projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3650b22)
selinux: fix error initialization in inode_doinit_with_dentry()
authorTianyue Ren <rentianyue@kylinos.cn>
Fri, 9 Oct 2020 01:36:30 +0000 (09:36 +0800)
committerPaul Moore <paul@paul-moore.com>
Wed, 28 Oct 2020 02:14:25 +0000 (22:14 -0400)
Mark the inode security label as invalid if we cannot find
a dentry so that we will retry later rather than marking it
initialized with the unlabeled SID.

Fixes: 9287aed2ad1f ("selinux: Convert isec->lock into a spinlock")
Signed-off-by: Tianyue Ren <rentianyue@kylinos.cn>
[PM: minor comment tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/hooks.c patch | blob | history

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6b1826f..158fc47 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1451,7 +1451,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                         * inode_doinit with a dentry, before these inodes could
                         * be used again by userspace.
                         */
-                       goto out;
+                       isec->initialized = LABEL_INVALID;
+                       /*
+                        * There is nothing useful to jump to the "out"
+                        * label, except a needless spin lock/unlock
+                        * cycle.
+                        */
+                       return 0;
                }
 
                rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
@@ -1507,8 +1513,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                         * inode_doinit() with a dentry, before these inodes
                         * could be used again by userspace.
                         */
-                       if (!dentry)
-                               goto out;
+                       if (!dentry) {
+                               isec->initialized = LABEL_INVALID;
+                               /*
+                                * There is nothing useful to jump to the "out"
+                                * label, except a needless spin lock/unlock
+                                * cycle.
+                                */
+                               return 0;
+                       }
                        rc = selinux_genfs_get_sid(dentry, sclass,
                                                   sbsec->flags, &sid);
                        if (rc) {
Domain: System / Kernel;