diff options
author | James Morris <jmorris@namei.org> | 2009-08-20 09:18:42 +1000 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-08-20 09:18:42 +1000 |
commit | ece13879e74313e62109e0755dd3d4f172df89e2 (patch) | |
tree | 1fe96ab392c1ff203a6fb3f67ed0ed577056572e /security | |
parent | b08dc3eba0c34027010caeda258f495074ae3a54 (diff) | |
parent | 6c30c53fd5ae6a99a23ad78e90c428d2c8ffb07f (diff) | |
download | linux-rt-ece13879e74313e62109e0755dd3d4f172df89e2.tar.gz |
Merge branch 'master' into next
Conflicts:
security/Kconfig
Manual fix.
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/Kconfig | 4 | ||||
-rw-r--r-- | security/selinux/hooks.c | 3 |
2 files changed, 4 insertions, 3 deletions
diff --git a/security/Kconfig b/security/Kconfig index 9c60c346a91d..4c865345caa0 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -114,9 +114,9 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. config LSM_MMAP_MIN_ADDR - int "Low address space for LSM to from user allocation" + int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX - default 65535 + default 65536 help This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 254b7983657d..6d0b1ccb5b99 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1285,6 +1285,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, context, len); if (rc == -ERANGE) { + kfree(context); + /* Need a larger buffer. Query for the right size. */ rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, NULL, 0); @@ -1292,7 +1294,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent dput(dentry); goto out_unlock; } - kfree(context); len = rc; context = kmalloc(len+1, GFP_NOFS); if (!context) { |