From 9883a13c72dbf8c518814b6091019643cdb34429 Mon Sep 17 00:00:00 2001 From: Parag Warudkar Date: Tue, 2 Jan 2007 21:09:31 +0100 Subject: [PATCH] [PATCH] selinux: fix selinux_netlbl_inode_permission() locking do not call a sleeping lock API in an RCU read section. lock_sock_nested can sleep, its BH counterpart doesn't. selinux_netlbl_inode_permission() needs to use the BH counterpart unconditionally. Compile tested. From: Ingo Molnar added BH disabling, because this function can be called from non-atomic contexts too, so a naked bh_lock_sock() would be deadlock-prone. Boot-tested the resulting kernel. Signed-off-by: Parag Warudkar Signed-off-by: Ingo Molnar Signed-off-by: Linus Torvalds --- security/selinux/ss/services.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index bdb7070dd3dc..ee0581557966 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) rcu_read_unlock(); return 0; } - lock_sock(sock->sk); + local_bh_disable(); + bh_lock_sock_nested(sock->sk); rc = selinux_netlbl_socket_setsid(sock, sksec->sid); - release_sock(sock->sk); + bh_unlock_sock(sock->sk); + local_bh_enable(); rcu_read_unlock(); return rc; -- 2.20.1