selinux: move user accesses in selinuxfs out of locked regions - bcachefs.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Jann Horn <jannh@google.com>	2018-06-28 20:39:54 -0400
committer	Paul Moore <paul@paul-moore.com>	2018-06-28 20:39:54 -0400
commit	0da74120c5341389b97c4ee27487a97224999ee1 (patch)
tree	cef6a54c640bb2ddfcc927d8d869b6e390057102 /security/apparmor/include/label.h
parent	d141136f523a3a6372d22981bdff7a8906f36fea (diff)

selinux: move user accesses in selinuxfs out of locked regions

If a user is accessing a file in selinuxfs with a pointer to a userspace buffer that is backed by e.g. a userfaultfd, the userspace access can stall indefinitely, which can block fsi->mutex if it is held. For sel_read_policy(), remove the locking, since this method doesn't seem to access anything that requires locking. For sel_read_bool(), move the user access below the locked region. For sel_write_bool() and sel_commit_bools_write(), move the user access up above the locked region. Cc: stable@vger.kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Jann Horn <jannh@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> [PM: removed an unused variable in sel_read_policy()] Signed-off-by: Paul Moore <paul@paul-moore.com>

Diffstat (limited to 'security/apparmor/include/label.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: