aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/xfrm.c
diff options
context:
space:
mode:
authorNikolay Aleksandrov <nikolay@redhat.com>2014-03-07 06:44:19 -0500
committerSteffen Klassert <steffen.klassert@secunet.com>2014-03-10 03:30:02 -0400
commit52a4c6404f91f2d2c5592ee6365a8418c4565f53 (patch)
treec88320060de9b18fbe345a46dc9d91eecb92dde9 /security/selinux/xfrm.c
parent87536a81e1f52409b45333ce8cac415a1218163c (diff)
selinux: add gfp argument to security_xfrm_policy_alloc and fix callers
security_xfrm_policy_alloc can be called in atomic context so the allocation should be done with GFP_ATOMIC. Add an argument to let the callers choose the appropriate way. In order to do so a gfp argument needs to be added to the method xfrm_policy_alloc_security in struct security_operations and to the internal function selinux_xfrm_alloc_user. After that switch to GFP_ATOMIC in the atomic callers and leave GFP_KERNEL as before for the rest. The path that needed the gfp argument addition is: security_xfrm_policy_alloc -> security_ops.xfrm_policy_alloc_security -> all users of xfrm_policy_alloc_security (e.g. selinux_xfrm_policy_alloc) -> selinux_xfrm_alloc_user (here the allocation used to be GFP_KERNEL only) Now adding a gfp argument to selinux_xfrm_alloc_user requires us to also add it to security_context_to_sid which is used inside and prior to this patch did only GFP_KERNEL allocation. So add gfp argument to security_context_to_sid and adjust all of its callers as well. CC: Paul Moore <paul@paul-moore.com> CC: Dave Jones <davej@redhat.com> CC: Steffen Klassert <steffen.klassert@secunet.com> CC: Fan Du <fan.du@windriver.com> CC: David S. Miller <davem@davemloft.net> CC: LSM list <linux-security-module@vger.kernel.org> CC: SELinux list <selinux@tycho.nsa.gov> Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> Acked-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'security/selinux/xfrm.c')
-rw-r--r--security/selinux/xfrm.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 0462cb3ff0a7..98b042630a9e 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -78,7 +78,8 @@ static inline int selinux_authorizable_xfrm(struct xfrm_state *x)
78 * xfrm_user_sec_ctx context. 78 * xfrm_user_sec_ctx context.
79 */ 79 */
80static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, 80static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
81 struct xfrm_user_sec_ctx *uctx) 81 struct xfrm_user_sec_ctx *uctx,
82 gfp_t gfp)
82{ 83{
83 int rc; 84 int rc;
84 const struct task_security_struct *tsec = current_security(); 85 const struct task_security_struct *tsec = current_security();
@@ -94,7 +95,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
94 if (str_len >= PAGE_SIZE) 95 if (str_len >= PAGE_SIZE)
95 return -ENOMEM; 96 return -ENOMEM;
96 97
97 ctx = kmalloc(sizeof(*ctx) + str_len + 1, GFP_KERNEL); 98 ctx = kmalloc(sizeof(*ctx) + str_len + 1, gfp);
98 if (!ctx) 99 if (!ctx)
99 return -ENOMEM; 100 return -ENOMEM;
100 101
@@ -103,7 +104,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
103 ctx->ctx_len = str_len; 104 ctx->ctx_len = str_len;
104 memcpy(ctx->ctx_str, &uctx[1], str_len); 105 memcpy(ctx->ctx_str, &uctx[1], str_len);
105 ctx->ctx_str[str_len] = '\0'; 106 ctx->ctx_str[str_len] = '\0';
106 rc = security_context_to_sid(ctx->ctx_str, str_len, &ctx->ctx_sid); 107 rc = security_context_to_sid(ctx->ctx_str, str_len, &ctx->ctx_sid, gfp);
107 if (rc) 108 if (rc)
108 goto err; 109 goto err;
109 110
@@ -282,9 +283,10 @@ int selinux_xfrm_skb_sid(struct sk_buff *skb, u32 *sid)
282 * LSM hook implementation that allocs and transfers uctx spec to xfrm_policy. 283 * LSM hook implementation that allocs and transfers uctx spec to xfrm_policy.
283 */ 284 */
284int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, 285int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp,
285 struct xfrm_user_sec_ctx *uctx) 286 struct xfrm_user_sec_ctx *uctx,
287 gfp_t gfp)
286{ 288{
287 return selinux_xfrm_alloc_user(ctxp, uctx); 289 return selinux_xfrm_alloc_user(ctxp, uctx, gfp);
288} 290}
289 291
290/* 292/*
@@ -332,7 +334,7 @@ int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
332int selinux_xfrm_state_alloc(struct xfrm_state *x, 334int selinux_xfrm_state_alloc(struct xfrm_state *x,
333 struct xfrm_user_sec_ctx *uctx) 335 struct xfrm_user_sec_ctx *uctx)
334{ 336{
335 return selinux_xfrm_alloc_user(&x->security, uctx); 337 return selinux_xfrm_alloc_user(&x->security, uctx, GFP_KERNEL);
336} 338}
337 339
338/* 340/*