aboutsummaryrefslogtreecommitdiff
path: root/security/selinux/include/objsec.h
diff options
context:
space:
mode:
authorAndreas Gruenbacher <agruenba@redhat.com>2016-11-15 11:06:40 +0100
committerPaul Moore <paul@paul-moore.com>2016-11-22 17:44:02 -0500
commit9287aed2ad1ff1bde5eb190bcd6dccd5f1cf47d3 (patch)
tree0d57e7ecdbf0d7c2ac9c377a4a53c5c9b135d38d /security/selinux/include/objsec.h
parent3322d0d64f4e942862a152f6f11137a1f5eac2e9 (diff)
selinux: Convert isec->lock into a spinlock
Convert isec->lock from a mutex into a spinlock. Instead of holding the lock while sleeping in inode_doinit_with_dentry, set isec->initialized to LABEL_PENDING and release the lock. Then, when the sid has been determined, re-acquire the lock. If isec->initialized is still set to LABEL_PENDING, set isec->sid; otherwise, the sid has been set by another task (LABEL_INITIALIZED) or invalidated (LABEL_INVALID) in the meantime. This fixes a deadlock on gfs2 where * one task is in inode_doinit_with_dentry -> gfs2_getxattr, holds isec->lock, and tries to acquire the inode's glock, and * another task is in do_xmote -> inode_go_inval -> selinux_inode_invalidate_secctx, holds the inode's glock, and tries to acquire isec->lock. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> [PM: minor tweaks to keep checkpatch.pl happy] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/include/objsec.h')
-rw-r--r--security/selinux/include/objsec.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index c21e135460a5..e8dab0f02c72 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -39,7 +39,8 @@ struct task_security_struct {
enum label_initialized {
LABEL_INVALID, /* invalid or not initialized */
- LABEL_INITIALIZED /* initialized */
+ LABEL_INITIALIZED, /* initialized */
+ LABEL_PENDING
};
struct inode_security_struct {
@@ -52,7 +53,7 @@ struct inode_security_struct {
u32 sid; /* SID of this object */
u16 sclass; /* security class of this object */
unsigned char initialized; /* initialization flag */
- struct mutex lock;
+ spinlock_t lock;
};
struct file_security_struct {