> -----Original Message----- > From: Peter Zijlstra [mailto:pet...@infradead.org] > Sent: Wednesday, September 05, 2018 12:03 PM > To: Andrea Arcangeli <aarca...@redhat.com> > Cc: Jiri Kosina <ji...@kernel.org>; Andi Kleen <a...@linux.intel.com>; Tim > Chen > <tim.c.c...@linux.intel.com>; Schaufler, Casey <casey.schauf...@intel.com>; > Thomas Gleixner <t...@linutronix.de>; Ingo Molnar <mi...@redhat.com>; > Josh Poimboeuf <jpoim...@redhat.com>; Woodhouse, David > <d...@amazon.co.uk>; Oleg Nesterov <o...@redhat.com>; linux- > ker...@vger.kernel.org; x...@kernel.org > Subject: Re: [PATCH v3 1/3] ptrace: Provide ___ptrace_may_access() that can > be applied on arbitrary tasks > > On Wed, Sep 05, 2018 at 02:40:18PM -0400, Andrea Arcangeli wrote: > > [ 1838.769917] <<EOE>> [<ffffffff816391e5>] > avc_compute_av+0x126/0x1b5 > > That does read_lock(), which is not allowed from scheduler context. > > > [ 1838.777125] [<ffffffff810b842e>] ? walk_tg_tree_from+0xbe/0x110 > > [ 1838.783828] [<ffffffff8128b9c4>] avc_has_perm_noaudit+0xc4/0x110 > > In current code this can end up in avc_update_node() which uses > spin_lock(), which is a bug from scheduler context.o > > > [ 1838.790628] [<ffffffff8128f1fb>] cred_has_capability+0x6b/0x120 > > [ 1838.797331] [<ffffffff810db71c>] ? ktime_get+0x4c/0xd0 > > [ 1838.803160] [<ffffffff810e167b>] ? > clockevents_program_event+0x6b/0xf0 > > [ 1838.810532] [<ffffffff8128f2de>] selinux_capable+0x2e/0x40 > > [ 1838.816748] [<ffffffff81288f65>] security_capable_noaudit+0x15/0x20 > > [ 1838.823829] [<ffffffff8108b975>] has_ns_capability_noaudit+0x15/0x20 > > [ 1838.831014] [<ffffffff8108bc55>] ptrace_has_cap+0x35/0x40 > > [ 1838.837126] [<ffffffff8108c717>] ___ptrace_may_access+0xa7/0x1e0 > > [ 1838.843925] [<ffffffff8163f0ae>] __schedule+0x26e/0xa00 > > [ 1838.849855] [<ffffffff81640949>] schedule_preempt_disabled+0x29/0x70 > > [ 1838.857041] [<ffffffff810d9324>] cpu_startup_entry+0x184/0x290 > > [ 1838.863637] [<ffffffff8104891a>] start_secondary+0x1da/0x250 > > So yes, looks like all that security LSM nonsense isn't going to work > here.
What won't work is using the ptrace code. That is one of the reasons why you can't just blindly use it. Look at the patch set I submitted and you'll see that the SELinux selinux_task_safe_sidechannel() hook does not do the things that cause the lockup.