On Thu, Oct 29, 2015 at 12:52 PM, Andreas Gruenbacher <[email protected]> wrote: > On Thu, Oct 29, 2015 at 4:21 PM, Stephen Smalley <[email protected]> wrote: >> On 10/28/2015 08:47 PM, Andreas Gruenbacher wrote: >>> >>> When fetching an inode's security label, check if it is still valid, and >>> try reloading it if it is not. Reloading will fail when we are in RCU >>> context which doesn't allow sleeping, or when we can't find a dentry for >>> the inode. (Reloading happens via iop->getxattr which takes a dentry >>> parameter.) When reloading fails, continue using the old, invalid >>> label. >>> >>> Signed-off-by: Andreas Gruenbacher <[email protected]> >> >> >> Could probably use inode_security_novalidate() for all of the SOCK_INODE() >> cases, right? > > I guess, yes.
There is no time like the present. All the patches look fine to me, but I think it would be good to add the additional inode_security_novalidate() calls. If you want, you can just post a "8/7" patch with the extra calls added and I'll apply that on top of the v4 patchset. -- paul moore www.paul-moore.com -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
