From f6337e2d52dc1bac7f38d4468d20a25be5562bf1 Mon Sep 17 00:00:00 2001 From: Tashfin Shakeer Rhythm Date: Wed, 13 Aug 2025 07:07:06 +0600 Subject: [PATCH] kernel: selinux: rules: Micro-optimize get_policydb() and fix illegal RCU lock usage in handle_sepolicy() (#2695) Signed-off-by: Tashfin Shakeer Rhythm --- kernel/selinux/rules.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c index fe82f020..716627e4 100644 --- a/kernel/selinux/rules.c +++ b/kernel/selinux/rules.c @@ -19,7 +19,7 @@ static struct policydb *get_policydb(void) { struct policydb *db; - struct selinux_policy *policy = rcu_dereference(selinux_state.policy); + struct selinux_policy *policy = selinux_state.policy; db = &policy->policydb; return db; } @@ -215,6 +215,8 @@ static void reset_avc_cache() int handle_sepolicy(unsigned long arg3, void __user *arg4) { + struct policydb *db; + if (!arg4) { return -1; } @@ -276,9 +278,9 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4) subcmd = data.subcmd; #endif - rcu_read_lock(); + mutex_lock(&ksu_rules); - struct policydb *db = get_policydb(); + db = get_policydb(); int ret = -1; if (cmd == CMD_NORMAL_PERM) { @@ -528,7 +530,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4) } exit: - rcu_read_unlock(); + mutex_unlock(&ksu_rules); // only allow and xallow needs to reset avc cache, but we cannot do that because // we are in atomic context. so we just reset it every time.