diff options
author | Andrew Morton <akpm@osdl.org> | 2003-08-18 18:33:30 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@home.osdl.org> | 2003-08-18 18:33:30 -0700 |
commit | 1c8141192585728fafe7a25250ae2b11b4693ac1 (patch) | |
tree | 3d05431a8623dc63e45640501c1e4a960f4d2953 /security | |
parent | b2967b499b19d84fc4fb08fe9449fbbb97a71076 (diff) | |
download | history-1c8141192585728fafe7a25250ae2b11b4693ac1.tar.gz |
[PATCH] Fix SELinux avc_log_lock
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch fixes a bug in the SELinux access vector cache code, which was
incorrectly using spin_lock_irq rather than spin_lock_irqsave for the
avc_log_lock. As this code can be called from hardirq (e.g. from the
file_send_sigiotask hook), we need irqsave/restore here.
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 5bfa82933ca0c4..0871fa4df90612 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -507,6 +507,7 @@ void avc_audit(u32 ssid, u32 tsid, struct inode *inode = NULL; char *p; u32 denied, audited; + unsigned long flags; denied = requested & ~avd->allowed; if (denied) { @@ -525,7 +526,7 @@ void avc_audit(u32 ssid, u32 tsid, return; /* prevent overlapping printks */ - spin_lock_irq(&avc_log_lock); + spin_lock_irqsave(&avc_log_lock,flags); printk("%s\n", avc_level_string); printk("%savc: %s ", avc_level_string, denied ? "denied" : "granted"); @@ -674,7 +675,7 @@ void avc_audit(u32 ssid, u32 tsid, avc_dump_query(ssid, tsid, tclass); printk("\n"); - spin_unlock_irq(&avc_log_lock); + spin_unlock_irqrestore(&avc_log_lock,flags); } /** |