Re: panic: rm_rlock: recursed on non-recursive rmlock mac_policy_rm _at_ /usr/src/sys/security/mac/mac_framework.c:198

From: Robert N. M. Watson <rwatson_at_freebsd.org>
Date: Sat, 28 Sep 2013 20:29:50 +0100
On 28 Sep 2013, at 19:32, Konstantin Belousov wrote:

>> It easy to reproduce. Just kldload mac_portacl and /etc/rc.d/syslogd restart
> 
> This is due to priv_check_cred() call in mac_portacl.c:rules_check().
> The call causes recusion into the mac framework from the mac callback.
> 
> Robert should have better idea about the proper way to fix the issue.
> The trivial attempt might be to enable recursion on the rm lock
> protecting the lists.
> 
> diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
> index 816bb0b..ed0c05a 100644
> --- a/sys/security/mac/mac_framework.c
> +++ b/sys/security/mac/mac_framework.c
> _at__at_ -292,7 +292,8 _at__at_ mac_init(void)
> 	mac_labelzone_init();
> 
> #ifndef MAC_STATIC
> -	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS);
> +	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS |
> +	    RM_RECURSE);
> 	sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS);
> #endif
> }

Let's go with this -- recursion into the framework should be supported.

Robert
Received on Sat Sep 28 2013 - 17:29:53 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:42 UTC