nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

selinux: fix error initialization in inode_doinit_with_dentry()

Browse source 
Mark the inode security label as invalid if we cannot find
a dentry so that we will retry later rather than marking it
initialized with the unlabeled SID.

Fixes: 9287aed2ad ("selinux: Convert isec->lock into a spinlock")
Signed-off-by: Tianyue Ren <rentianyue@kylinos.cn>
[PM: minor comment tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Tianyue Ren 2020-10-09 09:36:30 +08:00 committed by Paul Moore
parent 3650b228f8
commit 83370b31a9
1 changed files with 16 additions and 3 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

19
security/selinux/hooks.c
View file

@ -1451,7 +1451,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit with a dentry, before these inodes could * inode_doinit with a dentry, before these inodes could
* be used again by userspace. * be used again by userspace.
*/ */
goto out; isec->initialized = LABEL_INVALID;
/*
* There is nothing useful to jump to the "out"
* label, except a needless spin lock/unlock
* cycle.
*/
return 0;
} }
rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid, rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
@ -1507,8 +1513,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit() with a dentry, before these inodes * inode_doinit() with a dentry, before these inodes
* could be used again by userspace. * could be used again by userspace.
*/ */
if (!dentry) if (!dentry) {
goto out; isec->initialized = LABEL_INVALID;
/*
* There is nothing useful to jump to the "out"
* label, except a needless spin lock/unlock
* cycle.
*/
return 0;
}
rc = selinux_genfs_get_sid(dentry, sclass, rc = selinux_genfs_get_sid(dentry, sclass,
sbsec->flags, &sid); sbsec->flags, &sid);
if (rc) { if (rc) {