mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-14 21:01:29 +00:00
gfp flags for security_inode_alloc()?
Dave Chinner wrote: > Yes, because you have no idea what the calling context is except > for the fact that is from somewhere inside filesystem code and the > filesystem could be holding locks. Therefore, GFP_NOFS is really the > only really safe way to allocate memory here. I see. Thank you. I'm not sure, but can call trace happen where somewhere inside network filesystem or stackable filesystem code with locks held invokes operations that involves GFP_KENREL memory allocation outside that filesystem? ---------- [PATCH] SMACK: Fix incorrect GFP_KERNEL usage. new_inode_smack() which can be called from smack_inode_alloc_security() needs to use GFP_NOFS like SELinux's inode_alloc_security() does, for security_inode_alloc() is called from inode_init_always() and inode_init_always() is called from xfs_inode_alloc() which is using GFP_NOFS. smack_inode_init_security() needs to use GFP_NOFS like selinux_inode_init_security() does, for initxattrs() callback function (e.g. btrfs_initxattrs()) which is called from security_inode_init_security() is using GFP_NOFS. smack_audit_rule_match() needs to use GFP_ATOMIC, for security_audit_rule_match() can be called from audit_filter_user_rules() and audit_filter_user_rules() is called from audit_filter_user() with RCU read lock held. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Casey Schaufler <cschaufler@cschaufler-intel.(none)>
This commit is contained in:
parent
2267b13a7c
commit
ceffec5541
@ -79,7 +79,7 @@ struct inode_smack *new_inode_smack(char *smack)
|
||||
{
|
||||
struct inode_smack *isp;
|
||||
|
||||
isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL);
|
||||
isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
|
||||
if (isp == NULL)
|
||||
return NULL;
|
||||
|
||||
@ -563,7 +563,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
int may;
|
||||
|
||||
if (name) {
|
||||
*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL);
|
||||
*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS);
|
||||
if (*name == NULL)
|
||||
return -ENOMEM;
|
||||
}
|
||||
@ -586,7 +586,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
|
||||
issp->smk_flags |= SMK_INODE_CHANGED;
|
||||
}
|
||||
|
||||
*value = kstrdup(isp, GFP_KERNEL);
|
||||
*value = kstrdup(isp, GFP_NOFS);
|
||||
if (*value == NULL)
|
||||
return -ENOMEM;
|
||||
}
|
||||
@ -3426,7 +3426,7 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
|
||||
char *rule = vrule;
|
||||
|
||||
if (!rule) {
|
||||
audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR,
|
||||
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
||||
"Smack: missing rule\n");
|
||||
return -ENOENT;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user