diff options
| author | Avi Kivity <avi@redhat.com> | 2012-08-05 13:25:10 +0300 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2012-08-05 13:25:10 +0300 |
| commit | fe56097b23b1303b894eefd91582e4a64247d03f (patch) | |
| tree | 4b3ab60eb19e8cfe2884e2da66dd4e4e25ae2274 /security | |
| parent | e115676e042f4d9268c6b6d8cb7dc962aa6cfd7d (diff) | |
| parent | e7882d6c40874a5b5033ca85f7508a602a60b662 (diff) | |
| download | op-kernel-dev-fe56097b23b1303b894eefd91582e4a64247d03f.zip op-kernel-dev-fe56097b23b1303b894eefd91582e4a64247d03f.tar.gz | |
Merge remote-tracking branch 'upstream' into next
- bring back critical fixes (esp. aa67f6096c19bc)
- provide an updated base for development
* upstream: (4334 commits)
missed mnt_drop_write() in do_dentry_open()
UBIFS: nuke pdflush from comments
gfs2: nuke pdflush from comments
drbd: nuke pdflush from comments
nilfs2: nuke write_super from comments
hfs: nuke write_super from comments
vfs: nuke pdflush from comments
jbd/jbd2: nuke write_super from comments
btrfs: nuke pdflush from comments
btrfs: nuke write_super from comments
ext4: nuke pdflush from comments
ext4: nuke write_super from comments
ext3: nuke write_super from comments
Documentation: fix the VM knobs descritpion WRT pdflush
Documentation: get rid of write_super
vfs: kill write_super and sync_supers
ACPI processor: Fix tick_broadcast_mask online/offline regression
ACPI: Only count valid srat memory structures
ACPI: Untangle a return statement for better readability
Linux 3.6-rc1
...
Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/avc.c | 2 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 18 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 8 |
3 files changed, 17 insertions, 11 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 68d82da..4d3fab4 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -274,7 +274,7 @@ static struct avc_node *avc_alloc_node(void) { struct avc_node *node; - node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC); + node = kmem_cache_zalloc(avc_node_cachep, GFP_ATOMIC|__GFP_NOMEMALLOC); if (!node) goto out; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 689fe2d..6c77f63 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2129,7 +2129,7 @@ static inline void flush_unauthorized_files(const struct cred *cred, int fd; j++; - i = j * __NFDBITS; + i = j * BITS_PER_LONG; fdt = files_fdtable(files); if (i >= fdt->max_fds) break; @@ -2791,11 +2791,16 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, /* We strip a nul only if it is at the end, otherwise the * context contains a nul and we should audit that */ - str = value; - if (str[size - 1] == '\0') - audit_size = size - 1; - else - audit_size = size; + if (value) { + str = value; + if (str[size - 1] == '\0') + audit_size = size - 1; + else + audit_size = size; + } else { + str = ""; + audit_size = 0; + } ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR); audit_log_format(ab, "op=setxattr invalid_context="); audit_log_n_untrustedstring(ab, value, audit_size); @@ -3180,6 +3185,7 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd, case F_GETFL: case F_GETOWN: case F_GETSIG: + case F_GETOWNER_UIDS: /* Just check FD__USE permission */ err = file_has_perm(cred, file, 0); break; diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index d31e6d9..b1b768e 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -323,11 +323,11 @@ static int smk_parse_long_rule(const char *data, struct smack_rule *rule, int datalen; int rc = -1; - /* - * This is probably inefficient, but safe. - */ + /* This is inefficient */ datalen = strlen(data); - subject = kzalloc(datalen, GFP_KERNEL); + + /* Our first element can be 64 + \0 with no spaces */ + subject = kzalloc(datalen + 1, GFP_KERNEL); if (subject == NULL) return -1; object = kzalloc(datalen, GFP_KERNEL); |
