diff options
author | Parag Warudkar <paragw@paragw.zapto.org> | 2007-01-02 23:09:31 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.osdl.org> | 2007-01-03 00:32:21 +0300 |
commit | 9883a13c72dbf8c518814b6091019643cdb34429 (patch) | |
tree | cb904d6db071a985598d8b8659dee1556f6fb231 | |
parent | ec8acb6904fabb8e741f741ec99bb1c18f2b3dee (diff) | |
download | linux-9883a13c72dbf8c518814b6091019643cdb34429.tar.xz |
[PATCH] selinux: fix selinux_netlbl_inode_permission() locking
do not call a sleeping lock API in an RCU read section.
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() needs to use the BH counterpart
unconditionally.
Compile tested.
From: Ingo Molnar <mingo@elte.hu>
added BH disabling, because this function can be called from non-atomic
contexts too, so a naked bh_lock_sock() would be deadlock-prone.
Boot-tested the resulting kernel.
Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | security/selinux/ss/services.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index bdb7070dd3dc..ee0581557966 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) rcu_read_unlock(); return 0; } - lock_sock(sock->sk); + local_bh_disable(); + bh_lock_sock_nested(sock->sk); rc = selinux_netlbl_socket_setsid(sock, sksec->sid); - release_sock(sock->sk); + bh_unlock_sock(sock->sk); + local_bh_enable(); rcu_read_unlock(); return rc; |