diff options
| -rw-r--r-- | security/selinux/hooks.c | 7 | ||||
| -rw-r--r-- | security/selinux/include/security.h | 3 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 12 |
3 files changed, 13 insertions, 9 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 820d07a60ab0..89bb6d36c0a7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1143,7 +1143,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
| 1143 | } | 1143 | } |
| 1144 | 1144 | ||
| 1145 | len = INITCONTEXTLEN; | 1145 | len = INITCONTEXTLEN; |
| 1146 | context = kmalloc(len, GFP_KERNEL); | 1146 | context = kmalloc(len, GFP_NOFS); |
| 1147 | if (!context) { | 1147 | if (!context) { |
| 1148 | rc = -ENOMEM; | 1148 | rc = -ENOMEM; |
| 1149 | dput(dentry); | 1149 | dput(dentry); |
| @@ -1161,7 +1161,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
| 1161 | } | 1161 | } |
| 1162 | kfree(context); | 1162 | kfree(context); |
| 1163 | len = rc; | 1163 | len = rc; |
| 1164 | context = kmalloc(len, GFP_KERNEL); | 1164 | context = kmalloc(len, GFP_NOFS); |
| 1165 | if (!context) { | 1165 | if (!context) { |
| 1166 | rc = -ENOMEM; | 1166 | rc = -ENOMEM; |
| 1167 | dput(dentry); | 1167 | dput(dentry); |
| @@ -1185,7 +1185,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
| 1185 | rc = 0; | 1185 | rc = 0; |
| 1186 | } else { | 1186 | } else { |
| 1187 | rc = security_context_to_sid_default(context, rc, &sid, | 1187 | rc = security_context_to_sid_default(context, rc, &sid, |
| 1188 | sbsec->def_sid); | 1188 | sbsec->def_sid, |
| 1189 | GFP_NOFS); | ||
| 1189 | if (rc) { | 1190 | if (rc) { |
| 1190 | printk(KERN_WARNING "%s: context_to_sid(%s) " | 1191 | printk(KERN_WARNING "%s: context_to_sid(%s) " |
| 1191 | "returned %d for dev=%s ino=%ld\n", | 1192 | "returned %d for dev=%s ino=%ld\n", |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index f7d2f03781f2..44e12ec88090 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
| @@ -86,7 +86,8 @@ int security_sid_to_context(u32 sid, char **scontext, | |||
| 86 | int security_context_to_sid(char *scontext, u32 scontext_len, | 86 | int security_context_to_sid(char *scontext, u32 scontext_len, |
| 87 | u32 *out_sid); | 87 | u32 *out_sid); |
| 88 | 88 | ||
| 89 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid); | 89 | int security_context_to_sid_default(char *scontext, u32 scontext_len, |
| 90 | u32 *out_sid, u32 def_sid, gfp_t gfp_flags); | ||
| 90 | 91 | ||
| 91 | int security_get_user_sids(u32 callsid, char *username, | 92 | int security_get_user_sids(u32 callsid, char *username, |
| 92 | u32 **sids, u32 *nel); | 93 | u32 **sids, u32 *nel); |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f37418601215..3f2bad28ee7b 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -680,7 +680,8 @@ out: | |||
| 680 | 680 | ||
| 681 | } | 681 | } |
| 682 | 682 | ||
| 683 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) | 683 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, |
| 684 | u32 *sid, u32 def_sid, gfp_t gfp_flags) | ||
| 684 | { | 685 | { |
| 685 | char *scontext2; | 686 | char *scontext2; |
| 686 | struct context context; | 687 | struct context context; |
| @@ -709,7 +710,7 @@ static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *s | |||
| 709 | null suffix to the copy to avoid problems with the existing | 710 | null suffix to the copy to avoid problems with the existing |
| 710 | attr package, which doesn't view the null terminator as part | 711 | attr package, which doesn't view the null terminator as part |
| 711 | of the attribute value. */ | 712 | of the attribute value. */ |
| 712 | scontext2 = kmalloc(scontext_len+1,GFP_KERNEL); | 713 | scontext2 = kmalloc(scontext_len+1, gfp_flags); |
| 713 | if (!scontext2) { | 714 | if (!scontext2) { |
| 714 | rc = -ENOMEM; | 715 | rc = -ENOMEM; |
| 715 | goto out; | 716 | goto out; |
| @@ -809,7 +810,7 @@ out: | |||
| 809 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | 810 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) |
| 810 | { | 811 | { |
| 811 | return security_context_to_sid_core(scontext, scontext_len, | 812 | return security_context_to_sid_core(scontext, scontext_len, |
| 812 | sid, SECSID_NULL); | 813 | sid, SECSID_NULL, GFP_KERNEL); |
| 813 | } | 814 | } |
| 814 | 815 | ||
| 815 | /** | 816 | /** |
| @@ -829,10 +830,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | |||
| 829 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | 830 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient |
| 830 | * memory is available, or 0 on success. | 831 | * memory is available, or 0 on success. |
| 831 | */ | 832 | */ |
| 832 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) | 833 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, |
| 834 | u32 def_sid, gfp_t gfp_flags) | ||
| 833 | { | 835 | { |
| 834 | return security_context_to_sid_core(scontext, scontext_len, | 836 | return security_context_to_sid_core(scontext, scontext_len, |
| 835 | sid, def_sid); | 837 | sid, def_sid, gfp_flags); |
| 836 | } | 838 | } |
| 837 | 839 | ||
| 838 | static int compute_sid_handle_invalid_context( | 840 | static int compute_sid_handle_invalid_context( |