aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c24
-rw-r--r--security/selinux/netif.c3
-rw-r--r--security/selinux/selinuxfs.c30
-rw-r--r--security/selinux/ss/conditional.c12
-rw-r--r--security/selinux/ss/ebitmap.c9
-rw-r--r--security/selinux/ss/hashtab.c6
-rw-r--r--security/selinux/ss/policydb.c51
-rw-r--r--security/selinux/ss/services.c11
8 files changed, 49 insertions, 97 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 447a1e0f48cb..8cd33b2cd865 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -122,11 +122,10 @@ static int task_alloc_security(struct task_struct *task)
122{ 122{
123 struct task_security_struct *tsec; 123 struct task_security_struct *tsec;
124 124
125 tsec = kmalloc(sizeof(struct task_security_struct), GFP_KERNEL); 125 tsec = kzalloc(sizeof(struct task_security_struct), GFP_KERNEL);
126 if (!tsec) 126 if (!tsec)
127 return -ENOMEM; 127 return -ENOMEM;
128 128
129 memset(tsec, 0, sizeof(struct task_security_struct));
130 tsec->magic = SELINUX_MAGIC; 129 tsec->magic = SELINUX_MAGIC;
131 tsec->task = task; 130 tsec->task = task;
132 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; 131 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
@@ -151,11 +150,10 @@ static int inode_alloc_security(struct inode *inode)
151 struct task_security_struct *tsec = current->security; 150 struct task_security_struct *tsec = current->security;
152 struct inode_security_struct *isec; 151 struct inode_security_struct *isec;
153 152
154 isec = kmalloc(sizeof(struct inode_security_struct), GFP_KERNEL); 153 isec = kzalloc(sizeof(struct inode_security_struct), GFP_KERNEL);
155 if (!isec) 154 if (!isec)
156 return -ENOMEM; 155 return -ENOMEM;
157 156
158 memset(isec, 0, sizeof(struct inode_security_struct));
159 init_MUTEX(&isec->sem); 157 init_MUTEX(&isec->sem);
160 INIT_LIST_HEAD(&isec->list); 158 INIT_LIST_HEAD(&isec->list);
161 isec->magic = SELINUX_MAGIC; 159 isec->magic = SELINUX_MAGIC;
@@ -193,11 +191,10 @@ static int file_alloc_security(struct file *file)
193 struct task_security_struct *tsec = current->security; 191 struct task_security_struct *tsec = current->security;
194 struct file_security_struct *fsec; 192 struct file_security_struct *fsec;
195 193
196 fsec = kmalloc(sizeof(struct file_security_struct), GFP_ATOMIC); 194 fsec = kzalloc(sizeof(struct file_security_struct), GFP_ATOMIC);
197 if (!fsec) 195 if (!fsec)
198 return -ENOMEM; 196 return -ENOMEM;
199 197
200 memset(fsec, 0, sizeof(struct file_security_struct));
201 fsec->magic = SELINUX_MAGIC; 198 fsec->magic = SELINUX_MAGIC;
202 fsec->file = file; 199 fsec->file = file;
203 if (tsec && tsec->magic == SELINUX_MAGIC) { 200 if (tsec && tsec->magic == SELINUX_MAGIC) {
@@ -227,11 +224,10 @@ static int superblock_alloc_security(struct super_block *sb)
227{ 224{
228 struct superblock_security_struct *sbsec; 225 struct superblock_security_struct *sbsec;
229 226
230 sbsec = kmalloc(sizeof(struct superblock_security_struct), GFP_KERNEL); 227 sbsec = kzalloc(sizeof(struct superblock_security_struct), GFP_KERNEL);
231 if (!sbsec) 228 if (!sbsec)
232 return -ENOMEM; 229 return -ENOMEM;
233 230
234 memset(sbsec, 0, sizeof(struct superblock_security_struct));
235 init_MUTEX(&sbsec->sem); 231 init_MUTEX(&sbsec->sem);
236 INIT_LIST_HEAD(&sbsec->list); 232 INIT_LIST_HEAD(&sbsec->list);
237 INIT_LIST_HEAD(&sbsec->isec_head); 233 INIT_LIST_HEAD(&sbsec->isec_head);
@@ -269,11 +265,10 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
269 if (family != PF_UNIX) 265 if (family != PF_UNIX)
270 return 0; 266 return 0;
271 267
272 ssec = kmalloc(sizeof(*ssec), priority); 268 ssec = kzalloc(sizeof(*ssec), priority);
273 if (!ssec) 269 if (!ssec)
274 return -ENOMEM; 270 return -ENOMEM;
275 271
276 memset(ssec, 0, sizeof(*ssec));
277 ssec->magic = SELINUX_MAGIC; 272 ssec->magic = SELINUX_MAGIC;
278 ssec->sk = sk; 273 ssec->sk = sk;
279 ssec->peer_sid = SECINITSID_UNLABELED; 274 ssec->peer_sid = SECINITSID_UNLABELED;
@@ -1483,11 +1478,10 @@ static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1483{ 1478{
1484 struct bprm_security_struct *bsec; 1479 struct bprm_security_struct *bsec;
1485 1480
1486 bsec = kmalloc(sizeof(struct bprm_security_struct), GFP_KERNEL); 1481 bsec = kzalloc(sizeof(struct bprm_security_struct), GFP_KERNEL);
1487 if (!bsec) 1482 if (!bsec)
1488 return -ENOMEM; 1483 return -ENOMEM;
1489 1484
1490 memset(bsec, 0, sizeof *bsec);
1491 bsec->magic = SELINUX_MAGIC; 1485 bsec->magic = SELINUX_MAGIC;
1492 bsec->bprm = bprm; 1486 bsec->bprm = bprm;
1493 bsec->sid = SECINITSID_UNLABELED; 1487 bsec->sid = SECINITSID_UNLABELED;
@@ -3599,11 +3593,10 @@ static int ipc_alloc_security(struct task_struct *task,
3599 struct task_security_struct *tsec = task->security; 3593 struct task_security_struct *tsec = task->security;
3600 struct ipc_security_struct *isec; 3594 struct ipc_security_struct *isec;
3601 3595
3602 isec = kmalloc(sizeof(struct ipc_security_struct), GFP_KERNEL); 3596 isec = kzalloc(sizeof(struct ipc_security_struct), GFP_KERNEL);
3603 if (!isec) 3597 if (!isec)
3604 return -ENOMEM; 3598 return -ENOMEM;
3605 3599
3606 memset(isec, 0, sizeof(struct ipc_security_struct));
3607 isec->magic = SELINUX_MAGIC; 3600 isec->magic = SELINUX_MAGIC;
3608 isec->sclass = sclass; 3601 isec->sclass = sclass;
3609 isec->ipc_perm = perm; 3602 isec->ipc_perm = perm;
@@ -3631,11 +3624,10 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
3631{ 3624{
3632 struct msg_security_struct *msec; 3625 struct msg_security_struct *msec;
3633 3626
3634 msec = kmalloc(sizeof(struct msg_security_struct), GFP_KERNEL); 3627 msec = kzalloc(sizeof(struct msg_security_struct), GFP_KERNEL);
3635 if (!msec) 3628 if (!msec)
3636 return -ENOMEM; 3629 return -ENOMEM;
3637 3630
3638 memset(msec, 0, sizeof(struct msg_security_struct));
3639 msec->magic = SELINUX_MAGIC; 3631 msec->magic = SELINUX_MAGIC;
3640 msec->msg = msg; 3632 msec->msg = msg;
3641 msec->sid = SECINITSID_UNLABELED; 3633 msec->sid = SECINITSID_UNLABELED;
diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index 718d7be9f4dd..b10c34e8a743 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -114,13 +114,12 @@ static struct sel_netif *sel_netif_lookup(struct net_device *dev)
114 if (likely(netif != NULL)) 114 if (likely(netif != NULL))
115 goto out; 115 goto out;
116 116
117 new = kmalloc(sizeof(*new), GFP_ATOMIC); 117 new = kzalloc(sizeof(*new), GFP_ATOMIC);
118 if (!new) { 118 if (!new) {
119 netif = ERR_PTR(-ENOMEM); 119 netif = ERR_PTR(-ENOMEM);
120 goto out; 120 goto out;
121 } 121 }
122 122
123 memset(new, 0, sizeof(*new));
124 nsec = &new->nsec; 123 nsec = &new->nsec;
125 124
126 ret = security_netif_sid(dev->name, &nsec->if_sid, &nsec->msg_sid); 125 ret = security_netif_sid(dev->name, &nsec->if_sid, &nsec->msg_sid);
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index a45cc971e735..5f8427627211 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -424,15 +424,13 @@ static ssize_t sel_write_access(struct file * file, char *buf, size_t size)
424 return length; 424 return length;
425 425
426 length = -ENOMEM; 426 length = -ENOMEM;
427 scon = kmalloc(size+1, GFP_KERNEL); 427 scon = kzalloc(size+1, GFP_KERNEL);
428 if (!scon) 428 if (!scon)
429 return length; 429 return length;
430 memset(scon, 0, size+1);
431 430
432 tcon = kmalloc(size+1, GFP_KERNEL); 431 tcon = kzalloc(size+1, GFP_KERNEL);
433 if (!tcon) 432 if (!tcon)
434 goto out; 433 goto out;
435 memset(tcon, 0, size+1);
436 434
437 length = -EINVAL; 435 length = -EINVAL;
438 if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4) 436 if (sscanf(buf, "%s %s %hu %x", scon, tcon, &tclass, &req) != 4)
@@ -475,15 +473,13 @@ static ssize_t sel_write_create(struct file * file, char *buf, size_t size)
475 return length; 473 return length;
476 474
477 length = -ENOMEM; 475 length = -ENOMEM;
478 scon = kmalloc(size+1, GFP_KERNEL); 476 scon = kzalloc(size+1, GFP_KERNEL);
479 if (!scon) 477 if (!scon)
480 return length; 478 return length;
481 memset(scon, 0, size+1);
482 479
483 tcon = kmalloc(size+1, GFP_KERNEL); 480 tcon = kzalloc(size+1, GFP_KERNEL);
484 if (!tcon) 481 if (!tcon)
485 goto out; 482 goto out;
486 memset(tcon, 0, size+1);
487 483
488 length = -EINVAL; 484 length = -EINVAL;
489 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 485 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
@@ -536,15 +532,13 @@ static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size)
536 return length; 532 return length;
537 533
538 length = -ENOMEM; 534 length = -ENOMEM;
539 scon = kmalloc(size+1, GFP_KERNEL); 535 scon = kzalloc(size+1, GFP_KERNEL);
540 if (!scon) 536 if (!scon)
541 return length; 537 return length;
542 memset(scon, 0, size+1);
543 538
544 tcon = kmalloc(size+1, GFP_KERNEL); 539 tcon = kzalloc(size+1, GFP_KERNEL);
545 if (!tcon) 540 if (!tcon)
546 goto out; 541 goto out;
547 memset(tcon, 0, size+1);
548 542
549 length = -EINVAL; 543 length = -EINVAL;
550 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 544 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
@@ -595,15 +589,13 @@ static ssize_t sel_write_user(struct file * file, char *buf, size_t size)
595 return length; 589 return length;
596 590
597 length = -ENOMEM; 591 length = -ENOMEM;
598 con = kmalloc(size+1, GFP_KERNEL); 592 con = kzalloc(size+1, GFP_KERNEL);
599 if (!con) 593 if (!con)
600 return length; 594 return length;
601 memset(con, 0, size+1);
602 595
603 user = kmalloc(size+1, GFP_KERNEL); 596 user = kzalloc(size+1, GFP_KERNEL);
604 if (!user) 597 if (!user)
605 goto out; 598 goto out;
606 memset(user, 0, size+1);
607 599
608 length = -EINVAL; 600 length = -EINVAL;
609 if (sscanf(buf, "%s %s", con, user) != 2) 601 if (sscanf(buf, "%s %s", con, user) != 2)
@@ -658,15 +650,13 @@ static ssize_t sel_write_member(struct file * file, char *buf, size_t size)
658 return length; 650 return length;
659 651
660 length = -ENOMEM; 652 length = -ENOMEM;
661 scon = kmalloc(size+1, GFP_KERNEL); 653 scon = kzalloc(size+1, GFP_KERNEL);
662 if (!scon) 654 if (!scon)
663 return length; 655 return length;
664 memset(scon, 0, size+1);
665 656
666 tcon = kmalloc(size+1, GFP_KERNEL); 657 tcon = kzalloc(size+1, GFP_KERNEL);
667 if (!tcon) 658 if (!tcon)
668 goto out; 659 goto out;
669 memset(tcon, 0, size+1);
670 660
671 length = -EINVAL; 661 length = -EINVAL;
672 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3) 662 if (sscanf(buf, "%s %s %hu", scon, tcon, &tclass) != 3)
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index daf288007460..d2737edba541 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -220,10 +220,9 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
220 u32 len; 220 u32 len;
221 int rc; 221 int rc;
222 222
223 booldatum = kmalloc(sizeof(struct cond_bool_datum), GFP_KERNEL); 223 booldatum = kzalloc(sizeof(struct cond_bool_datum), GFP_KERNEL);
224 if (!booldatum) 224 if (!booldatum)
225 return -1; 225 return -1;
226 memset(booldatum, 0, sizeof(struct cond_bool_datum));
227 226
228 rc = next_entry(buf, fp, sizeof buf); 227 rc = next_entry(buf, fp, sizeof buf);
229 if (rc < 0) 228 if (rc < 0)
@@ -321,10 +320,9 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
321 goto err; 320 goto err;
322 } 321 }
323 322
324 list = kmalloc(sizeof(struct cond_av_list), GFP_KERNEL); 323 list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);
325 if (!list) 324 if (!list)
326 goto err; 325 goto err;
327 memset(list, 0, sizeof(*list));
328 326
329 list->node = node_ptr; 327 list->node = node_ptr;
330 if (!data->head) 328 if (!data->head)
@@ -414,11 +412,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
414 if (rc < 0) 412 if (rc < 0)
415 goto err; 413 goto err;
416 414
417 expr = kmalloc(sizeof(struct cond_expr), GFP_KERNEL); 415 expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
418 if (!expr) { 416 if (!expr) {
419 goto err; 417 goto err;
420 } 418 }
421 memset(expr, 0, sizeof(struct cond_expr));
422 419
423 expr->expr_type = le32_to_cpu(buf[0]); 420 expr->expr_type = le32_to_cpu(buf[0]);
424 expr->bool = le32_to_cpu(buf[1]); 421 expr->bool = le32_to_cpu(buf[1]);
@@ -460,10 +457,9 @@ int cond_read_list(struct policydb *p, void *fp)
460 len = le32_to_cpu(buf[0]); 457 len = le32_to_cpu(buf[0]);
461 458
462 for (i = 0; i < len; i++) { 459 for (i = 0; i < len; i++) {
463 node = kmalloc(sizeof(struct cond_node), GFP_KERNEL); 460 node = kzalloc(sizeof(struct cond_node), GFP_KERNEL);
464 if (!node) 461 if (!node)
465 goto err; 462 goto err;
466 memset(node, 0, sizeof(struct cond_node));
467 463
468 if (cond_read_node(p, node, fp) != 0) 464 if (cond_read_node(p, node, fp) != 0)
469 goto err; 465 goto err;
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index d515154128cc..47024a6e1844 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -39,12 +39,11 @@ int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src)
39 n = src->node; 39 n = src->node;
40 prev = NULL; 40 prev = NULL;
41 while (n) { 41 while (n) {
42 new = kmalloc(sizeof(*new), GFP_ATOMIC); 42 new = kzalloc(sizeof(*new), GFP_ATOMIC);
43 if (!new) { 43 if (!new) {
44 ebitmap_destroy(dst); 44 ebitmap_destroy(dst);
45 return -ENOMEM; 45 return -ENOMEM;
46 } 46 }
47 memset(new, 0, sizeof(*new));
48 new->startbit = n->startbit; 47 new->startbit = n->startbit;
49 new->map = n->map; 48 new->map = n->map;
50 new->next = NULL; 49 new->next = NULL;
@@ -150,10 +149,9 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value)
150 if (!value) 149 if (!value)
151 return 0; 150 return 0;
152 151
153 new = kmalloc(sizeof(*new), GFP_ATOMIC); 152 new = kzalloc(sizeof(*new), GFP_ATOMIC);
154 if (!new) 153 if (!new)
155 return -ENOMEM; 154 return -ENOMEM;
156 memset(new, 0, sizeof(*new));
157 155
158 new->startbit = bit & ~(MAPSIZE - 1); 156 new->startbit = bit & ~(MAPSIZE - 1);
159 new->map = (MAPBIT << (bit - new->startbit)); 157 new->map = (MAPBIT << (bit - new->startbit));
@@ -232,13 +230,12 @@ int ebitmap_read(struct ebitmap *e, void *fp)
232 printk(KERN_ERR "security: ebitmap: truncated map\n"); 230 printk(KERN_ERR "security: ebitmap: truncated map\n");
233 goto bad; 231 goto bad;
234 } 232 }
235 n = kmalloc(sizeof(*n), GFP_KERNEL); 233 n = kzalloc(sizeof(*n), GFP_KERNEL);
236 if (!n) { 234 if (!n) {
237 printk(KERN_ERR "security: ebitmap: out of memory\n"); 235 printk(KERN_ERR "security: ebitmap: out of memory\n");
238 rc = -ENOMEM; 236 rc = -ENOMEM;
239 goto bad; 237 goto bad;
240 } 238 }
241 memset(n, 0, sizeof(*n));
242 239
243 n->startbit = le32_to_cpu(buf[0]); 240 n->startbit = le32_to_cpu(buf[0]);
244 241
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 26661fcc00ce..24e5ec957630 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -15,11 +15,10 @@ struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, void *key),
15 struct hashtab *p; 15 struct hashtab *p;
16 u32 i; 16 u32 i;
17 17
18 p = kmalloc(sizeof(*p), GFP_KERNEL); 18 p = kzalloc(sizeof(*p), GFP_KERNEL);
19 if (p == NULL) 19 if (p == NULL)
20 return p; 20 return p;
21 21
22 memset(p, 0, sizeof(*p));
23 p->size = size; 22 p->size = size;
24 p->nel = 0; 23 p->nel = 0;
25 p->hash_value = hash_value; 24 p->hash_value = hash_value;
@@ -55,10 +54,9 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum)
55 if (cur && (h->keycmp(h, key, cur->key) == 0)) 54 if (cur && (h->keycmp(h, key, cur->key) == 0))
56 return -EEXIST; 55 return -EEXIST;
57 56
58 newnode = kmalloc(sizeof(*newnode), GFP_KERNEL); 57 newnode = kzalloc(sizeof(*newnode), GFP_KERNEL);
59 if (newnode == NULL) 58 if (newnode == NULL)
60 return -ENOMEM; 59 return -ENOMEM;
61 memset(newnode, 0, sizeof(*newnode));
62 newnode->key = key; 60 newnode->key = key;
63 newnode->datum = datum; 61 newnode->datum = datum;
64 if (prev) { 62 if (prev) {
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 8e6262d12aa9..2f5f539875f2 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -121,12 +121,11 @@ static int roles_init(struct policydb *p)
121 int rc; 121 int rc;
122 struct role_datum *role; 122 struct role_datum *role;
123 123
124 role = kmalloc(sizeof(*role), GFP_KERNEL); 124 role = kzalloc(sizeof(*role), GFP_KERNEL);
125 if (!role) { 125 if (!role) {
126 rc = -ENOMEM; 126 rc = -ENOMEM;
127 goto out; 127 goto out;
128 } 128 }
129 memset(role, 0, sizeof(*role));
130 role->value = ++p->p_roles.nprim; 129 role->value = ++p->p_roles.nprim;
131 if (role->value != OBJECT_R_VAL) { 130 if (role->value != OBJECT_R_VAL) {
132 rc = -EINVAL; 131 rc = -EINVAL;
@@ -851,12 +850,11 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
851 __le32 buf[2]; 850 __le32 buf[2];
852 u32 len; 851 u32 len;
853 852
854 perdatum = kmalloc(sizeof(*perdatum), GFP_KERNEL); 853 perdatum = kzalloc(sizeof(*perdatum), GFP_KERNEL);
855 if (!perdatum) { 854 if (!perdatum) {
856 rc = -ENOMEM; 855 rc = -ENOMEM;
857 goto out; 856 goto out;
858 } 857 }
859 memset(perdatum, 0, sizeof(*perdatum));
860 858
861 rc = next_entry(buf, fp, sizeof buf); 859 rc = next_entry(buf, fp, sizeof buf);
862 if (rc < 0) 860 if (rc < 0)
@@ -893,12 +891,11 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp)
893 u32 len, nel; 891 u32 len, nel;
894 int i, rc; 892 int i, rc;
895 893
896 comdatum = kmalloc(sizeof(*comdatum), GFP_KERNEL); 894 comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL);
897 if (!comdatum) { 895 if (!comdatum) {
898 rc = -ENOMEM; 896 rc = -ENOMEM;
899 goto out; 897 goto out;
900 } 898 }
901 memset(comdatum, 0, sizeof(*comdatum));
902 899
903 rc = next_entry(buf, fp, sizeof buf); 900 rc = next_entry(buf, fp, sizeof buf);
904 if (rc < 0) 901 if (rc < 0)
@@ -950,10 +947,9 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons,
950 947
951 lc = NULL; 948 lc = NULL;
952 for (i = 0; i < ncons; i++) { 949 for (i = 0; i < ncons; i++) {
953 c = kmalloc(sizeof(*c), GFP_KERNEL); 950 c = kzalloc(sizeof(*c), GFP_KERNEL);
954 if (!c) 951 if (!c)
955 return -ENOMEM; 952 return -ENOMEM;
956 memset(c, 0, sizeof(*c));
957 953
958 if (lc) { 954 if (lc) {
959 lc->next = c; 955 lc->next = c;
@@ -969,10 +965,9 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons,
969 le = NULL; 965 le = NULL;
970 depth = -1; 966 depth = -1;
971 for (j = 0; j < nexpr; j++) { 967 for (j = 0; j < nexpr; j++) {
972 e = kmalloc(sizeof(*e), GFP_KERNEL); 968 e = kzalloc(sizeof(*e), GFP_KERNEL);
973 if (!e) 969 if (!e)
974 return -ENOMEM; 970 return -ENOMEM;
975 memset(e, 0, sizeof(*e));
976 971
977 if (le) { 972 if (le) {
978 le->next = e; 973 le->next = e;
@@ -1033,12 +1028,11 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
1033 u32 len, len2, ncons, nel; 1028 u32 len, len2, ncons, nel;
1034 int i, rc; 1029 int i, rc;
1035 1030
1036 cladatum = kmalloc(sizeof(*cladatum), GFP_KERNEL); 1031 cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL);
1037 if (!cladatum) { 1032 if (!cladatum) {
1038 rc = -ENOMEM; 1033 rc = -ENOMEM;
1039 goto out; 1034 goto out;
1040 } 1035 }
1041 memset(cladatum, 0, sizeof(*cladatum));
1042 1036
1043 rc = next_entry(buf, fp, sizeof(u32)*6); 1037 rc = next_entry(buf, fp, sizeof(u32)*6);
1044 if (rc < 0) 1038 if (rc < 0)
@@ -1127,12 +1121,11 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
1127 __le32 buf[2]; 1121 __le32 buf[2];
1128 u32 len; 1122 u32 len;
1129 1123
1130 role = kmalloc(sizeof(*role), GFP_KERNEL); 1124 role = kzalloc(sizeof(*role), GFP_KERNEL);
1131 if (!role) { 1125 if (!role) {
1132 rc = -ENOMEM; 1126 rc = -ENOMEM;
1133 goto out; 1127 goto out;
1134 } 1128 }
1135 memset(role, 0, sizeof(*role));
1136 1129
1137 rc = next_entry(buf, fp, sizeof buf); 1130 rc = next_entry(buf, fp, sizeof buf);
1138 if (rc < 0) 1131 if (rc < 0)
@@ -1188,12 +1181,11 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp)
1188 __le32 buf[3]; 1181 __le32 buf[3];
1189 u32 len; 1182 u32 len;
1190 1183
1191 typdatum = kmalloc(sizeof(*typdatum),GFP_KERNEL); 1184 typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL);
1192 if (!typdatum) { 1185 if (!typdatum) {
1193 rc = -ENOMEM; 1186 rc = -ENOMEM;
1194 return rc; 1187 return rc;
1195 } 1188 }
1196 memset(typdatum, 0, sizeof(*typdatum));
1197 1189
1198 rc = next_entry(buf, fp, sizeof buf); 1190 rc = next_entry(buf, fp, sizeof buf);
1199 if (rc < 0) 1191 if (rc < 0)
@@ -1261,12 +1253,11 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp)
1261 __le32 buf[2]; 1253 __le32 buf[2];
1262 u32 len; 1254 u32 len;
1263 1255
1264 usrdatum = kmalloc(sizeof(*usrdatum), GFP_KERNEL); 1256 usrdatum = kzalloc(sizeof(*usrdatum), GFP_KERNEL);
1265 if (!usrdatum) { 1257 if (!usrdatum) {
1266 rc = -ENOMEM; 1258 rc = -ENOMEM;
1267 goto out; 1259 goto out;
1268 } 1260 }
1269 memset(usrdatum, 0, sizeof(*usrdatum));
1270 1261
1271 rc = next_entry(buf, fp, sizeof buf); 1262 rc = next_entry(buf, fp, sizeof buf);
1272 if (rc < 0) 1263 if (rc < 0)
@@ -1316,12 +1307,11 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
1316 __le32 buf[2]; 1307 __le32 buf[2];
1317 u32 len; 1308 u32 len;
1318 1309
1319 levdatum = kmalloc(sizeof(*levdatum), GFP_ATOMIC); 1310 levdatum = kzalloc(sizeof(*levdatum), GFP_ATOMIC);
1320 if (!levdatum) { 1311 if (!levdatum) {
1321 rc = -ENOMEM; 1312 rc = -ENOMEM;
1322 goto out; 1313 goto out;
1323 } 1314 }
1324 memset(levdatum, 0, sizeof(*levdatum));
1325 1315
1326 rc = next_entry(buf, fp, sizeof buf); 1316 rc = next_entry(buf, fp, sizeof buf);
1327 if (rc < 0) 1317 if (rc < 0)
@@ -1368,12 +1358,11 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
1368 __le32 buf[3]; 1358 __le32 buf[3];
1369 u32 len; 1359 u32 len;
1370 1360
1371 catdatum = kmalloc(sizeof(*catdatum), GFP_ATOMIC); 1361 catdatum = kzalloc(sizeof(*catdatum), GFP_ATOMIC);
1372 if (!catdatum) { 1362 if (!catdatum) {
1373 rc = -ENOMEM; 1363 rc = -ENOMEM;
1374 goto out; 1364 goto out;
1375 } 1365 }
1376 memset(catdatum, 0, sizeof(*catdatum));
1377 1366
1378 rc = next_entry(buf, fp, sizeof buf); 1367 rc = next_entry(buf, fp, sizeof buf);
1379 if (rc < 0) 1368 if (rc < 0)
@@ -1567,12 +1556,11 @@ int policydb_read(struct policydb *p, void *fp)
1567 nel = le32_to_cpu(buf[0]); 1556 nel = le32_to_cpu(buf[0]);
1568 ltr = NULL; 1557 ltr = NULL;
1569 for (i = 0; i < nel; i++) { 1558 for (i = 0; i < nel; i++) {
1570 tr = kmalloc(sizeof(*tr), GFP_KERNEL); 1559 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
1571 if (!tr) { 1560 if (!tr) {
1572 rc = -ENOMEM; 1561 rc = -ENOMEM;
1573 goto bad; 1562 goto bad;
1574 } 1563 }
1575 memset(tr, 0, sizeof(*tr));
1576 if (ltr) { 1564 if (ltr) {
1577 ltr->next = tr; 1565 ltr->next = tr;
1578 } else { 1566 } else {
@@ -1593,12 +1581,11 @@ int policydb_read(struct policydb *p, void *fp)
1593 nel = le32_to_cpu(buf[0]); 1581 nel = le32_to_cpu(buf[0]);
1594 lra = NULL; 1582 lra = NULL;
1595 for (i = 0; i < nel; i++) { 1583 for (i = 0; i < nel; i++) {
1596 ra = kmalloc(sizeof(*ra), GFP_KERNEL); 1584 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
1597 if (!ra) { 1585 if (!ra) {
1598 rc = -ENOMEM; 1586 rc = -ENOMEM;
1599 goto bad; 1587 goto bad;
1600 } 1588 }
1601 memset(ra, 0, sizeof(*ra));
1602 if (lra) { 1589 if (lra) {
1603 lra->next = ra; 1590 lra->next = ra;
1604 } else { 1591 } else {
@@ -1627,12 +1614,11 @@ int policydb_read(struct policydb *p, void *fp)
1627 nel = le32_to_cpu(buf[0]); 1614 nel = le32_to_cpu(buf[0]);
1628 l = NULL; 1615 l = NULL;
1629 for (j = 0; j < nel; j++) { 1616 for (j = 0; j < nel; j++) {
1630 c = kmalloc(sizeof(*c), GFP_KERNEL); 1617 c = kzalloc(sizeof(*c), GFP_KERNEL);
1631 if (!c) { 1618 if (!c) {
1632 rc = -ENOMEM; 1619 rc = -ENOMEM;
1633 goto bad; 1620 goto bad;
1634 } 1621 }
1635 memset(c, 0, sizeof(*c));
1636 if (l) { 1622 if (l) {
1637 l->next = c; 1623 l->next = c;
1638 } else { 1624 } else {
@@ -1743,12 +1729,11 @@ int policydb_read(struct policydb *p, void *fp)
1743 if (rc < 0) 1729 if (rc < 0)
1744 goto bad; 1730 goto bad;
1745 len = le32_to_cpu(buf[0]); 1731 len = le32_to_cpu(buf[0]);
1746 newgenfs = kmalloc(sizeof(*newgenfs), GFP_KERNEL); 1732 newgenfs = kzalloc(sizeof(*newgenfs), GFP_KERNEL);
1747 if (!newgenfs) { 1733 if (!newgenfs) {
1748 rc = -ENOMEM; 1734 rc = -ENOMEM;
1749 goto bad; 1735 goto bad;
1750 } 1736 }
1751 memset(newgenfs, 0, sizeof(*newgenfs));
1752 1737
1753 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); 1738 newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
1754 if (!newgenfs->fstype) { 1739 if (!newgenfs->fstype) {
@@ -1790,12 +1775,11 @@ int policydb_read(struct policydb *p, void *fp)
1790 goto bad; 1775 goto bad;
1791 len = le32_to_cpu(buf[0]); 1776 len = le32_to_cpu(buf[0]);
1792 1777
1793 newc = kmalloc(sizeof(*newc), GFP_KERNEL); 1778 newc = kzalloc(sizeof(*newc), GFP_KERNEL);
1794 if (!newc) { 1779 if (!newc) {
1795 rc = -ENOMEM; 1780 rc = -ENOMEM;
1796 goto bad; 1781 goto bad;
1797 } 1782 }
1798 memset(newc, 0, sizeof(*newc));
1799 1783
1800 newc->u.name = kmalloc(len + 1,GFP_KERNEL); 1784 newc->u.name = kmalloc(len + 1,GFP_KERNEL);
1801 if (!newc->u.name) { 1785 if (!newc->u.name) {
@@ -1843,12 +1827,11 @@ int policydb_read(struct policydb *p, void *fp)
1843 nel = le32_to_cpu(buf[0]); 1827 nel = le32_to_cpu(buf[0]);
1844 lrt = NULL; 1828 lrt = NULL;
1845 for (i = 0; i < nel; i++) { 1829 for (i = 0; i < nel; i++) {
1846 rt = kmalloc(sizeof(*rt), GFP_KERNEL); 1830 rt = kzalloc(sizeof(*rt), GFP_KERNEL);
1847 if (!rt) { 1831 if (!rt) {
1848 rc = -ENOMEM; 1832 rc = -ENOMEM;
1849 goto bad; 1833 goto bad;
1850 } 1834 }
1851 memset(rt, 0, sizeof(*rt));
1852 if (lrt) 1835 if (lrt)
1853 lrt->next = rt; 1836 lrt->next = rt;
1854 else 1837 else
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index aecdded55e74..44eb4d74908d 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1531,12 +1531,11 @@ int security_get_user_sids(u32 fromsid,
1531 } 1531 }
1532 usercon.user = user->value; 1532 usercon.user = user->value;
1533 1533
1534 mysids = kmalloc(maxnel*sizeof(*mysids), GFP_ATOMIC); 1534 mysids = kcalloc(maxnel, sizeof(*mysids), GFP_ATOMIC);
1535 if (!mysids) { 1535 if (!mysids) {
1536 rc = -ENOMEM; 1536 rc = -ENOMEM;
1537 goto out_unlock; 1537 goto out_unlock;
1538 } 1538 }
1539 memset(mysids, 0, maxnel*sizeof(*mysids));
1540 1539
1541 ebitmap_for_each_bit(&user->roles, rnode, i) { 1540 ebitmap_for_each_bit(&user->roles, rnode, i) {
1542 if (!ebitmap_node_get_bit(rnode, i)) 1541 if (!ebitmap_node_get_bit(rnode, i))
@@ -1566,13 +1565,12 @@ int security_get_user_sids(u32 fromsid,
1566 mysids[mynel++] = sid; 1565 mysids[mynel++] = sid;
1567 } else { 1566 } else {
1568 maxnel += SIDS_NEL; 1567 maxnel += SIDS_NEL;
1569 mysids2 = kmalloc(maxnel*sizeof(*mysids2), GFP_ATOMIC); 1568 mysids2 = kcalloc(maxnel, sizeof(*mysids2), GFP_ATOMIC);
1570 if (!mysids2) { 1569 if (!mysids2) {
1571 rc = -ENOMEM; 1570 rc = -ENOMEM;
1572 kfree(mysids); 1571 kfree(mysids);
1573 goto out_unlock; 1572 goto out_unlock;
1574 } 1573 }
1575 memset(mysids2, 0, maxnel*sizeof(*mysids2));
1576 memcpy(mysids2, mysids, mynel * sizeof(*mysids2)); 1574 memcpy(mysids2, mysids, mynel * sizeof(*mysids2));
1577 kfree(mysids); 1575 kfree(mysids);
1578 mysids = mysids2; 1576 mysids = mysids2;
@@ -1714,12 +1712,11 @@ int security_get_bools(int *len, char ***names, int **values)
1714 goto out; 1712 goto out;
1715 } 1713 }
1716 1714
1717 *names = (char**)kmalloc(sizeof(char*) * *len, GFP_ATOMIC); 1715 *names = (char**)kcalloc(*len, sizeof(char*), GFP_ATOMIC);
1718 if (!*names) 1716 if (!*names)
1719 goto err; 1717 goto err;
1720 memset(*names, 0, sizeof(char*) * *len);
1721 1718
1722 *values = (int*)kmalloc(sizeof(int) * *len, GFP_ATOMIC); 1719 *values = (int*)kcalloc(*len, sizeof(int), GFP_ATOMIC);
1723 if (!*values) 1720 if (!*values)
1724 goto err; 1721 goto err;
1725 1722