aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2006-06-04 05:51:30 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-05 15:29:16 -0400
commitba0c19ed6a61a96d4b42b81cb19d4bc81b5f728c (patch)
tree5e6d1774265140f1f4eddab043c90920414abe59
parent93ff66bf1ef29881dffd6fdc344555dab03cdb42 (diff)
[PATCH] selinux: fix sb_lock/sb_security_lock nesting
From: Stephen Smalley <sds@tycho.nsa.gov> Fix unsafe nesting of sb_lock inside sb_security_lock in selinux_complete_init. Detected by the kernel locking validator. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/hooks.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 21dad415b896..90b4cdc0c948 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4422,6 +4422,7 @@ void selinux_complete_init(void)
4422 4422
4423 /* Set up any superblocks initialized prior to the policy load. */ 4423 /* Set up any superblocks initialized prior to the policy load. */
4424 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n"); 4424 printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");
4425 spin_lock(&sb_lock);
4425 spin_lock(&sb_security_lock); 4426 spin_lock(&sb_security_lock);
4426next_sb: 4427next_sb:
4427 if (!list_empty(&superblock_security_head)) { 4428 if (!list_empty(&superblock_security_head)) {
@@ -4430,19 +4431,20 @@ next_sb:
4430 struct superblock_security_struct, 4431 struct superblock_security_struct,
4431 list); 4432 list);
4432 struct super_block *sb = sbsec->sb; 4433 struct super_block *sb = sbsec->sb;
4433 spin_lock(&sb_lock);
4434 sb->s_count++; 4434 sb->s_count++;
4435 spin_unlock(&sb_lock);
4436 spin_unlock(&sb_security_lock); 4435 spin_unlock(&sb_security_lock);
4436 spin_unlock(&sb_lock);
4437 down_read(&sb->s_umount); 4437 down_read(&sb->s_umount);
4438 if (sb->s_root) 4438 if (sb->s_root)
4439 superblock_doinit(sb, NULL); 4439 superblock_doinit(sb, NULL);
4440 drop_super(sb); 4440 drop_super(sb);
4441 spin_lock(&sb_lock);
4441 spin_lock(&sb_security_lock); 4442 spin_lock(&sb_security_lock);
4442 list_del_init(&sbsec->list); 4443 list_del_init(&sbsec->list);
4443 goto next_sb; 4444 goto next_sb;
4444 } 4445 }
4445 spin_unlock(&sb_security_lock); 4446 spin_unlock(&sb_security_lock);
4447 spin_unlock(&sb_lock);
4446} 4448}
4447 4449
4448/* SELinux requires early initialization in order to label 4450/* SELinux requires early initialization in order to label