03-04
Re: [PATCH 1/2] net: af_key: fix sleeping under rcu · David Miller <davem@davemloft.net> · 2014-03-04
Re: [PATCH 0/2] af_key: fixes for sleeping while atomic · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-05
Re: [PATCH 0/2] af_key: fixes for sleeping while atomic · Paul Moore <paul@paul-moore.com> · 2014-03-05
[PATCHv2 0/2] af_key: fixes for sleeping while atomic · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCHv2 1/2] net: af_key: fix sleeping under rcu · Nikolay Aleksandrov <hidden> · 2014-03-07
[PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Nikolay Aleksandrov <hidden> · 2014-03-07
Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Paul Moore <paul@paul-moore.com> · 2014-03-07
Re: [PATCHv2 2/2] selinux: add gfp argument to security_xfrm_policy_alloc and fix callers · Steffen Klassert <steffen.klassert@secunet.com> · 2014-03-10

From: David Miller <davem@davemloft.net>
Date: 2014-03-04 21:40:17

From: David Laight <redacted>
Date: Tue, 4 Mar 2014 12:46:48 +0000

From: Nikolay Aleksandrov

quoted

There's a kmalloc with GFP_KERNEL in a helper
(pfkey_sadb2xfrm_user_sec_ctx) used in pfkey_compile_policy which is
called under rcu_read_lock. Adjust pfkey_sadb2xfrm_user_sec_ctx to have
a gfp argument and adjust the users.

...

quoted

@@ -3239,7 +3240,7 @@ static struct xfrm_policy *pfkey_compile_policy(struct sock *sk, int opt,
 		}
 		if ((*dir = verify_sec_ctx_len(p)))
 			goto out;
-		uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx);
+		uctx = pfkey_sadb2xfrm_user_sec_ctx(sec_ctx, GFP_ATOMIC);
 		*dir = security_xfrm_policy_alloc(&xp->security, uctx);
 		kfree(uctx);

This looks like the only one that isn't passed GFP_KERNEL.
It looks as though it is missing the check for the allocation failing
(there might be a check inside security_xfrm_policy_alloc()).

In any case it looks as though this ought to be codeable without
the allocation of 'uctx' - since it is freed a line later.

Unfortunately, it is not possible to avoid allocations.  The uctx is
of a variable size, because it is a base struct, with a variable
length part afterwards.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help