Bisected regression: iterate_fd() selinux change affects flashplugin

[Pavel Roskin]

Hello, Al!

I have noticed that Mozilla Firefox gets stuck for seconds or minutes  
on some sites, in particular on Facebook with Linux 3.7-rc1 and newer  
mainline kernels.  Disabling flash plugin fixes the delays.

This is a Fedora 17 system with SELinux enabled, on x86_64  
architecture, with all updates, with LXDE desktop.  It's not the  
Fedora 16 system I mentioned before, it has never had LXDE login  
problems due to replace_fd().

Bisecting lead me to the patch that introduced iterate_fd():

commit c3c073f808b22dfae15ef8412b6f7b998644139a
Author: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date:   Tue Aug 21 22:32:06 2012 -0400

    new helper: iterate_fd()

    iterates through the opened files in given descriptor table,
    calling a supplied function; we stop once non-zero is returned.
    Callback gets struct file *, descriptor number and const void *
    argument passed to iterator.  It is called with files->file_lock
    held, so it is not allowed to block.

    tty_io, netprio_cgroup and selinux flush_unauthorized_files()
    converted to its use.

    Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

I have found that reverting the changes to security/selinux/hooks.c is  
sufficient to restore the correct behavior.

--
Regards,
Pavel Roskin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/