* [PATCH] Fix SELinux avc_log_lock
@ 2003-08-14 19:22 Stephen Smalley
0 siblings, 0 replies; only message in thread
From: Stephen Smalley @ 2003-08-14 19:22 UTC (permalink / raw)
To: Linus Torvalds, Andrew Morton, James Morris, lkml
This patch against 2.6.0-test3-bk fixes a bug in the SELinux access vector
cache code, which was incorrectly using spin_lock_irq rather than
spin_lock_irqsave for the avc_log_lock. As this code can be called from
hardirq (e.g. from the file_send_sigiotask hook), we need irqsave/restore here.
security/selinux/avc.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
===== security/selinux/avc.c 1.2 vs edited =====
--- 1.2/security/selinux/avc.c Sun Aug 10 07:09:44 2003
+++ edited/security/selinux/avc.c Thu Aug 14 14:44:36 2003
@@ -507,6 +507,7 @@
struct inode *inode = NULL;
char *p;
u32 denied, audited;
+ unsigned long flags;
denied = requested & ~avd->allowed;
if (denied) {
@@ -525,7 +526,7 @@
return;
/* prevent overlapping printks */
- spin_lock_irq(&avc_log_lock);
+ spin_lock_irqsave(&avc_log_lock,flags);
printk("%s\n", avc_level_string);
printk("%savc: %s ", avc_level_string, denied ? "denied" : "granted");
@@ -674,7 +675,7 @@
avc_dump_query(ssid, tsid, tclass);
printk("\n");
- spin_unlock_irq(&avc_log_lock);
+ spin_unlock_irqrestore(&avc_log_lock,flags);
}
/**
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-08-14 19:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-14 19:22 [PATCH] Fix SELinux avc_log_lock Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).