Merge tag 'selinux-pr-20221020' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fix from Paul Moore: "A small SELinux fix for a GFP_KERNEL allocation while a spinlock is held. The patch, while still fairly small, is a bit larger than one might expect from a simple s/GFP_KERNEL/GFP_ATOMIC/ conversion because we added support for the function to be called with different gfp flags depending on the context, preserving GFP_KERNEL for those cases that can safely sleep" * tag 'selinux-pr-20221020' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()

Merge tag 'selinux-pr-20221020' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fix from Paul Moore: "A small SELinux fix for a GFP_KERNEL allocation while a spinlock is held. The patch, while still fairly small, is a bit larger than one might expect from a simple s/GFP_KERNEL/GFP_ATOMIC/ conversion because we added support for the function to be called with different gfp flags depending on the context, preserving GFP_KERNEL for those cases that can safely sleep" * tag 'selinux-pr-20221020' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context()
0de0b768 · Linus Torvalds · 440b7895 · abe3c631 · 0de0b768 · 0de0b768
Commit 0de0b768 authored Oct 21, 2022 by Linus Torvalds
Showing with 6 additions and 5 deletions

security/selinux/ss/services.c security/selinux/ss/services.c +3 -2

security/selinux/ss/sidtab.c security/selinux/ss/sidtab.c +2 -2

security/selinux/ss/sidtab.h security/selinux/ss/sidtab.h +1 -1

No files found.
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2022,7 +2022,8 @@ static inline int convert_context_handle_invalid_context(
 * in `newc'.  Verify that the context is valid
 * under the new policy.
 */
-static int convert_context(struct context *oldc, struct context *newc, void *p)
+static int convert_context(struct context *oldc, struct context *newc, void *p,
+			   gfp_t gfp_flags)
 {
 	struct convert_context_args *args;
 	struct ocontext *oc;
@@ -2036,7 +2037,7 @@ static int convert_context(struct context *oldc, struct context *newc, void *p)
 	args = p;
 	if (oldc->str) {
-		s = kstrdup(oldc->str, GFP_KERNEL);
+		s = kstrdup(oldc->str, gfp_flags);
 		if (!s)
 			return -ENOMEM;

--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -325,7 +325,7 @@ int sidtab_context_to_sid(struct sidtab *s, struct context *context,
 		}
 		rc = convert->func(context, &dst_convert->context,
-				   convert->args);
+				   convert->args, GFP_ATOMIC);
 		if (rc) {
 			context_destroy(&dst->context);
 			goto out_unlock;
@@ -404,7 +404,7 @@ static int sidtab_convert_tree(union sidtab_entry_inner *edst,
 		while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
 			rc = convert->func(&esrc->ptr_leaf->entries[i].context,
 					   &edst->ptr_leaf->entries[i].context,
-					   convert->args);
+					   convert->args, GFP_KERNEL);
 			if (rc)
 				return rc;
 			(*pos)++;

--- a/security/selinux/ss/sidtab.h
+++ b/security/selinux/ss/sidtab.h
@@ -65,7 +65,7 @@ struct sidtab_isid_entry {
 };
 struct sidtab_convert_params {
-	int (*func)(struct context *oldc, struct context *newc, void *args);
+	int (*func)(struct context *oldc, struct context *newc, void *args, gfp_t gfp_flags);
 	void *args;
 	struct sidtab *target;
 };