From: Tianyue Ren <rentianyue@xxxxxxxxxx>
Mark the inode security label as invalid if we cannot find
a dentry so that we will retry later rather than marking it
initialized with the unlabeled SID.
Fixes: 9287aed2ad1f ("selinux: Convert isec->lock into a spinlock")
Signed-off-by: Tianyue Ren <rentianyue@xxxxxxxxxx>
---
security/selinux/hooks.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index bf8328adad8f..da7295a546e0 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1499,6 +1499,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit with a dentry, before these inodes could
* be used again by userspace.
*/
+ isec->initialized = LABEL_INVALID;
goto out;
}
@@ -1553,8 +1554,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
* inode_doinit() with a dentry, before these inodes
* could be used again by userspace.
*/
- if (!dentry)
+ if (!dentry) {
+ isec->initialized = LABEL_INVALID;
goto out;
+ }
rc = selinux_genfs_get_sid(dentry, sclass,
sbsec->flags, &sid);
if (rc) {
--
2.28.0
