panic: rm_rlock: recursed on non-recursive rmlock mac_policy_rm @ /usr/src/sys/security/mac/mac_framework.c:198
Robert N. M. Watson
rwatson at freebsd.org
Sat Sep 28 19:29:53 UTC 2013
On 28 Sep 2013, at 19:32, Konstantin Belousov wrote:
>> It easy to reproduce. Just kldload mac_portacl and /etc/rc.d/syslogd restart
>
> This is due to priv_check_cred() call in mac_portacl.c:rules_check().
> The call causes recusion into the mac framework from the mac callback.
>
> Robert should have better idea about the proper way to fix the issue.
> The trivial attempt might be to enable recursion on the rm lock
> protecting the lists.
>
> diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
> index 816bb0b..ed0c05a 100644
> --- a/sys/security/mac/mac_framework.c
> +++ b/sys/security/mac/mac_framework.c
> @@ -292,7 +292,8 @@ mac_init(void)
> mac_labelzone_init();
>
> #ifndef MAC_STATIC
> - rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS);
> + rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS |
> + RM_RECURSE);
> sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS);
> #endif
> }
Let's go with this -- recursion into the framework should be supported.
Robert
More information about the freebsd-current
mailing list