diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2006-06-04 05:51:30 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-05 15:29:16 -0400 |
commit | ba0c19ed6a61a96d4b42b81cb19d4bc81b5f728c (patch) | |
tree | 5e6d1774265140f1f4eddab043c90920414abe59 /security/selinux/hooks.c | |
parent | 93ff66bf1ef29881dffd6fdc344555dab03cdb42 (diff) |
[PATCH] selinux: fix sb_lock/sb_security_lock nesting
From: Stephen Smalley <sds@tycho.nsa.gov>
Fix unsafe nesting of sb_lock inside sb_security_lock in
selinux_complete_init. Detected by the kernel locking validator.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 21dad415b896..90b4cdc0c948 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -4422,6 +4422,7 @@ void selinux_complete_init(void) | |||
4422 | 4422 | ||
4423 | /* Set up any superblocks initialized prior to the policy load. */ | 4423 | /* Set up any superblocks initialized prior to the policy load. */ |
4424 | printk(KERN_INFO "SELinux: Setting up existing superblocks.\n"); | 4424 | printk(KERN_INFO "SELinux: Setting up existing superblocks.\n"); |
4425 | spin_lock(&sb_lock); | ||
4425 | spin_lock(&sb_security_lock); | 4426 | spin_lock(&sb_security_lock); |
4426 | next_sb: | 4427 | next_sb: |
4427 | if (!list_empty(&superblock_security_head)) { | 4428 | if (!list_empty(&superblock_security_head)) { |
@@ -4430,19 +4431,20 @@ next_sb: | |||
4430 | struct superblock_security_struct, | 4431 | struct superblock_security_struct, |
4431 | list); | 4432 | list); |
4432 | struct super_block *sb = sbsec->sb; | 4433 | struct super_block *sb = sbsec->sb; |
4433 | spin_lock(&sb_lock); | ||
4434 | sb->s_count++; | 4434 | sb->s_count++; |
4435 | spin_unlock(&sb_lock); | ||
4436 | spin_unlock(&sb_security_lock); | 4435 | spin_unlock(&sb_security_lock); |
4436 | spin_unlock(&sb_lock); | ||
4437 | down_read(&sb->s_umount); | 4437 | down_read(&sb->s_umount); |
4438 | if (sb->s_root) | 4438 | if (sb->s_root) |
4439 | superblock_doinit(sb, NULL); | 4439 | superblock_doinit(sb, NULL); |
4440 | drop_super(sb); | 4440 | drop_super(sb); |
4441 | spin_lock(&sb_lock); | ||
4441 | spin_lock(&sb_security_lock); | 4442 | spin_lock(&sb_security_lock); |
4442 | list_del_init(&sbsec->list); | 4443 | list_del_init(&sbsec->list); |
4443 | goto next_sb; | 4444 | goto next_sb; |
4444 | } | 4445 | } |
4445 | spin_unlock(&sb_security_lock); | 4446 | spin_unlock(&sb_security_lock); |
4447 | spin_unlock(&sb_lock); | ||
4446 | } | 4448 | } |
4447 | 4449 | ||
4448 | /* SELinux requires early initialization in order to label | 4450 | /* SELinux requires early initialization in order to label |