aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorParag Warudkar <paragw@paragw.zapto.org>2007-01-02 15:09:31 -0500
committerLinus Torvalds <torvalds@woody.osdl.org>2007-01-02 16:32:21 -0500
commit9883a13c72dbf8c518814b6091019643cdb34429 (patch)
treecb904d6db071a985598d8b8659dee1556f6fb231
parentec8acb6904fabb8e741f741ec99bb1c18f2b3dee (diff)
[PATCH] selinux: fix selinux_netlbl_inode_permission() locking
do not call a sleeping lock API in an RCU read section. lock_sock_nested can sleep, its BH counterpart doesn't. selinux_netlbl_inode_permission() needs to use the BH counterpart unconditionally. Compile tested. From: Ingo Molnar <mingo@elte.hu> added BH disabling, because this function can be called from non-atomic contexts too, so a naked bh_lock_sock() would be deadlock-prone. Boot-tested the resulting kernel. Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/ss/services.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index bdb7070dd3dc..ee0581557966 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
2660 rcu_read_unlock(); 2660 rcu_read_unlock();
2661 return 0; 2661 return 0;
2662 } 2662 }
2663 lock_sock(sock->sk); 2663 local_bh_disable();
2664 bh_lock_sock_nested(sock->sk);
2664 rc = selinux_netlbl_socket_setsid(sock, sksec->sid); 2665 rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
2665 release_sock(sock->sk); 2666 bh_unlock_sock(sock->sk);
2667 local_bh_enable();
2666 rcu_read_unlock(); 2668 rcu_read_unlock();
2667 2669
2668 return rc; 2670 return rc;