Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
[PATCH] selinux: fix sb_lock/sb_security_lock nesting
From: Stephen Smalley <sds@tycho.nsa.gov>
Fix unsafe nesting of sb_lock inside sb_security_lock in
selinux_complete_init. Detected by the kernel locking validator.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
authored by
Stephen Smalley
and committed by
Linus Torvalds
ba0c19ed
93ff66bf
+4
-2
security/selinux/hooks.c
+4
-2
security/selinux/hooks.c
···
4422
4422
4423
4423
/* Set up any superblocks initialized prior to the policy load. */
4424
4424
printk(KERN_INFO "SELinux: Setting up existing superblocks.\n");
4425
+
spin_lock(&sb_lock);
4425
4426
spin_lock(&sb_security_lock);
4426
4427
next_sb:
4427
4428
if (!list_empty(&superblock_security_head)) {
···
4431
4430
struct superblock_security_struct,
4432
4431
list);
4433
4432
struct super_block *sb = sbsec->sb;
4434
-
spin_lock(&sb_lock);
4435
4433
sb->s_count++;
4436
-
spin_unlock(&sb_lock);
4437
4434
spin_unlock(&sb_security_lock);
4435
+
spin_unlock(&sb_lock);
4438
4436
down_read(&sb->s_umount);
4439
4437
if (sb->s_root)
4440
4438
superblock_doinit(sb, NULL);
4441
4439
drop_super(sb);
4440
+
spin_lock(&sb_lock);
4442
4441
spin_lock(&sb_security_lock);
4443
4442
list_del_init(&sbsec->list);
4444
4443
goto next_sb;
4445
4444
}
4446
4445
spin_unlock(&sb_security_lock);
4446
+
spin_unlock(&sb_lock);
4447
4447
}
4448
4448
4449
4449
/* SELinux requires early initialization in order to label