Commit ceffec55 authored by Tetsuo Handa's avatar Tetsuo Handa Committed by Casey Schaufler

gfp flags for security_inode_alloc()?

Dave Chinner wrote:
> Yes, because you have no idea what the calling context is except
> for the fact that is from somewhere inside filesystem code and the
> filesystem could be holding locks. Therefore, GFP_NOFS is really the
> only really safe way to allocate memory here.

I see. Thank you.

I'm not sure, but can call trace happen where somewhere inside network
filesystem or stackable filesystem code with locks held invokes operations that
involves GFP_KENREL memory allocation outside that filesystem?
----------
[PATCH] SMACK: Fix incorrect GFP_KERNEL usage.

new_inode_smack() which can be called from smack_inode_alloc_security() needs
to use GFP_NOFS like SELinux's inode_alloc_security() does, for
security_inode_alloc() is called from inode_init_always() and
inode_init_always() is called from xfs_inode_alloc() which is using GFP_NOFS.

smack_inode_init_security() needs to use GFP_NOFS like
selinux_inode_init_security() does, for initxattrs() callback function (e.g.
btrfs_initxattrs()) which is called from security_inode_init_security() is
using GFP_NOFS.

smack_audit_rule_match() needs to use GFP_ATOMIC, for
security_audit_rule_match() can be called from audit_filter_user_rules() and
audit_filter_user_rules() is called from audit_filter_user() with RCU read lock
held.
Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: default avatarCasey Schaufler <cschaufler@cschaufler-intel.(none)>
parent 2267b13a
...@@ -79,7 +79,7 @@ struct inode_smack *new_inode_smack(char *smack) ...@@ -79,7 +79,7 @@ struct inode_smack *new_inode_smack(char *smack)
{ {
struct inode_smack *isp; struct inode_smack *isp;
isp = kzalloc(sizeof(struct inode_smack), GFP_KERNEL); isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
if (isp == NULL) if (isp == NULL)
return NULL; return NULL;
...@@ -563,7 +563,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, ...@@ -563,7 +563,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
int may; int may;
if (name) { if (name) {
*name = kstrdup(XATTR_SMACK_SUFFIX, GFP_KERNEL); *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS);
if (*name == NULL) if (*name == NULL)
return -ENOMEM; return -ENOMEM;
} }
...@@ -586,7 +586,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, ...@@ -586,7 +586,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
issp->smk_flags |= SMK_INODE_CHANGED; issp->smk_flags |= SMK_INODE_CHANGED;
} }
*value = kstrdup(isp, GFP_KERNEL); *value = kstrdup(isp, GFP_NOFS);
if (*value == NULL) if (*value == NULL)
return -ENOMEM; return -ENOMEM;
} }
...@@ -3426,7 +3426,7 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, ...@@ -3426,7 +3426,7 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
char *rule = vrule; char *rule = vrule;
if (!rule) { if (!rule) {
audit_log(actx, GFP_KERNEL, AUDIT_SELINUX_ERR, audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"Smack: missing rule\n"); "Smack: missing rule\n");
return -ENOENT; return -ENOENT;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment