Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull SELinux fixes from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock()
  selinux: fix broken peer recv check

1 files changed, 5 insertions, 3 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 419491d8e7d2..6625699f497c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4334,8 +4334,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
                 }
                 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
                                    PEER__RECV, &ad);
-                if (err)
+                if (err) {
                         selinux_netlbl_err(skb, err, 0);
+                        return err;
+                }
         }
 
         if (secmark_active) {
@@ -5586,11 +5588,11 @@ static int selinux_setprocattr(struct task_struct *p,
                 /* Check for ptracing, and update the task SID if ok.
                    Otherwise, leave SID unchanged and fail. */
                 ptsid = 0;
-                task_lock(p);
+                rcu_read_lock();
                 tracer = ptrace_parent(p);
                 if (tracer)
                         ptsid = task_sid(tracer);
-                task_unlock(p);
+                rcu_read_unlock();
 
                 if (tracer) {
                         error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,