Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-08 13:11:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

Browse Source 
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  SELinux fixups needed for preemptable RCU from -rt
  SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
This commit is contained in:
Linus Torvalds 2008-04-22 15:15:48 -07:00
commit e199ceee15
3 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
security/selinux/avc.c
View File

@ -312,6 +312,7 @@ static inline int avc_reclaim_node(void)
if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags)) if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags))
continue; continue;
rcu_read_lock();
list_for_each_entry(node, &avc_cache.slots[hvalue], list) { list_for_each_entry(node, &avc_cache.slots[hvalue], list) {
if (atomic_dec_and_test(&node->ae.used)) { if (atomic_dec_and_test(&node->ae.used)) {
/* Recently Unused */ /* Recently Unused */
@ -319,11 +320,13 @@ static inline int avc_reclaim_node(void)
avc_cache_stats_incr(reclaims); avc_cache_stats_incr(reclaims);
ecx++; ecx++;
if (ecx >= AVC_CACHE_RECLAIM) { if (ecx >= AVC_CACHE_RECLAIM) {
rcu_read_unlock();
spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags); spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
goto out; goto out;
} }
} }
} }
rcu_read_unlock();
spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags); spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
} }
out: out:
@ -821,8 +824,14 @@ int avc_ss_reset(u32 seqno)
for (i = 0; i < AVC_CACHE_SLOTS; i++) { for (i = 0; i < AVC_CACHE_SLOTS; i++) {
spin_lock_irqsave(&avc_cache.slots_lock[i], flag); spin_lock_irqsave(&avc_cache.slots_lock[i], flag);
/*
* With preemptable RCU, the outer spinlock does not
* prevent RCU grace periods from ending.
*/
rcu_read_lock();
list_for_each_entry(node, &avc_cache.slots[i], list) list_for_each_entry(node, &avc_cache.slots[i], list)
avc_node_delete(node); avc_node_delete(node);
rcu_read_unlock();
spin_unlock_irqrestore(&avc_cache.slots_lock[i], flag); spin_unlock_irqrestore(&avc_cache.slots_lock[i], flag);
} }

15
security/selinux/hooks.c
View File

@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
int set_context = (oldsbsec->flags & CONTEXT_MNT); int set_context = (oldsbsec->flags & CONTEXT_MNT);
int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
/* we can't error, we can't save the info, this shouldn't get called /*
* this early in the boot process. */ * if the parent was able to be mounted it clearly had no special lsm
BUG_ON(!ss_initialized); * mount options. thus we can safely put this sb on the list and deal
* with it later
*/
if (!ss_initialized) {
spin_lock(&sb_security_lock);
if (list_empty(&newsbsec->list))
list_add(&newsbsec->list, &superblock_security_head);
spin_unlock(&sb_security_lock);
return;
}
/* how can we clone if the old one wasn't set up?? */ /* how can we clone if the old one wasn't set up?? */
BUG_ON(!oldsbsec->initialized); BUG_ON(!oldsbsec->initialized);

2
security/selinux/netif.c
View File

@ -239,11 +239,13 @@ static void sel_netif_kill(int ifindex)
{ {
struct sel_netif *netif; struct sel_netif *netif;
rcu_read_lock();
spin_lock_bh(&sel_netif_lock); spin_lock_bh(&sel_netif_lock);
netif = sel_netif_find(ifindex); netif = sel_netif_find(ifindex);
if (netif) if (netif)
sel_netif_destroy(netif); sel_netif_destroy(netif);
spin_unlock_bh(&sel_netif_lock); spin_unlock_bh(&sel_netif_lock);
rcu_read_unlock();
} }
/** /**