Please pull this fix for a bug in SELinux inode label validation.
The following changes since commit 5bb9871eb8daa2e6a07caf7aeafbe2d0b3faad8f:
Merge tag 'trace-fixes-v4.5-rc5-2' of
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace (2016-02-25
20:12:09 -0800)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
Andreas Gruenbacher (1):
selinux: Don't sleep inside inode_getsecid hook
James Morris (1):
Merge branch 'stable-4.5' of
git://git.infradead.org/users/pcmoore/selinux into for-linus
security/selinux/hooks.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
commit e817c2f33efb4aa7f02c98dfab9a5f8ff383ea7e
Author: Andreas Gruenbacher <[email protected]>
Date: Thu Feb 18 12:04:08 2016 +0100
selinux: Don't sleep inside inode_getsecid hook
The inode_getsecid hook is called from contexts in which sleeping is not
allowed, so we cannot revalidate inode security labels from there. Use
the non-validating version of inode_security() instead.
Reported-by: Benjamin Coddington <[email protected]>
Signed-off-by: Andreas Gruenbacher <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f8110cf..f1ab715 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3249,7 +3249,7 @@ static int selinux_inode_listsecurity(struct inode
*inode, char *buffer, size_t
static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
{
- struct inode_security_struct *isec = inode_security(inode);
+ struct inode_security_struct *isec = inode_security_novalidate(inode);
*secid = isec->sid;
}
