Commit 9883a13c authored Jan 02, 2007 by Parag Warudkar Committed by Linus Torvalds Jan 02, 2007

[PATCH] selinux: fix selinux_netlbl_inode_permission() locking



do not call a sleeping lock API in an RCU read section.
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() needs to use the BH counterpart
unconditionally.

Compile tested.

From: Ingo Molnar <mingo@elte.hu>

added BH disabling, because this function can be called from non-atomic
contexts too, so a naked bh_lock_sock() would be deadlock-prone.

Boot-tested the resulting kernel.

Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent ec8acb69

security/selinux/ss/services.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
		rcu_read_unlock();
		return 0;
		}
		lock_sock(sock->sk);
		local_bh_disable();
		bh_lock_sock_nested(sock->sk);
		rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
		release_sock(sock->sk);
		bh_unlock_sock(sock->sk);
		local_bh_enable();
		rcu_read_unlock();

		return rc;