This patch against 2.6.0-test3-bk fixes a bug in the SELinux access vector
cache code, which was incorrectly using spin_lock_irq rather than
spin_lock_irqsave for the avc_log_lock. As this code can be called from
hardirq (e.g. from the file_send_sigiotask hook), we need irqsave/restore here.
security/selinux/avc.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
===== security/selinux/avc.c 1.2 vs edited =====
--- 1.2/security/selinux/avc.c Sun Aug 10 07:09:44 2003
+++ edited/security/selinux/avc.c Thu Aug 14 14:44:36 2003
@@ -507,6 +507,7 @@
struct inode *inode = NULL;
char *p;
u32 denied, audited;
+ unsigned long flags;
denied = requested & ~avd->allowed;
if (denied) {
@@ -525,7 +526,7 @@
return;
/* prevent overlapping printks */
- spin_lock_irq(&avc_log_lock);
+ spin_lock_irqsave(&avc_log_lock,flags);
printk("%s\n", avc_level_string);
printk("%savc: %s ", avc_level_string, denied ? "denied" : "granted");
@@ -674,7 +675,7 @@
avc_dump_query(ssid, tsid, tclass);
printk("\n");
- spin_unlock_irq(&avc_log_lock);
+ spin_unlock_irqrestore(&avc_log_lock,flags);
}
/**
--
Stephen Smalley <[email protected]>
National Security Agency