summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorParag Warudkar <paragw@paragw.zapto.org>2007-01-02 21:09:31 +0100
committerLinus Torvalds <torvalds@woody.osdl.org>2007-01-02 13:32:21 -0800
commit9883a13c72dbf8c518814b6091019643cdb34429 (patch)
treecb904d6db071a985598d8b8659dee1556f6fb231
parentec8acb6904fabb8e741f741ec99bb1c18f2b3dee (diff)
[PATCH] selinux: fix selinux_netlbl_inode_permission() locking
do not call a sleeping lock API in an RCU read section. lock_sock_nested can sleep, its BH counterpart doesn't. selinux_netlbl_inode_permission() needs to use the BH counterpart unconditionally. Compile tested. From: Ingo Molnar <mingo@elte.hu> added BH disabling, because this function can be called from non-atomic contexts too, so a naked bh_lock_sock() would be deadlock-prone. Boot-tested the resulting kernel. Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/ss/services.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index bdb7070dd3d..ee058155796 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
rcu_read_unlock();
return 0;
}
- lock_sock(sock->sk);
+ local_bh_disable();
+ bh_lock_sock_nested(sock->sk);
rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
- release_sock(sock->sk);
+ bh_unlock_sock(sock->sk);
+ local_bh_enable();
rcu_read_unlock();
return rc;