diff options
author | James Morris <james.morris@microsoft.com> | 2019-04-15 17:31:32 -0700 |
---|---|---|
committer | James Morris <james.morris@microsoft.com> | 2019-04-15 17:31:32 -0700 |
commit | f075b344c6ca7730c910e7d2ba667e9dad652435 (patch) | |
tree | f5ddfd51da110e8c2ec298b85a0f59a02acd22ea /security/smack/smack_lsm.c | |
parent | fe9fd2ef383c2f5883fcd3f7adce0de9ce2556ff (diff) | |
parent | f7450bc6e76860564f3842a41892f9b74313cc23 (diff) | |
download | linux-stable-f075b344c6ca7730c910e7d2ba667e9dad652435.tar.gz linux-stable-f075b344c6ca7730c910e7d2ba667e9dad652435.tar.bz2 linux-stable-f075b344c6ca7730c910e7d2ba667e9dad652435.zip |
Merge branch 'smack-for-5.2' of https://github.com/cschaufler/next-smack into next-smack
From Casey: "There's one bug fix for
IPv6 handling and two memory use improvements."
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r-- | security/smack/smack_lsm.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 5c1613519d5a..b9abcdb36a73 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -59,6 +59,7 @@ DEFINE_MUTEX(smack_ipv6_lock); static LIST_HEAD(smk_ipv6_port_list); #endif static struct kmem_cache *smack_inode_cache; +struct kmem_cache *smack_rule_cache; int smack_enabled; #define A(s) {"smack"#s, sizeof("smack"#s) - 1, Opt_##s} @@ -354,7 +355,7 @@ static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead, int rc = 0; list_for_each_entry_rcu(orp, ohead, list) { - nrp = kzalloc(sizeof(struct smack_rule), gfp); + nrp = kmem_cache_zalloc(smack_rule_cache, gfp); if (nrp == NULL) { rc = -ENOMEM; break; @@ -1931,7 +1932,7 @@ static void smack_cred_free(struct cred *cred) list_for_each_safe(l, n, &tsp->smk_rules) { rp = list_entry(l, struct smack_rule, list); list_del(&rp->list); - kfree(rp); + kmem_cache_free(smack_rule_cache, rp); } } @@ -3906,6 +3907,8 @@ access_check: #ifdef SMACK_IPV6_SECMARK_LABELING if (skb && skb->secmark != 0) skp = smack_from_secid(skb->secmark); + else if (smk_ipv6_localhost(&sadd)) + break; else skp = smack_ipv6host_label(&sadd); if (skp == NULL) @@ -4758,6 +4761,12 @@ static __init int smack_init(void) if (!smack_inode_cache) return -ENOMEM; + smack_rule_cache = KMEM_CACHE(smack_rule, 0); + if (!smack_rule_cache) { + kmem_cache_destroy(smack_inode_cache); + return -ENOMEM; + } + /* * Set the security state for the initial task. */ |