eliminate the holding of the sem in inode_security_set_sid if it is indeed not needed.
Rationale: isec->sem is used to synchronize inode security setup, but this is only necessary when multiple threads may access the inode, as in inode_doinit_with_dentry (upon lookup). inode_security_set_sid is now only used by inode_init_security (and could be folded into it), which is called to set up newly created inodes before they are accessible. I think that the taking of isem there is legacy code. Note that taking the sem also does no good there, as if you have multiple threads accessing the inode there, someone is going to lose and have his value clobbered. We should also look at converting the remaining semaphores in the SELinux code to simple mutexes.
"We should also look at converting the remaining semaphores in the SELinux code to simple mutexes." By simpe mutexes do you mean spin locks? Does the kernel have another locking mechanism that would work other than spin locks and semaphores initialized to 1?
Posted upstream and in -mm
Closing current release (in 2.6.18)