aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2008-04-04 08:46:05 -0400
committerJames Morris <jmorris@namei.org>2008-04-07 18:30:14 -0400
commit869ab5147e1eead890245cfd4f652ba282b6ac26 (patch)
tree8334fe84734e14e247fb7b4ef78f9a43891249f0 /security/selinux/hooks.c
parentff09e2afe742f3ff52a0c9a660e8a3fe30cf587c (diff)
SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs code
More cases where SELinux must not re-enter the fs code. Called from the d_instantiate security hook. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 820d07a60ab0..89bb6d36c0a7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1143,7 +1143,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1143 } 1143 }
1144 1144
1145 len = INITCONTEXTLEN; 1145 len = INITCONTEXTLEN;
1146 context = kmalloc(len, GFP_KERNEL); 1146 context = kmalloc(len, GFP_NOFS);
1147 if (!context) { 1147 if (!context) {
1148 rc = -ENOMEM; 1148 rc = -ENOMEM;
1149 dput(dentry); 1149 dput(dentry);
@@ -1161,7 +1161,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1161 } 1161 }
1162 kfree(context); 1162 kfree(context);
1163 len = rc; 1163 len = rc;
1164 context = kmalloc(len, GFP_KERNEL); 1164 context = kmalloc(len, GFP_NOFS);
1165 if (!context) { 1165 if (!context) {
1166 rc = -ENOMEM; 1166 rc = -ENOMEM;
1167 dput(dentry); 1167 dput(dentry);
@@ -1185,7 +1185,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1185 rc = 0; 1185 rc = 0;
1186 } else { 1186 } else {
1187 rc = security_context_to_sid_default(context, rc, &sid, 1187 rc = security_context_to_sid_default(context, rc, &sid,
1188 sbsec->def_sid); 1188 sbsec->def_sid,
1189 GFP_NOFS);
1189 if (rc) { 1190 if (rc) {
1190 printk(KERN_WARNING "%s: context_to_sid(%s) " 1191 printk(KERN_WARNING "%s: context_to_sid(%s) "
1191 "returned %d for dev=%s ino=%ld\n", 1192 "returned %d for dev=%s ino=%ld\n",