[PATCH] Fix SELinux avc_log_lock

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch fixes a bug in the SELinux access vector cache code, which was incorrectly using spin_lock_irq rather than spin_lock_irqsave for the avc_log_lock. As this code can be called from hardirq (e.g. from the file_send_sigiotask hook), we need irqsave/restore here.

[PATCH] Fix SELinux avc_log_lock
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch fixes a bug in the SELinux access vector cache code, which was incorrectly using spin_lock_irq rather than spin_lock_irqsave for the avc_log_lock. As this code can be called from hardirq (e.g. from the file_send_sigiotask hook), we need irqsave/restore here.
1c814119 · Andrew Morton · Linus Torvalds · b2967b49 · 1c814119
Commit 1c814119 authored Aug 18, 2003 by Andrew Morton Committed by Linus Torvalds Aug 18, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

security/selinux/avc.c security/selinux/avc.c +3 -2

No files found.
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -507,6 +507,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	struct inode *inode = NULL;
 	char *p;
 	u32 denied, audited;
+	unsigned long flags;

 	denied = requested & ~avd->allowed;
 	if (denied) {
@@ -525,7 +526,7 @@ void avc_audit(u32 ssid, u32 tsid,
 		return;

 	/* prevent overlapping printks */
-	spin_lock_irq(&avc_log_lock);
+	spin_lock_irqsave(&avc_log_lock,flags);

 	printk("%s\n", avc_level_string);
 	printk("%savc:  %s ", avc_level_string, denied ? "denied" : "granted");
@@ -674,7 +675,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	avc_dump_query(ssid, tsid, tclass);
 	printk("\n");

-	spin_unlock_irq(&avc_log_lock);
+	spin_unlock_irqrestore(&avc_log_lock,flags);
 }

 /**