[apparmor] Lockdep warning for non-static key in apparmor code
John Johansen
john.johansen at canonical.com
Tue Jul 22 17:32:47 UTC 2025
On 7/22/25 07:24, Steven Rostedt wrote:
> On Tue, 22 Jul 2025 10:04:13 -0400
> Steven Rostedt <rostedt at goodmis.org> wrote:
>
>> Booting latest linux-next, I triggered this warning.
>>
>> Looks to be associated to apparmor. Was there an allocated spinlock not
>> initialized properly?
>
> Yeah, you don't initialize the spin lock. Is there a reason you commented
> out the spin lock initialization in 88fec3526e841 ("apparmor: make sure
> unix socket labeling is correctly updated.")?
>
Ooops yes sorry, I split out the lock here to a second patch so I could do
some testing around the impact the lock would have against the unix socket
case. That patch was supposed to get folded back in, but it looks like
I picked the wrong sha (from the branch with it not folded in) into the next
tree.
I get that fixed asap
> --- a/security/apparmor/lsm.c
> +++ b/security/apparmor/lsm.c
> @@ -508,7 +508,6 @@ static int apparmor_file_alloc_security(struct file *file)
> struct aa_file_ctx *ctx = file_ctx(file);
> struct aa_label *label = begin_current_label_crit_section();
>
> - spin_lock_init(&ctx->lock);
> rcu_assign_pointer(ctx->label, aa_get_label(label));
> end_current_label_crit_section(label);
> return 0;
> @@ -1076,12 +1075,29 @@ static int apparmor_userns_create(const struct cred *cred)
> return error;
> }
>
> +static int apparmor_sk_alloc_security(struct sock *sk, int family, gfp_t gfp)
> +{
> + struct aa_sk_ctx *ctx = aa_sock(sk);
> + struct aa_label *label;
> + bool needput;
> +
> + label = __begin_current_label_crit_section(&needput);
>
> + //spin_lock_init(&ctx->lock);
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> + rcu_assign_pointer(ctx->label, aa_get_label(label));
> + rcu_assign_pointer(ctx->peer, NULL);
> + rcu_assign_pointer(ctx->peer_lastupdate, NULL);
> + __end_current_label_crit_section(label, needput);
> + return 0;
> +}
>
> -- Steve
More information about the AppArmor
mailing list