Skip to content

Commit f1f05ef

Browse files
torvaldstorvalds
committed
Merge tag 'selinux-pr-20211217' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fix from Paul Moore: "Another small SELinux fix for v5.16 to ensure that we don't block on memory allocations while holding a spinlock. This passes all our tests without problem" * tag 'selinux-pr-20211217' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix sleeping function called from invalid context
2 parents 0bb43ae + cc274ae commit f1f05ef

File tree

1 file changed

+19
-14
lines changed

1 file changed

+19
-14
lines changed

security/selinux/hooks.c

Lines changed: 19 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -611,10 +611,11 @@ static int bad_option(struct superblock_security_struct *sbsec, char flag,
611611
return 0;
612612
}
613613

614-
static int parse_sid(struct super_block *sb, const char *s, u32 *sid)
614+
static int parse_sid(struct super_block *sb, const char *s, u32 *sid,
615+
gfp_t gfp)
615616
{
616617
int rc = security_context_str_to_sid(&selinux_state, s,
617-
sid, GFP_KERNEL);
618+
sid, gfp);
618619
if (rc)
619620
pr_warn("SELinux: security_context_str_to_sid"
620621
"(%s) failed for (dev %s, type %s) errno=%d\n",
@@ -685,7 +686,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
685686
*/
686687
if (opts) {
687688
if (opts->fscontext) {
688-
rc = parse_sid(sb, opts->fscontext, &fscontext_sid);
689+
rc = parse_sid(sb, opts->fscontext, &fscontext_sid,
690+
GFP_KERNEL);
689691
if (rc)
690692
goto out;
691693
if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
@@ -694,7 +696,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
694696
sbsec->flags |= FSCONTEXT_MNT;
695697
}
696698
if (opts->context) {
697-
rc = parse_sid(sb, opts->context, &context_sid);
699+
rc = parse_sid(sb, opts->context, &context_sid,
700+
GFP_KERNEL);
698701
if (rc)
699702
goto out;
700703
if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid,
@@ -703,7 +706,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
703706
sbsec->flags |= CONTEXT_MNT;
704707
}
705708
if (opts->rootcontext) {
706-
rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid);
709+
rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid,
710+
GFP_KERNEL);
707711
if (rc)
708712
goto out;
709713
if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
@@ -712,7 +716,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
712716
sbsec->flags |= ROOTCONTEXT_MNT;
713717
}
714718
if (opts->defcontext) {
715-
rc = parse_sid(sb, opts->defcontext, &defcontext_sid);
719+
rc = parse_sid(sb, opts->defcontext, &defcontext_sid,
720+
GFP_KERNEL);
716721
if (rc)
717722
goto out;
718723
if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid,
@@ -2702,14 +2707,14 @@ static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts)
27022707
return (sbsec->flags & SE_MNTMASK) ? 1 : 0;
27032708

27042709
if (opts->fscontext) {
2705-
rc = parse_sid(sb, opts->fscontext, &sid);
2710+
rc = parse_sid(sb, opts->fscontext, &sid, GFP_NOWAIT);
27062711
if (rc)
27072712
return 1;
27082713
if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
27092714
return 1;
27102715
}
27112716
if (opts->context) {
2712-
rc = parse_sid(sb, opts->context, &sid);
2717+
rc = parse_sid(sb, opts->context, &sid, GFP_NOWAIT);
27132718
if (rc)
27142719
return 1;
27152720
if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
@@ -2719,14 +2724,14 @@ static int selinux_sb_mnt_opts_compat(struct super_block *sb, void *mnt_opts)
27192724
struct inode_security_struct *root_isec;
27202725

27212726
root_isec = backing_inode_security(sb->s_root);
2722-
rc = parse_sid(sb, opts->rootcontext, &sid);
2727+
rc = parse_sid(sb, opts->rootcontext, &sid, GFP_NOWAIT);
27232728
if (rc)
27242729
return 1;
27252730
if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
27262731
return 1;
27272732
}
27282733
if (opts->defcontext) {
2729-
rc = parse_sid(sb, opts->defcontext, &sid);
2734+
rc = parse_sid(sb, opts->defcontext, &sid, GFP_NOWAIT);
27302735
if (rc)
27312736
return 1;
27322737
if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
@@ -2749,14 +2754,14 @@ static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
27492754
return 0;
27502755

27512756
if (opts->fscontext) {
2752-
rc = parse_sid(sb, opts->fscontext, &sid);
2757+
rc = parse_sid(sb, opts->fscontext, &sid, GFP_KERNEL);
27532758
if (rc)
27542759
return rc;
27552760
if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
27562761
goto out_bad_option;
27572762
}
27582763
if (opts->context) {
2759-
rc = parse_sid(sb, opts->context, &sid);
2764+
rc = parse_sid(sb, opts->context, &sid, GFP_KERNEL);
27602765
if (rc)
27612766
return rc;
27622767
if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
@@ -2765,14 +2770,14 @@ static int selinux_sb_remount(struct super_block *sb, void *mnt_opts)
27652770
if (opts->rootcontext) {
27662771
struct inode_security_struct *root_isec;
27672772
root_isec = backing_inode_security(sb->s_root);
2768-
rc = parse_sid(sb, opts->rootcontext, &sid);
2773+
rc = parse_sid(sb, opts->rootcontext, &sid, GFP_KERNEL);
27692774
if (rc)
27702775
return rc;
27712776
if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
27722777
goto out_bad_option;
27732778
}
27742779
if (opts->defcontext) {
2775-
rc = parse_sid(sb, opts->defcontext, &sid);
2780+
rc = parse_sid(sb, opts->defcontext, &sid, GFP_KERNEL);
27762781
if (rc)
27772782
return rc;
27782783
if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))

0 commit comments

Comments
 (0)