diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-04-04 08:46:05 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-04-07 18:30:14 -0400 |
commit | 869ab5147e1eead890245cfd4f652ba282b6ac26 (patch) | |
tree | 8334fe84734e14e247fb7b4ef78f9a43891249f0 /security/selinux/hooks.c | |
parent | ff09e2afe742f3ff52a0c9a660e8a3fe30cf587c (diff) |
SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs code
More cases where SELinux must not re-enter the fs code. Called from the
d_instantiate security hook.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 820d07a60ab0..89bb6d36c0a7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1143,7 +1143,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1143 | } | 1143 | } |
1144 | 1144 | ||
1145 | len = INITCONTEXTLEN; | 1145 | len = INITCONTEXTLEN; |
1146 | context = kmalloc(len, GFP_KERNEL); | 1146 | context = kmalloc(len, GFP_NOFS); |
1147 | if (!context) { | 1147 | if (!context) { |
1148 | rc = -ENOMEM; | 1148 | rc = -ENOMEM; |
1149 | dput(dentry); | 1149 | dput(dentry); |
@@ -1161,7 +1161,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1161 | } | 1161 | } |
1162 | kfree(context); | 1162 | kfree(context); |
1163 | len = rc; | 1163 | len = rc; |
1164 | context = kmalloc(len, GFP_KERNEL); | 1164 | context = kmalloc(len, GFP_NOFS); |
1165 | if (!context) { | 1165 | if (!context) { |
1166 | rc = -ENOMEM; | 1166 | rc = -ENOMEM; |
1167 | dput(dentry); | 1167 | dput(dentry); |
@@ -1185,7 +1185,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1185 | rc = 0; | 1185 | rc = 0; |
1186 | } else { | 1186 | } else { |
1187 | rc = security_context_to_sid_default(context, rc, &sid, | 1187 | rc = security_context_to_sid_default(context, rc, &sid, |
1188 | sbsec->def_sid); | 1188 | sbsec->def_sid, |
1189 | GFP_NOFS); | ||
1189 | if (rc) { | 1190 | if (rc) { |
1190 | printk(KERN_WARNING "%s: context_to_sid(%s) " | 1191 | printk(KERN_WARNING "%s: context_to_sid(%s) " |
1191 | "returned %d for dev=%s ino=%ld\n", | 1192 | "returned %d for dev=%s ino=%ld\n", |