[PATCH] Fix SELinux avc_log_lock

From: Stephen Smalley
Date: Thu Aug 14 2003 - 14:31:28 EST

Next message: Stephen Smalley: "[PATCH] SELinux check behavior value"
Previous message: John Levon: "[PATCH] Export pointer size in oprofilefs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch against 2.6.0-test3-bk fixes a bug in the SELinux access vector
cache code, which was incorrectly using spin_lock_irq rather than
spin_lock_irqsave for the avc_log_lock. As this code can be called from
hardirq (e.g. from the file_send_sigiotask hook), we need irqsave/restore here.

security/selinux/avc.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)

===== security/selinux/avc.c 1.2 vs edited =====
--- 1.2/security/selinux/avc.c Sun Aug 10 07:09:44 2003
+++ edited/security/selinux/avc.c Thu Aug 14 14:44:36 2003
@@ -507,6 +507,7 @@
struct inode *inode = NULL;
char *p;
u32 denied, audited;
+ unsigned long flags;

denied = requested & ~avd->allowed;
if (denied) {
@@ -525,7 +526,7 @@
return;

/* prevent overlapping printks */
- spin_lock_irq(&avc_log_lock);
+ spin_lock_irqsave(&avc_log_lock,flags);

printk("%s\n", avc_level_string);
printk("%savc: %s ", avc_level_string, denied ? "denied" : "granted");
@@ -674,7 +675,7 @@
avc_dump_query(ssid, tsid, tclass);
printk("\n");

- spin_unlock_irq(&avc_log_lock);
+ spin_unlock_irqrestore(&avc_log_lock,flags);
}

/**

--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Smalley: "[PATCH] SELinux check behavior value"
Previous message: John Levon: "[PATCH] Export pointer size in oprofilefs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]