From owner-freebsd-current@FreeBSD.ORG  Sat Sep 28 19:29:53 2013
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id C6E0230C
 for <freebsd-current@freebsd.org>; Sat, 28 Sep 2013 19:29:53 +0000 (UTC)
 (envelope-from rwatson@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69])
 by mx1.freebsd.org (Postfix) with ESMTP id 9FFAE2DFD
 for <freebsd-current@freebsd.org>; Sat, 28 Sep 2013 19:29:53 +0000 (UTC)
Received: from [10.0.1.16] (host31-51-204-71.range31-51.btcentralplus.com
 [31.51.204.71])
 by cyrus.watson.org (Postfix) with ESMTPSA id 7F1E446B39;
 Sat, 28 Sep 2013 15:29:52 -0400 (EDT)
Subject: Re: panic: rm_rlock: recursed on non-recursive rmlock mac_policy_rm @
 /usr/src/sys/security/mac/mac_framework.c:198
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset=us-ascii
From: "Robert N. M. Watson" <rwatson@freebsd.org>
In-Reply-To: <20130928183232.GR41229@kib.kiev.ua>
Date: Sat, 28 Sep 2013 20:29:50 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <1365F12E-7EEB-4963-8070-0F7BEE9357F0@freebsd.org>
References: <CAD5bB+i3MND0gsCkpcWoKwpWf=pWhMYm3+rqVAAq=_TONn-2tQ@mail.gmail.com>
 <20130928183232.GR41229@kib.kiev.ua>
To: Konstantin Belousov <kostikbel@gmail.com>
X-Mailer: Apple Mail (2.1283)
Cc: FreeBSD Current <freebsd-current@freebsd.org>,
 Andrej Zverev <andrej.zverev@gmail.com>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Sep 2013 19:29:53 -0000


On 28 Sep 2013, at 19:32, Konstantin Belousov wrote:

>> It easy to reproduce. Just kldload mac_portacl and /etc/rc.d/syslogd =
restart
>=20
> This is due to priv_check_cred() call in mac_portacl.c:rules_check().
> The call causes recusion into the mac framework from the mac callback.
>=20
> Robert should have better idea about the proper way to fix the issue.
> The trivial attempt might be to enable recursion on the rm lock
> protecting the lists.
>=20
> diff --git a/sys/security/mac/mac_framework.c =
b/sys/security/mac/mac_framework.c
> index 816bb0b..ed0c05a 100644
> --- a/sys/security/mac/mac_framework.c
> +++ b/sys/security/mac/mac_framework.c
> @@ -292,7 +292,8 @@ mac_init(void)
> 	mac_labelzone_init();
>=20
> #ifndef MAC_STATIC
> -	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS);
> +	rm_init_flags(&mac_policy_rm, "mac_policy_rm", RM_NOWITNESS |
> +	    RM_RECURSE);
> 	sx_init_flags(&mac_policy_sx, "mac_policy_sx", SX_NOWITNESS);
> #endif
> }

Let's go with this -- recursion into the framework should be supported.

Robert=