summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTianyue Ren <rentianyue@kylinos.cn>2020-10-09 03:36:30 +0200
committerPaul Moore <paul@paul-moore.com>2020-10-28 03:14:25 +0100
commit83370b31a915493231e5b9addc72e4bef69f8d31 (patch)
tree669e2c9601fe63e6ea71c37057dc2680d67b23a3 /security
parentLinux 5.10-rc1 (diff)
downloadlinux-83370b31a915493231e5b9addc72e4bef69f8d31.tar.xz
linux-83370b31a915493231e5b9addc72e4bef69f8d31.zip
selinux: fix error initialization in inode_doinit_with_dentry()
Mark the inode security label as invalid if we cannot find a dentry so that we will retry later rather than marking it initialized with the unlabeled SID. Fixes: 9287aed2ad1f ("selinux: Convert isec->lock into a spinlock") Signed-off-by: Tianyue Ren <rentianyue@kylinos.cn> [PM: minor comment tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6b1826fc3658..158fc47d8620 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1451,7 +1451,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit with a dentry, before these inodes could
* be used again by userspace.
*/
- goto out;
+ isec->initialized = LABEL_INVALID;
+ /*
+ * There is nothing useful to jump to the "out"
+ * label, except a needless spin lock/unlock
+ * cycle.
+ */
+ return 0;
}
rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
@@ -1507,8 +1513,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit() with a dentry, before these inodes
* could be used again by userspace.
*/
- if (!dentry)
- goto out;
+ if (!dentry) {
+ isec->initialized = LABEL_INVALID;
+ /*
+ * There is nothing useful to jump to the "out"
+ * label, except a needless spin lock/unlock
+ * cycle.
+ */
+ return 0;
+ }
rc = selinux_genfs_get_sid(dentry, sclass,
sbsec->flags, &sid);
if (rc) {