tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling

A previous fix, commit 83370b31a915 ("selinux: fix error initialization
in inode_doinit_with_dentry()"), changed how failures were handled
before a SELinux policy was loaded. Unfortunately that patch was
potentially problematic for two reasons: it set the isec->initialized
state without holding a lock, and it didn't set the inode's SELinux
label to the "default" for the particular filesystem. The later can
be a problem if/when a later attempt to revalidate the inode fails
and SELinux reverts to the existing inode label.

This patch should restore the default inode labeling that existed
before the original fix, without affecting the LABEL_INVALID marking
such that revalidation will still be attempted in the future.

Fixes: 83370b31a915 ("selinux: fix error initialization in inode_doinit_with_dentry()")
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Paul Moore 200ea5a2 44141f58

+13 -18
+13 -18
security/selinux/hooks.c
··· 1451 1451 * inode_doinit with a dentry, before these inodes could 1452 1452 * be used again by userspace. 1453 1453 */ 1454 - isec->initialized = LABEL_INVALID; 1455 - /* 1456 - * There is nothing useful to jump to the "out" 1457 - * label, except a needless spin lock/unlock 1458 - * cycle. 1459 - */ 1460 - return 0; 1454 + goto out_invalid; 1461 1455 } 1462 1456 1463 1457 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid, ··· 1507 1513 * inode_doinit() with a dentry, before these inodes 1508 1514 * could be used again by userspace. 1509 1515 */ 1510 - if (!dentry) { 1511 - isec->initialized = LABEL_INVALID; 1512 - /* 1513 - * There is nothing useful to jump to the "out" 1514 - * label, except a needless spin lock/unlock 1515 - * cycle. 1516 - */ 1517 - return 0; 1518 - } 1516 + if (!dentry) 1517 + goto out_invalid; 1519 1518 rc = selinux_genfs_get_sid(dentry, sclass, 1520 1519 sbsec->flags, &sid); 1521 1520 if (rc) { ··· 1533 1546 out: 1534 1547 spin_lock(&isec->lock); 1535 1548 if (isec->initialized == LABEL_PENDING) { 1536 - if (!sid || rc) { 1549 + if (rc) { 1537 1550 isec->initialized = LABEL_INVALID; 1538 1551 goto out_unlock; 1539 1552 } 1540 - 1541 1553 isec->initialized = LABEL_INITIALIZED; 1542 1554 isec->sid = sid; 1543 1555 } ··· 1544 1558 out_unlock: 1545 1559 spin_unlock(&isec->lock); 1546 1560 return rc; 1561 + 1562 + out_invalid: 1563 + spin_lock(&isec->lock); 1564 + if (isec->initialized == LABEL_PENDING) { 1565 + isec->initialized = LABEL_INVALID; 1566 + isec->sid = sid; 1567 + } 1568 + spin_unlock(&isec->lock); 1569 + return 0; 1547 1570 } 1548 1571 1549 1572 /* Convert a Linux signal to an access vector. */