[PATCH] selinux: fix selinux_netlbl_inode_permission() locking
authorParag Warudkar <paragw@paragw.zapto.org>
Tue, 2 Jan 2007 20:09:31 +0000 (21:09 +0100)
committerLinus Torvalds <torvalds@woody.osdl.org>
Tue, 2 Jan 2007 21:32:21 +0000 (13:32 -0800)
do not call a sleeping lock API in an RCU read section.
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() needs to use the BH counterpart
unconditionally.

Compile tested.

From: Ingo Molnar <mingo@elte.hu>

added BH disabling, because this function can be called from non-atomic
contexts too, so a naked bh_lock_sock() would be deadlock-prone.

Boot-tested the resulting kernel.

Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
security/selinux/ss/services.c

index bdb7070dd3dc3d7477429e946283071625e70bd6..ee0581557966498d91435600b2e208a9a411b9d0 100644 (file)
@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
                rcu_read_unlock();
                return 0;
        }
-       lock_sock(sock->sk);
+       local_bh_disable();
+       bh_lock_sock_nested(sock->sk);
        rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
-       release_sock(sock->sk);
+       bh_unlock_sock(sock->sk);
+       local_bh_enable();
        rcu_read_unlock();
 
        return rc;