aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/Kconfig4
-rw-r--r--security/selinux/hooks.c3
2 files changed, 4 insertions, 3 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 9c60c346a91d..4c865345caa0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -114,9 +114,9 @@ config SECURITY_ROOTPLUG
114 If you are unsure how to answer this question, answer N. 114 If you are unsure how to answer this question, answer N.
115 115
116config LSM_MMAP_MIN_ADDR 116config LSM_MMAP_MIN_ADDR
117 int "Low address space for LSM to from user allocation" 117 int "Low address space for LSM to protect from user allocation"
118 depends on SECURITY && SECURITY_SELINUX 118 depends on SECURITY && SECURITY_SELINUX
119 default 65535 119 default 65536
120 help 120 help
121 This is the portion of low virtual memory which should be protected 121 This is the portion of low virtual memory which should be protected
122 from userspace allocation. Keeping a user from writing to low pages 122 from userspace allocation. Keeping a user from writing to low pages
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 254b7983657d..6d0b1ccb5b99 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1285,6 +1285,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1285 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, 1285 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1286 context, len); 1286 context, len);
1287 if (rc == -ERANGE) { 1287 if (rc == -ERANGE) {
1288 kfree(context);
1289
1288 /* Need a larger buffer. Query for the right size. */ 1290 /* Need a larger buffer. Query for the right size. */
1289 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, 1291 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
1290 NULL, 0); 1292 NULL, 0);
@@ -1292,7 +1294,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
1292 dput(dentry); 1294 dput(dentry);
1293 goto out_unlock; 1295 goto out_unlock;
1294 } 1296 }
1295 kfree(context);
1296 len = rc; 1297 len = rc;
1297 context = kmalloc(len+1, GFP_NOFS); 1298 context = kmalloc(len+1, GFP_NOFS);
1298 if (!context) { 1299 if (!context) {