Commit e199ceee authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  SELinux fixups needed for preemptable RCU from -rt
  SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
parents b24a3144 61844250
...@@ -312,6 +312,7 @@ static inline int avc_reclaim_node(void) ...@@ -312,6 +312,7 @@ static inline int avc_reclaim_node(void)
if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags)) if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags))
continue; continue;
rcu_read_lock();
list_for_each_entry(node, &avc_cache.slots[hvalue], list) { list_for_each_entry(node, &avc_cache.slots[hvalue], list) {
if (atomic_dec_and_test(&node->ae.used)) { if (atomic_dec_and_test(&node->ae.used)) {
/* Recently Unused */ /* Recently Unused */
...@@ -319,11 +320,13 @@ static inline int avc_reclaim_node(void) ...@@ -319,11 +320,13 @@ static inline int avc_reclaim_node(void)
avc_cache_stats_incr(reclaims); avc_cache_stats_incr(reclaims);
ecx++; ecx++;
if (ecx >= AVC_CACHE_RECLAIM) { if (ecx >= AVC_CACHE_RECLAIM) {
rcu_read_unlock();
spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags); spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
goto out; goto out;
} }
} }
} }
rcu_read_unlock();
spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags); spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags);
} }
out: out:
...@@ -821,8 +824,14 @@ int avc_ss_reset(u32 seqno) ...@@ -821,8 +824,14 @@ int avc_ss_reset(u32 seqno)
for (i = 0; i < AVC_CACHE_SLOTS; i++) { for (i = 0; i < AVC_CACHE_SLOTS; i++) {
spin_lock_irqsave(&avc_cache.slots_lock[i], flag); spin_lock_irqsave(&avc_cache.slots_lock[i], flag);
/*
* With preemptable RCU, the outer spinlock does not
* prevent RCU grace periods from ending.
*/
rcu_read_lock();
list_for_each_entry(node, &avc_cache.slots[i], list) list_for_each_entry(node, &avc_cache.slots[i], list)
avc_node_delete(node); avc_node_delete(node);
rcu_read_unlock();
spin_unlock_irqrestore(&avc_cache.slots_lock[i], flag); spin_unlock_irqrestore(&avc_cache.slots_lock[i], flag);
} }
......
...@@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb, ...@@ -755,9 +755,18 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
int set_context = (oldsbsec->flags & CONTEXT_MNT); int set_context = (oldsbsec->flags & CONTEXT_MNT);
int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT); int set_rootcontext = (oldsbsec->flags & ROOTCONTEXT_MNT);
/* we can't error, we can't save the info, this shouldn't get called /*
* this early in the boot process. */ * if the parent was able to be mounted it clearly had no special lsm
BUG_ON(!ss_initialized); * mount options. thus we can safely put this sb on the list and deal
* with it later
*/
if (!ss_initialized) {
spin_lock(&sb_security_lock);
if (list_empty(&newsbsec->list))
list_add(&newsbsec->list, &superblock_security_head);
spin_unlock(&sb_security_lock);
return;
}
/* how can we clone if the old one wasn't set up?? */ /* how can we clone if the old one wasn't set up?? */
BUG_ON(!oldsbsec->initialized); BUG_ON(!oldsbsec->initialized);
......
...@@ -239,11 +239,13 @@ static void sel_netif_kill(int ifindex) ...@@ -239,11 +239,13 @@ static void sel_netif_kill(int ifindex)
{ {
struct sel_netif *netif; struct sel_netif *netif;
rcu_read_lock();
spin_lock_bh(&sel_netif_lock); spin_lock_bh(&sel_netif_lock);
netif = sel_netif_find(ifindex); netif = sel_netif_find(ifindex);
if (netif) if (netif)
sel_netif_destroy(netif); sel_netif_destroy(netif);
spin_unlock_bh(&sel_netif_lock); spin_unlock_bh(&sel_netif_lock);
rcu_read_unlock();
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment