The spinlock protecting the update of the "sksec->nlbl_state" variable is not currently softirq safe which can lead to problems. This patch fixes this by changing the spin_{un}lock() functions into spin_{un}lock_bh() functions. Signed-off-by: Paul Moore --- security/selinux/ss/services.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: net-2.6.20_bugfix_3/security/selinux/ss/services.c =================================================================== --- net-2.6.20_bugfix_3.orig/security/selinux/ss/services.c +++ net-2.6.20_bugfix_3/security/selinux/ss/services.c @@ -2492,9 +2492,9 @@ static int selinux_netlbl_socket_setsid( rc = netlbl_socket_setattr(sock, &secattr); if (rc == 0) { - spin_lock(&sksec->nlbl_lock); + spin_lock_bh(&sksec->nlbl_lock); sksec->nlbl_state = NLBL_LABELED; - spin_unlock(&sksec->nlbl_lock); + spin_unlock_bh(&sksec->nlbl_lock); } netlbl_socket_setsid_return: -- paul moore linux security @ hp - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html