diff options
author | Parag Warudkar <paragw@paragw.zapto.org> | 2007-01-02 15:09:31 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.osdl.org> | 2007-01-02 16:32:21 -0500 |
commit | 9883a13c72dbf8c518814b6091019643cdb34429 (patch) | |
tree | cb904d6db071a985598d8b8659dee1556f6fb231 /security/selinux | |
parent | ec8acb6904fabb8e741f741ec99bb1c18f2b3dee (diff) |
[PATCH] selinux: fix selinux_netlbl_inode_permission() locking
do not call a sleeping lock API in an RCU read section.
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() needs to use the BH counterpart
unconditionally.
Compile tested.
From: Ingo Molnar <mingo@elte.hu>
added BH disabling, because this function can be called from non-atomic
contexts too, so a naked bh_lock_sock() would be deadlock-prone.
Boot-tested the resulting kernel.
Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/ss/services.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index bdb7070dd3dc..ee0581557966 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) | |||
2660 | rcu_read_unlock(); | 2660 | rcu_read_unlock(); |
2661 | return 0; | 2661 | return 0; |
2662 | } | 2662 | } |
2663 | lock_sock(sock->sk); | 2663 | local_bh_disable(); |
2664 | bh_lock_sock_nested(sock->sk); | ||
2664 | rc = selinux_netlbl_socket_setsid(sock, sksec->sid); | 2665 | rc = selinux_netlbl_socket_setsid(sock, sksec->sid); |
2665 | release_sock(sock->sk); | 2666 | bh_unlock_sock(sock->sk); |
2667 | local_bh_enable(); | ||
2666 | rcu_read_unlock(); | 2668 | rcu_read_unlock(); |
2667 | 2669 | ||
2668 | return rc; | 2670 | return rc; |