Date: Sat, 28 Sep 2013 20:29:50 +0100 From: "Robert N. M. Watson" <rwatson@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: FreeBSD Current <freebsd-current@freebsd.org>, Andrej Zverev <andrej.zverev@gmail.com> Subject: Re: panic: rm_rlock: recursed on non-recursive rmlock mac_policy_rm @ /usr/src/sys/security/mac/mac_framework.c:198 Message-ID: <1365F12E-7EEB-4963-8070-0F7BEE9357F0@freebsd.org> In-Reply-To: <20130928183232.GR41229@kib.kiev.ua> References: <CAD5bB%2Bi3MND0gsCkpcWoKwpWf=pWhMYm3%2BrqVAAq=_TONn-2tQ@mail.gmail.com> <20130928183232.GR41229@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28 Sep 2013, at 19:32, Konstantin Belousov wrote: >> It easy to reproduce. Just kldload mac_portacl and /etc/rc.d/syslogd = restart >=20 > This is due to priv_check_cred() call in mac_portacl.c:rules_check(). > The call causes recusion into the mac framework from the mac callback. >=20 > Robert should have better idea about the proper way to fix the issue. > The trivial attempt might be to enable recursion on the rm lock > protecting the lists. >=20 > diff --git a/sys/security/mac/mac_framework.c = b/sys/security/mac/mac_framework.c > index 816bb0b..ed0c05a 100644 > --- a/sys/security/mac/mac_framework.c > +++ b/sys/security/mac/mac_framework.c > @@ -292,7 +292,8 @@ mac_init(void) > mac_labelzone_init(); >=20 > #ifndef MAC_STATIC > - rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS); > + rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS | > + RM_RECURSE); > sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS); > #endif > } Let's go with this -- recursion into the framework should be supported. Robert=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1365F12E-7EEB-4963-8070-0F7BEE9357F0>