Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull SELinux fixes from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: selinux: selinux_setprocattr()->ptrace_parent() needs rcu_read_lock() selinux: fix broken peer recv check
author: Linus Torvalds <torvalds@linux-foundation.org> 2013-12-23 17:37:20 -0800
committer: Linus Torvalds <torvalds@linux-foundation.org> 2013-12-23 17:37:20 -0800
commit: b257bab5a635725466433b6cae90fd4f215c0ad5 (patch)
tree: 00a98c7f1a6e74eb840bace1db41fbee491c6472
parent: dc0a6b4fee04f99a3db3dd5affcce440dc0c4b7e (diff)
parent: c0c1439541f5305b57a83d599af32b74182933fe (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 419491d8e7d2..6625699f497c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4334,8 +4334,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		}
 		err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
 				   PEER__RECV, &ad);
-		if (err)
+		if (err) {
 			selinux_netlbl_err(skb, err, 0);
+			return err;
+		}
 	}
 
 	if (secmark_active) {
@@ -5586,11 +5588,11 @@ static int selinux_setprocattr(struct task_struct *p,
 		/* Check for ptracing, and update the task SID if ok.
 		   Otherwise, leave SID unchanged and fail. */
 		ptsid = 0;
-		task_lock(p);
+		rcu_read_lock();
 		tracer = ptrace_parent(p);
 		if (tracer)
 			ptsid = task_sid(tracer);
-		task_unlock(p);
+		rcu_read_unlock();
 
 		if (tracer) {
 			error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
author	Linus Torvalds <torvalds@linux-foundation.org>	2013-12-23 17:37:20 -0800
committer	Linus Torvalds <torvalds@linux-foundation.org>	2013-12-23 17:37:20 -0800
commit	b257bab5a635725466433b6cae90fd4f215c0ad5 (patch)
tree	00a98c7f1a6e74eb840bace1db41fbee491c6472
parent	dc0a6b4fee04f99a3db3dd5affcce440dc0c4b7e (diff)
parent	c0c1439541f5305b57a83d599af32b74182933fe (diff)