summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2009-08-20 03:18:42 +0400
committerJames Morris <jmorris@namei.org>2009-08-20 03:18:42 +0400
commitece13879e74313e62109e0755dd3d4f172df89e2 (patch)
tree1fe96ab392c1ff203a6fb3f67ed0ed577056572e /security
parentb08dc3eba0c34027010caeda258f495074ae3a54 (diff)
parent6c30c53fd5ae6a99a23ad78e90c428d2c8ffb07f (diff)
downloadlinux-ece13879e74313e62109e0755dd3d4f172df89e2.tar.xz
Merge branch 'master' into next
Conflicts: security/Kconfig Manual fix. Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/Kconfig4
-rw-r--r--security/selinux/hooks.c3
2 files changed, 4 insertions, 3 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 9c60c346a91d..4c865345caa0 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -114,9 +114,9 @@ config SECURITY_ROOTPLUG
If you are unsure how to answer this question, answer N.
config LSM_MMAP_MIN_ADDR
- int "Low address space for LSM to from user allocation"
+ int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
- default 65535
+ default 65536
help
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 254b7983657d..6d0b1ccb5b99 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1285,6 +1285,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
context, len);
if (rc == -ERANGE) {
+ kfree(context);
+
/* Need a larger buffer. Query for the right size. */
rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
NULL, 0);
@@ -1292,7 +1294,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
dput(dentry);
goto out_unlock;
}
- kfree(context);
len = rc;
context = kmalloc(len+1, GFP_NOFS);
if (!context) {