Commit 9883a13c authored by Parag Warudkar's avatar Parag Warudkar Committed by Linus Torvalds

[PATCH] selinux: fix selinux_netlbl_inode_permission() locking

do not call a sleeping lock API in an RCU read section.
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() needs to use the BH counterpart
unconditionally.

Compile tested.

From: Ingo Molnar <mingo@elte.hu>

added BH disabling, because this function can be called from non-atomic
contexts too, so a naked bh_lock_sock() would be deadlock-prone.

Boot-tested the resulting kernel.
Signed-off-by: default avatarParag Warudkar <paragw@paragw.zapto.org>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent ec8acb69
...@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) ...@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
rcu_read_unlock(); rcu_read_unlock();
return 0; return 0;
} }
lock_sock(sock->sk); local_bh_disable();
bh_lock_sock_nested(sock->sk);
rc = selinux_netlbl_socket_setsid(sock, sksec->sid); rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
release_sock(sock->sk); bh_unlock_sock(sock->sk);
local_bh_enable();
rcu_read_unlock(); rcu_read_unlock();
return rc; return rc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment