Commit a5650acb authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'selinux-pr-20200210' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux 

Pull SELinux fixes from Paul Moore:
 "Two small fixes: one fixes a locking problem in the recently merged
  label translation code, the other fixes an embarrassing 'binderfs' /
  'binder' filesystem name check"

* tag 'selinux-pr-20200210' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix sidtab string cache locking
  selinux: fix typo in filesystem name
parents bb6d3fb3 39a706fb

security/selinux/hooks.c

+1 −1
Original line number Diff line number Diff line
@@ -698,7 +698,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, 


	if (!strcmp(sb->s_type->name, "debugfs") ||

	    !strcmp(sb->s_type->name, "tracefs") ||

	    !strcmp(sb->s_type->name, "binderfs") ||

	    !strcmp(sb->s_type->name, "binder") ||

	    !strcmp(sb->s_type->name, "pstore"))

		sbsec->flags |= SE_SBGENFS;

security/selinux/ss/sidtab.c

+3 −9
Original line number Diff line number Diff line
@@ -518,19 +518,13 @@ void sidtab_sid2str_put(struct sidtab *s, struct sidtab_entry *entry, 
			const char *str, u32 str_len)

{

	struct sidtab_str_cache *cache, *victim = NULL;

	unsigned long flags;



	/* do not cache invalid contexts */

	if (entry->context.len)

		return;



	/*

	 * Skip the put operation when in non-task context to avoid the need

	 * to disable interrupts while holding s->cache_lock.

	 */

	if (!in_task())

		return;



	spin_lock(&s->cache_lock);

	spin_lock_irqsave(&s->cache_lock, flags);



	cache = rcu_dereference_protected(entry->cache,

					  lockdep_is_held(&s->cache_lock));
@@ -561,7 +555,7 @@ void sidtab_sid2str_put(struct sidtab *s, struct sidtab_entry *entry, 
	rcu_assign_pointer(entry->cache, cache);



out_unlock:

	spin_unlock(&s->cache_lock);

	spin_unlock_irqrestore(&s->cache_lock, flags);

	kfree_rcu(victim, rcu_member);

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE