[apparmor] Lockdep warning for non-static key in apparmor code

Tue Jul 22 14:24:13 UTC 2025

On Tue, 22 Jul 2025 10:04:13 -0400
Steven Rostedt <rostedt at goodmis.org> wrote:

> Booting latest linux-next, I triggered this warning.
> 
> Looks to be associated to apparmor. Was there an allocated spinlock not
> initialized properly?

Yeah, you don't initialize the spin lock. Is there a reason you commented
out the spin lock initialization in 88fec3526e841 ("apparmor: make sure
unix socket labeling is correctly updated.")?

--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -508,7 +508,6 @@ static int apparmor_file_alloc_security(struct file *file)
        struct aa_file_ctx *ctx = file_ctx(file);
        struct aa_label *label = begin_current_label_crit_section();
 
-       spin_lock_init(&ctx->lock);
        rcu_assign_pointer(ctx->label, aa_get_label(label));
        end_current_label_crit_section(label);
        return 0;
@@ -1076,12 +1075,29 @@ static int apparmor_userns_create(const struct cred *cred)
        return error;
 }
 
+static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t gfp)
+{
+       struct aa_sk_ctx *ctx = aa_sock(sk);
+       struct aa_label *label;
+       bool needput;
+
+       label = __begin_current_label_crit_section(&needput);

+       //spin_lock_init(&ctx->lock);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

+       rcu_assign_pointer(ctx->label, aa_get_label(label));
+       rcu_assign_pointer(ctx->peer, NULL);
+       rcu_assign_pointer(ctx->peer_lastupdate, NULL);
+       __end_current_label_crit_section(label, needput);
+       return 0;
+}

-- Steve

