diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-22 15:15:48 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-22 15:15:48 -0700 |
| commit | e199ceee15c8f8652cc3bb97651bdf246ba23c5f (patch) | |
| tree | 1d6540d2f0724af08e117324326322e9c882260b /security/selinux/avc.c | |
| parent | b24a31442e2ff66053ae4f76e9c69c557d59c7d1 (diff) | |
| parent | 618442509128fe4514be94de70ce54075cd9a706 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
SELinux fixups needed for preemptable RCU from -rt
SELinux: no BUG_ON(!ss_initialized) in selinux_clone_mnt_opts
Diffstat (limited to 'security/selinux/avc.c')
| -rw-r--r-- | security/selinux/avc.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 1d69f6649bf..95a8ef4a507 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -312,6 +312,7 @@ static inline int avc_reclaim_node(void) if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags)) continue; + rcu_read_lock(); list_for_each_entry(node, &avc_cache.slots[hvalue], list) { if (atomic_dec_and_test(&node->ae.used)) { /* Recently Unused */ @@ -319,11 +320,13 @@ static inline int avc_reclaim_node(void) avc_cache_stats_incr(reclaims); ecx++; if (ecx >= AVC_CACHE_RECLAIM) { + rcu_read_unlock(); spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags); goto out; } } } + rcu_read_unlock(); spin_unlock_irqrestore(&avc_cache.slots_lock[hvalue], flags); } out: @@ -821,8 +824,14 @@ int avc_ss_reset(u32 seqno) for (i = 0; i < AVC_CACHE_SLOTS; i++) { spin_lock_irqsave(&avc_cache.slots_lock[i], flag); + /* + * With preemptable RCU, the outer spinlock does not + * prevent RCU grace periods from ending. + */ + rcu_read_lock(); list_for_each_entry(node, &avc_cache.slots[i], list) avc_node_delete(node); + rcu_read_unlock(); spin_unlock_irqrestore(&avc_cache.slots_lock[i], flag); } |