[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

rpms/kernel/devel netlabel-lock.patch, NONE, 1.1.2.1 kernel-2.6.spec, 1.2904, 1.2904.2.1

From: fedora-cvs-commits redhat com
To: fedora-cvs-commits redhat com
Subject: rpms/kernel/devel netlabel-lock.patch, NONE, 1.1.2.1 kernel-2.6.spec, 1.2904, 1.2904.2.1
Date: Wed, 3 Jan 2007 19:22:50 -0500

Author: eparis

Update of /cvs/dist/rpms/kernel/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10478

Modified Files:
      Tag: private-BZ220966-branch
	kernel-2.6.spec 
Added Files:
      Tag: private-BZ220966-branch
	netlabel-lock.patch 
Log Message:
* Wed Jan  3 2007 Eric Paris <eparis redhat com>
- FOR TESTING ONLY!
- added netlabel locking fix.


netlabel-lock.patch:
 services.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

--- NEW FILE netlabel-lock.patch ---
[PATCH] selinux: fix selinux_netlbl_inode_permission() locking

do not call a sleeping lock API in an RCU read section.
lock_sock_nested can sleep, its BH counterpart doesn't.
selinux_netlbl_inode_permission() needs to use the BH counterpart
unconditionally.

Compile tested.

From: Ingo Molnar <mingo elte hu>

added BH disabling, because this function can be called from non-atomic
contexts too, so a naked bh_lock_sock() would be deadlock-prone.

Boot-tested the resulting kernel.

Signed-off-by: Parag Warudkar <paragw paragw zapto org>
Signed-off-by: Ingo Molnar <mingo elte hu>
Signed-off-by: Linus Torvalds <torvalds osdl org>
---

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index bdb7070..ee05815 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2660,9 +2660,11 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask)
 		rcu_read_unlock();
 		return 0;
 	}
-	lock_sock(sock->sk);
+	local_bh_disable();
+	bh_lock_sock_nested(sock->sk);
 	rc = selinux_netlbl_socket_setsid(sock, sksec->sid);
-	release_sock(sock->sk);
+	bh_unlock_sock(sock->sk);
+	local_bh_enable();
 	rcu_read_unlock();
 
 	return rc;


Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/devel/kernel-2.6.spec,v
retrieving revision 1.2904
retrieving revision 1.2904.2.1
diff -u -r1.2904 -r1.2904.2.1
--- kernel-2.6.spec	2 Jan 2007 04:31:26 -0000	1.2904
+++ kernel-2.6.spec	4 Jan 2007 00:22:48 -0000	1.2904.2.1
@@ -32,7 +32,7 @@
 %define sublevel 19
 %define kversion 2.6.%{sublevel}
 %define rpmversion 2.6.%{sublevel}
-%define release %(R="$Revision$"; RR="${R##: }"; echo ${RR%%?})%{?dist}
+%define release %(R="$Revision$"; RR="${R##: }"; echo ${RR%%?})%{?dist}.BZ220966.TESTING.ONLY
 
 %define make_target bzImage
 %define kernel_image x86
@@ -477,6 +477,8 @@
 Patch20001: xen-11668-hvm_disable_fix.patch
 Patch20002: xen-dom0-reboot.patch
 
+Patch25001: netlabel-lock.patch
+
 # END OF PATCH DEFINITIONS
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root-%{_target_cpu}
@@ -1047,6 +1049,9 @@
 #
 
 #
+
+%patch25001 -p1
+
 # misc small stuff to make things compile or otherwise improve performance
 #
 %patch10000 -p1
@@ -1988,6 +1993,10 @@
 #  - tux.
 
 %changelog
+* Wed Jan  3 2007 Eric Paris <eparis redhat com>
+- FOR TESTING ONLY!
+- added netlabel locking fix.
+
 * Mon Jan  1 2007 Dave Jones <davej redhat com>
 - 2.6.20rc3

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]