projects / platform / kernel / linux-rpi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae3739f)
selinux: fix error initialization in inode_doinit_with_dentry()
authorTianyue Ren <rentianyue@kylinos.cn>
Fri, 9 Oct 2020 01:36:30 +0000 (09:36 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 30 Dec 2020 10:52:58 +0000 (11:52 +0100)
[ Upstream commit 83370b31a915493231e5b9addc72e4bef69f8d31 ]

Mark the inode security label as invalid if we cannot find
a dentry so that we will retry later rather than marking it
initialized with the unlabeled SID.

Fixes: 9287aed2ad1f ("selinux: Convert isec->lock into a spinlock")
Signed-off-by: Tianyue Ren <rentianyue@kylinos.cn>
[PM: minor comment tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
security/selinux/hooks.c patch | blob | history

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6b1826f..158fc47 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1451,7 +1451,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                         * inode_doinit with a dentry, before these inodes could
                         * be used again by userspace.
                         */
-                       goto out;
+                       isec->initialized = LABEL_INVALID;
+                       /*
+                        * There is nothing useful to jump to the "out"
+                        * label, except a needless spin lock/unlock
+                        * cycle.
+                        */
+                       return 0;
                }
 
                rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
@@ -1507,8 +1513,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                         * inode_doinit() with a dentry, before these inodes
                         * could be used again by userspace.
                         */
-                       if (!dentry)
-                               goto out;
+                       if (!dentry) {
+                               isec->initialized = LABEL_INVALID;
+                               /*
+                                * There is nothing useful to jump to the "out"
+                                * label, except a needless spin lock/unlock
+                                * cycle.
+                                */
+                               return 0;
+                       }
                        rc = selinux_genfs_get_sid(dentry, sclass,
                                                   sbsec->flags, &sid);
                        if (rc) {
Domain: System / Kernel;