diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2008-04-04 08:46:05 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-04-08 08:30:14 +1000 |
| commit | 869ab5147e1eead890245cfd4f652ba282b6ac26 (patch) | |
| tree | 8334fe84734e14e247fb7b4ef78f9a43891249f0 /security/selinux/ss/services.c | |
| parent | ff09e2afe742f3ff52a0c9a660e8a3fe30cf587c (diff) | |
SELinux: more GFP_NOFS fixups to prevent selinux from re-entering the fs code
More cases where SELinux must not re-enter the fs code. Called from the
d_instantiate security hook.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f3741860121..3f2bad28ee7 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -680,7 +680,8 @@ out: } -static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) +static int security_context_to_sid_core(char *scontext, u32 scontext_len, + u32 *sid, u32 def_sid, gfp_t gfp_flags) { char *scontext2; struct context context; @@ -709,7 +710,7 @@ static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *s null suffix to the copy to avoid problems with the existing attr package, which doesn't view the null terminator as part of the attribute value. */ - scontext2 = kmalloc(scontext_len+1,GFP_KERNEL); + scontext2 = kmalloc(scontext_len+1, gfp_flags); if (!scontext2) { rc = -ENOMEM; goto out; @@ -809,7 +810,7 @@ out: int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) { return security_context_to_sid_core(scontext, scontext_len, - sid, SECSID_NULL); + sid, SECSID_NULL, GFP_KERNEL); } /** @@ -829,10 +830,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient * memory is available, or 0 on success. */ -int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) +int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, + u32 def_sid, gfp_t gfp_flags) { return security_context_to_sid_core(scontext, scontext_len, - sid, def_sid); + sid, def_sid, gfp_flags); } static int compute_sid_handle_invalid_context( |