'+ selinux-fix-sb_lock-sb_security_lock-nesting-was.patch added to -mm tree'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-mm-commits
Subject:    + selinux-fix-sb_lock-sb_security_lock-nesting-was.patch added to -mm tree
From:       akpm () osdl ! org
Date:       2006-05-31 18:46:06
Message-ID: 200605311841.k4VIfjM2001975 () shell0 ! pdx ! osdl ! net
[Download RAW message or body]


The patch titled

     selinux: fix sb_lock/sb_security_lock nesting

has been added to the -mm tree.  Its filename is

     selinux-fix-sb_lock-sb_security_lock-nesting-was.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this

------------------------------------------------------
Subject: selinux: fix sb_lock/sb_security_lock nesting
From: Stephen Smalley <sds@tycho.nsa.gov>


Fix unsafe nesting of sb_lock inside sb_security_lock in
selinux_complete_init.  Detected by the kernel locking validator.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 security/selinux/hooks.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff -puN security/selinux/hooks.c~selinux-fix-sb_lock-sb_security_lock-nesting-was \
                security/selinux/hooks.c
--- devel/security/selinux/hooks.c~selinux-fix-sb_lock-sb_security_lock-nesting-was	2006-05-31 \
                11:44:59.000000000 -0700
+++ devel-akpm/security/selinux/hooks.c	2006-05-31 11:44:59.000000000 -0700
@@ -4454,6 +4454,7 @@ void selinux_complete_init(void)
 
 	/* Set up any superblocks initialized prior to the policy load. */
 	printk(KERN_INFO "SELinux:  Setting up existing superblocks.\n");
+	spin_lock(&sb_lock);
 	spin_lock(&sb_security_lock);
 next_sb:
 	if (!list_empty(&superblock_security_head)) {
@@ -4462,19 +4463,20 @@ next_sb:
 				           struct superblock_security_struct,
 				           list);
 		struct super_block *sb = sbsec->sb;
-		spin_lock(&sb_lock);
 		sb->s_count++;
-		spin_unlock(&sb_lock);
 		spin_unlock(&sb_security_lock);
+		spin_unlock(&sb_lock);
 		down_read(&sb->s_umount);
 		if (sb->s_root)
 			superblock_doinit(sb, NULL);
 		drop_super(sb);
+		spin_lock(&sb_lock);
 		spin_lock(&sb_security_lock);
 		list_del_init(&sbsec->list);
 		goto next_sb;
 	}
 	spin_unlock(&sb_security_lock);
+	spin_unlock(&sb_lock);
 }
 
 /* SELinux requires early initialization in order to label
_

Patches currently in -mm which might be from sds@tycho.nsa.gov are

selinux-add-security-class-for-appletalk-sockets.patch
secmark-add-new-packet-controls-to-selinux-disable-new-controls-for-selinux-by-default.patch
 lsm-add-task_setioprio-hook.patch
selinux-fix-sb_lock-sb_security_lock-nesting-was.patch
proc-cleanup-proc_fd_access_allowed.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic