[PATCH] selinux: fix selinux_netlbl_inode_permission() locking

do not call a sleeping lock API in an RCU read section. lock_sock_nested can sleep, its BH counterpart doesn't. selinux_netlbl_inode_permission() needs to use the BH counterpart unconditionally. Compile tested. From: Ingo Molnar <mingo@elte.hu> added BH disabling, because this function can be called from non-atomic contexts too, so a naked bh_lock_sock() would be deadlock-prone. Boot-tested the resulting kernel. Signed-off-by: Parag Warudkar <paragw@paragw.zapto.org> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Atom-X-Devs · Jan 2, 2007 · 9883a13 · 9883a13
1 parent ec8acb6
commit 9883a13
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
 		rcu_read_unlock();
 		return 0;
 	}
-	lock_sock(sock->sk);
+	local_bh_disable();
+	bh_lock_sock_nested(sock->sk);
 	rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
-	release_sock(sock->sk);
+	bh_unlock_sock(sock->sk);
+	local_bh_enable();
 	rcu_read_unlock();
 
 	return rc;