From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch fixes a bug in the SELinux access vector cache code, which was
incorrectly using spin_lock_irq rather than spin_lock_irqsave for the
avc_log_lock.  As this code can be called from hardirq (e.g.  from the
file_send_sigiotask hook), we need irqsave/restore here.



 security/selinux/avc.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff -puN security/selinux/avc.c~selinux-avc_log_lock-fix security/selinux/avc.c
--- 25/security/selinux/avc.c~selinux-avc_log_lock-fix	2003-08-18 22:27:18.000000000 -0700
+++ 25-akpm/security/selinux/avc.c	2003-08-18 22:27:18.000000000 -0700
@@ -507,6 +507,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	struct inode *inode = NULL;
 	char *p;
 	u32 denied, audited;
+	unsigned long flags;
 
 	denied = requested & ~avd->allowed;
 	if (denied) {
@@ -525,7 +526,7 @@ void avc_audit(u32 ssid, u32 tsid,
 		return;
 
 	/* prevent overlapping printks */
-	spin_lock_irq(&avc_log_lock);
+	spin_lock_irqsave(&avc_log_lock,flags);
 
 	printk("%s\n", avc_level_string);
 	printk("%savc:  %s ", avc_level_string, denied ? "denied" : "granted");
@@ -674,7 +675,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	avc_dump_query(ssid, tsid, tclass);
 	printk("\n");
 
-	spin_unlock_irq(&avc_log_lock);
+	spin_unlock_irqrestore(&avc_log_lock,flags);
 }
 
 /**

_