diff options
-rw-r--r-- | security/selinux/hooks.c | 7 | ||||
-rw-r--r-- | security/selinux/include/security.h | 3 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 12 |
3 files changed, 13 insertions, 9 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 820d07a60ab0..89bb6d36c0a7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -1143,7 +1143,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1143 | } | 1143 | } |
1144 | 1144 | ||
1145 | len = INITCONTEXTLEN; | 1145 | len = INITCONTEXTLEN; |
1146 | context = kmalloc(len, GFP_KERNEL); | 1146 | context = kmalloc(len, GFP_NOFS); |
1147 | if (!context) { | 1147 | if (!context) { |
1148 | rc = -ENOMEM; | 1148 | rc = -ENOMEM; |
1149 | dput(dentry); | 1149 | dput(dentry); |
@@ -1161,7 +1161,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1161 | } | 1161 | } |
1162 | kfree(context); | 1162 | kfree(context); |
1163 | len = rc; | 1163 | len = rc; |
1164 | context = kmalloc(len, GFP_KERNEL); | 1164 | context = kmalloc(len, GFP_NOFS); |
1165 | if (!context) { | 1165 | if (!context) { |
1166 | rc = -ENOMEM; | 1166 | rc = -ENOMEM; |
1167 | dput(dentry); | 1167 | dput(dentry); |
@@ -1185,7 +1185,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1185 | rc = 0; | 1185 | rc = 0; |
1186 | } else { | 1186 | } else { |
1187 | rc = security_context_to_sid_default(context, rc, &sid, | 1187 | rc = security_context_to_sid_default(context, rc, &sid, |
1188 | sbsec->def_sid); | 1188 | sbsec->def_sid, |
1189 | GFP_NOFS); | ||
1189 | if (rc) { | 1190 | if (rc) { |
1190 | printk(KERN_WARNING "%s: context_to_sid(%s) " | 1191 | printk(KERN_WARNING "%s: context_to_sid(%s) " |
1191 | "returned %d for dev=%s ino=%ld\n", | 1192 | "returned %d for dev=%s ino=%ld\n", |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index f7d2f03781f2..44e12ec88090 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -86,7 +86,8 @@ int security_sid_to_context(u32 sid, char **scontext, | |||
86 | int security_context_to_sid(char *scontext, u32 scontext_len, | 86 | int security_context_to_sid(char *scontext, u32 scontext_len, |
87 | u32 *out_sid); | 87 | u32 *out_sid); |
88 | 88 | ||
89 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *out_sid, u32 def_sid); | 89 | int security_context_to_sid_default(char *scontext, u32 scontext_len, |
90 | u32 *out_sid, u32 def_sid, gfp_t gfp_flags); | ||
90 | 91 | ||
91 | int security_get_user_sids(u32 callsid, char *username, | 92 | int security_get_user_sids(u32 callsid, char *username, |
92 | u32 **sids, u32 *nel); | 93 | u32 **sids, u32 *nel); |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f37418601215..3f2bad28ee7b 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -680,7 +680,8 @@ out: | |||
680 | 680 | ||
681 | } | 681 | } |
682 | 682 | ||
683 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) | 683 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, |
684 | u32 *sid, u32 def_sid, gfp_t gfp_flags) | ||
684 | { | 685 | { |
685 | char *scontext2; | 686 | char *scontext2; |
686 | struct context context; | 687 | struct context context; |
@@ -709,7 +710,7 @@ static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *s | |||
709 | null suffix to the copy to avoid problems with the existing | 710 | null suffix to the copy to avoid problems with the existing |
710 | attr package, which doesn't view the null terminator as part | 711 | attr package, which doesn't view the null terminator as part |
711 | of the attribute value. */ | 712 | of the attribute value. */ |
712 | scontext2 = kmalloc(scontext_len+1,GFP_KERNEL); | 713 | scontext2 = kmalloc(scontext_len+1, gfp_flags); |
713 | if (!scontext2) { | 714 | if (!scontext2) { |
714 | rc = -ENOMEM; | 715 | rc = -ENOMEM; |
715 | goto out; | 716 | goto out; |
@@ -809,7 +810,7 @@ out: | |||
809 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | 810 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) |
810 | { | 811 | { |
811 | return security_context_to_sid_core(scontext, scontext_len, | 812 | return security_context_to_sid_core(scontext, scontext_len, |
812 | sid, SECSID_NULL); | 813 | sid, SECSID_NULL, GFP_KERNEL); |
813 | } | 814 | } |
814 | 815 | ||
815 | /** | 816 | /** |
@@ -829,10 +830,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | |||
829 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | 830 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient |
830 | * memory is available, or 0 on success. | 831 | * memory is available, or 0 on success. |
831 | */ | 832 | */ |
832 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) | 833 | int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, |
834 | u32 def_sid, gfp_t gfp_flags) | ||
833 | { | 835 | { |
834 | return security_context_to_sid_core(scontext, scontext_len, | 836 | return security_context_to_sid_core(scontext, scontext_len, |
835 | sid, def_sid); | 837 | sid, def_sid, gfp_flags); |
836 | } | 838 | } |
837 | 839 | ||
838 | static int compute_sid_handle_invalid_context( | 840 | static int compute_sid_handle_invalid_context( |