[PATCH] Fix SELinux avc_log_lock

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch fixes a bug in the SELinux access vector cache code, which was incorrectly using spin_lock_irq rather than spin_lock_irqsave for the avc_log_lock. As this code can be called from hardirq (e.g. from the file_send_sigiotask hook), we need irqsave/restore here.
author: Andrew Morton <akpm@osdl.org> 2003-08-18 18:33:30 -0700
committer: Linus Torvalds <torvalds@home.osdl.org> 2003-08-18 18:33:30 -0700
commit: 1c8141192585728fafe7a25250ae2b11b4693ac1 (patch)
tree: 3d05431a8623dc63e45640501c1e4a960f4d2953 /security
parent: b2967b499b19d84fc4fb08fe9449fbbb97a71076 (diff)
download: history-1c8141192585728fafe7a25250ae2b11b4693ac1.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 5bfa82933ca0c4..0871fa4df90612 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -507,6 +507,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	struct inode *inode = NULL;
 	char *p;
 	u32 denied, audited;
+	unsigned long flags;
 
 	denied = requested & ~avd->allowed;
 	if (denied) {
@@ -525,7 +526,7 @@ void avc_audit(u32 ssid, u32 tsid,
 		return;
 
 	/* prevent overlapping printks */
-	spin_lock_irq(&avc_log_lock);
+	spin_lock_irqsave(&avc_log_lock,flags);
 
 	printk("%s\n", avc_level_string);
 	printk("%savc:  %s ", avc_level_string, denied ? "denied" : "granted");
@@ -674,7 +675,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	avc_dump_query(ssid, tsid, tclass);
 	printk("\n");
 
-	spin_unlock_irq(&avc_log_lock);
+	spin_unlock_irqrestore(&avc_log_lock,flags);
 }
 
 /**
author	Andrew Morton <akpm@osdl.org>	2003-08-18 18:33:30 -0700
committer	Linus Torvalds <torvalds@home.osdl.org>	2003-08-18 18:33:30 -0700
commit	1c8141192585728fafe7a25250ae2b11b4693ac1 (patch)
tree	3d05431a8623dc63e45640501c1e4a960f4d2953 /security
parent	b2967b499b19d84fc4fb08fe9449fbbb97a71076 (diff)
download	history-1c8141192585728fafe7a25250ae2b11b4693ac1.tar.gz