selinux: fix error initialization in inode_doinit_with_dentry()

Mark the inode security label as invalid if we cannot find a dentry so that we will retry later rather than marking it initialized with the unlabeled SID. Fixes: 9287aed2ad ("selinux: Convert isec->lock into a spinlock") Signed-off-by: Tianyue Ren <rentianyue@kylinos.cn> [PM: minor comment tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com>
2020-10-09 09:36:30 +08:00 · 2020-10-09 09:36:30 +08:00 · 83370b31a9
commit 83370b31a9
parent 3650b228f8
1 changed files with 16 additions and 3 deletions
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@ -1451,7 +1451,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			 * inode_doinit with a dentry, before these inodes could
 			 * be used again by userspace.
 			 */
-			goto out;
+			isec->initialized = LABEL_INVALID;
+			/*
+			 * There is nothing useful to jump to the "out"
+			 * label, except a needless spin lock/unlock
+			 * cycle.
+			 */
+			return 0;
 		}

 		rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
@ -1507,8 +1513,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			 * inode_doinit() with a dentry, before these inodes
 			 * could be used again by userspace.
 			 */
-			if (!dentry)
-				goto out;
+			if (!dentry) {
+				isec->initialized = LABEL_INVALID;
+				/*
+				 * There is nothing useful to jump to the "out"
+				 * label, except a needless spin lock/unlock
+				 * cycle.
+				 */
+				return 0;
+			}
 			rc = selinux_genfs_get_sid(dentry, sclass,
 						   sbsec->flags, &sid);
 			if (rc) {