2 files changed, 5 insertions, 1 deletions

diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 28f911cdd7c7..c5454c0477c3 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -174,7 +174,8 @@ static void sel_netnode_insert(struct sel_netnode *node)
         if (sel_netnode_hash[idx].size == SEL_NETNODE_HASH_BKT_LIMIT) {
                 struct sel_netnode *tail;
                 tail = list_entry(
-                        rcu_dereference(sel_netnode_hash[idx].list.prev),
+                        rcu_dereference_protected(sel_netnode_hash[idx].list.prev,
+                                                  lockdep_is_held(&sel_netnode_lock)),
                         struct sel_netnode, list);
                 list_del_rcu(&tail->list);
                 kfree_rcu(tail, rcu);
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index d309e7f472d8..370a6468b3ba 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -67,6 +67,9 @@ static struct nlmsg_perm nlmsg_route_perms[] =
         { RTM_GETADDRLABEL,     NETLINK_ROUTE_SOCKET__NLMSG_READ  },
         { RTM_GETDCB,           NETLINK_ROUTE_SOCKET__NLMSG_READ  },
         { RTM_SETDCB,           NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+        { RTM_NEWNETCONF,       NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
+        { RTM_GETNETCONF,       NETLINK_ROUTE_SOCKET__NLMSG_READ  },
+        { RTM_GETMDB,           NETLINK_ROUTE_SOCKET__NLMSG_READ  },
 };
 
 static struct nlmsg_perm nlmsg_tcpdiag_perms[] =