Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux-2.6

3 files changed, 19 insertions, 15 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c2fef7b12dc7..d39b59cf8a08 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -180,7 +180,7 @@ static int inode_alloc_security(struct inode *inode)
         struct task_security_struct *tsec = current->security;
         struct inode_security_struct *isec;
 
-        isec = kmem_cache_zalloc(sel_inode_cache, GFP_KERNEL);
+        isec = kmem_cache_zalloc(sel_inode_cache, GFP_NOFS);
         if (!isec)
                 return -ENOMEM;
 
@@ -760,13 +760,13 @@ static void selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
          * this early in the boot process. */
         BUG_ON(!ss_initialized);
 
-        /* this might go away sometime down the line if there is a new user
-         * of clone, but for now, nfs better not get here... */
-        BUG_ON(newsbsec->initialized);
-
         /* how can we clone if the old one wasn't set up?? */
         BUG_ON(!oldsbsec->initialized);
 
+        /* if fs is reusing a sb, just let its options stand... */
+        if (newsbsec->initialized)
+                return;
+
         mutex_lock(&newsbsec->lock);
 
         newsbsec->flags = oldsbsec->flags;
@@ -1143,7 +1143,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                 }
 
                 len = INITCONTEXTLEN;
-                context = kmalloc(len, GFP_KERNEL);
+                context = kmalloc(len, GFP_NOFS);
                 if (!context) {
                         rc = -ENOMEM;
                         dput(dentry);
@@ -1161,7 +1161,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                         }
                         kfree(context);
                         len = rc;
-                        context = kmalloc(len, GFP_KERNEL);
+                        context = kmalloc(len, GFP_NOFS);
                         if (!context) {
                                 rc = -ENOMEM;
                                 dput(dentry);
@@ -1185,7 +1185,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                         rc = 0;
                 } else {
                         rc = security_context_to_sid_default(context, rc, &sid,
-                                                             sbsec->def_sid);
+                                                             sbsec->def_sid,
+                                                             GFP_NOFS);
                         if (rc) {
                                 printk(KERN_WARNING "%s:  context_to_sid(%s) "
                                        "returned %d for dev=%s ino=%ld\n",
@@ -2429,7 +2430,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
                 return -EOPNOTSUPP;
 
         if (name) {
-                namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_KERNEL);
+                namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS);
                 if (!namep)
                         return -ENOMEM;
                 *name = namep;
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index f7d2f03781f2..44e12ec88090 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -86,7 +86,8 @@ int security_sid_to_context(u32 sid, char **scontext,
 int security_context_to_sid(char *scontext, u32 scontext_len,
         u32 *out_sid);
 
-int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid);
+int security_context_to_sid_default(char *scontext, u32 scontext_len,
+                                    u32 *out_sid, u32 def_sid, gfp_t gfp_flags);
 
 int security_get_user_sids(u32 callsid, char *username,
                            u32 **sids, u32 *nel);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 47295acd09c9..5fd54f2bbaac 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -680,7 +680,8 @@ out:
 
 }
 
-static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
+static int security_context_to_sid_core(char *scontext, u32 scontext_len,
+                                        u32 *sid, u32 def_sid, gfp_t gfp_flags)
 {
         char *scontext2;
         struct context context;
@@ -709,7 +710,7 @@ static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *s
            null suffix to the copy to avoid problems with the existing
            attr package, which doesn't view the null terminator as part
            of the attribute value. */
-        scontext2 = kmalloc(scontext_len+1,GFP_KERNEL);
+        scontext2 = kmalloc(scontext_len+1, gfp_flags);
         if (!scontext2) {
                 rc = -ENOMEM;
                 goto out;
@@ -809,7 +810,7 @@ out:
 int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
 {
         return security_context_to_sid_core(scontext, scontext_len,
-                                            sid, SECSID_NULL);
+                                            sid, SECSID_NULL, GFP_KERNEL);
 }
 
 /**
@@ -829,10 +830,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
  * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
  * memory is available, or 0 on success.
  */
-int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid)
+int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid,
+                                    u32 def_sid, gfp_t gfp_flags)
 {
         return security_context_to_sid_core(scontext, scontext_len,
-                                            sid, def_sid);
+                                            sid, def_sid, gfp_flags);
 }
 
 static int compute_sid_handle_invalid_context(