Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'selinux-pr-20211217' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fix from Paul Moore:
"Another small SELinux fix for v5.16 to ensure that we don't block on
memory allocations while holding a spinlock.

This passes all our tests without problem"

* tag 'selinux-pr-20211217' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: fix sleeping function called from invalid context

+19 -14
+19 -14
security/selinux/hooks.c
··· 611 611 return 0; 612 612 } 613 613 614 - static int parse_sid(struct super_block *sb, const char *s, u32 *sid) 614 + static int parse_sid(struct super_block *sb, const char *s, u32 *sid, 615 + gfp_t gfp) 615 616 { 616 617 int rc = security_context_str_to_sid(&selinux_state, s, 617 - sid, GFP_KERNEL); 618 + sid, gfp); 618 619 if (rc) 619 620 pr_warn("SELinux: security_context_str_to_sid" 620 621 "(%s) failed for (dev %s, type %s) errno=%d\n", ··· 686 685 */ 687 686 if (opts) { 688 687 if (opts->fscontext) { 689 - rc = parse_sid(sb, opts->fscontext, &fscontext_sid); 688 + rc = parse_sid(sb, opts->fscontext, &fscontext_sid, 689 + GFP_KERNEL); 690 690 if (rc) 691 691 goto out; 692 692 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, ··· 696 694 sbsec->flags |= FSCONTEXT_MNT; 697 695 } 698 696 if (opts->context) { 699 - rc = parse_sid(sb, opts->context, &context_sid); 697 + rc = parse_sid(sb, opts->context, &context_sid, 698 + GFP_KERNEL); 700 699 if (rc) 701 700 goto out; 702 701 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, ··· 706 703 sbsec->flags |= CONTEXT_MNT; 707 704 } 708 705 if (opts->rootcontext) { 709 - rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid); 706 + rc = parse_sid(sb, opts->rootcontext, &rootcontext_sid, 707 + GFP_KERNEL); 710 708 if (rc) 711 709 goto out; 712 710 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, ··· 716 712 sbsec->flags |= ROOTCONTEXT_MNT; 717 713 } 718 714 if (opts->defcontext) { 719 - rc = parse_sid(sb, opts->defcontext, &defcontext_sid); 715 + rc = parse_sid(sb, opts->defcontext, &defcontext_sid, 716 + GFP_KERNEL); 720 717 if (rc) 721 718 goto out; 722 719 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, ··· 2707 2702 return (sbsec->flags & SE_MNTMASK) ? 1 : 0; 2708 2703 2709 2704 if (opts->fscontext) { 2710 - rc = parse_sid(sb, opts->fscontext, &sid); 2705 + rc = parse_sid(sb, opts->fscontext, &sid, GFP_NOWAIT); 2711 2706 if (rc) 2712 2707 return 1; 2713 2708 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) 2714 2709 return 1; 2715 2710 } 2716 2711 if (opts->context) { 2717 - rc = parse_sid(sb, opts->context, &sid); 2712 + rc = parse_sid(sb, opts->context, &sid, GFP_NOWAIT); 2718 2713 if (rc) 2719 2714 return 1; 2720 2715 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) ··· 2724 2719 struct inode_security_struct *root_isec; 2725 2720 2726 2721 root_isec = backing_inode_security(sb->s_root); 2727 - rc = parse_sid(sb, opts->rootcontext, &sid); 2722 + rc = parse_sid(sb, opts->rootcontext, &sid, GFP_NOWAIT); 2728 2723 if (rc) 2729 2724 return 1; 2730 2725 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) 2731 2726 return 1; 2732 2727 } 2733 2728 if (opts->defcontext) { 2734 - rc = parse_sid(sb, opts->defcontext, &sid); 2729 + rc = parse_sid(sb, opts->defcontext, &sid, GFP_NOWAIT); 2735 2730 if (rc) 2736 2731 return 1; 2737 2732 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) ··· 2754 2749 return 0; 2755 2750 2756 2751 if (opts->fscontext) { 2757 - rc = parse_sid(sb, opts->fscontext, &sid); 2752 + rc = parse_sid(sb, opts->fscontext, &sid, GFP_KERNEL); 2758 2753 if (rc) 2759 2754 return rc; 2760 2755 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) 2761 2756 goto out_bad_option; 2762 2757 } 2763 2758 if (opts->context) { 2764 - rc = parse_sid(sb, opts->context, &sid); 2759 + rc = parse_sid(sb, opts->context, &sid, GFP_KERNEL); 2765 2760 if (rc) 2766 2761 return rc; 2767 2762 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) ··· 2770 2765 if (opts->rootcontext) { 2771 2766 struct inode_security_struct *root_isec; 2772 2767 root_isec = backing_inode_security(sb->s_root); 2773 - rc = parse_sid(sb, opts->rootcontext, &sid); 2768 + rc = parse_sid(sb, opts->rootcontext, &sid, GFP_KERNEL); 2774 2769 if (rc) 2775 2770 return rc; 2776 2771 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) 2777 2772 goto out_bad_option; 2778 2773 } 2779 2774 if (opts->defcontext) { 2780 - rc = parse_sid(sb, opts->defcontext, &sid); 2775 + rc = parse_sid(sb, opts->defcontext, &sid, GFP_KERNEL); 2781 2776 if (rc) 2782 2777 return rc; 2783 2778 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))