All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Mike Rapoport (Microsoft)" <rppt@kernel.org>
To: Paul Moore <paul@paul-moore.com>,
	 Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: David Laight <david.laight.linux@gmail.com>,
	 Mike Rapoport <rppt@kernel.org>,
	Ondrej Mosnacek <omosnace@redhat.com>,
	 linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	selinux@vger.kernel.org
Subject: [PATCH v2] selinux: hooks: use kmalloc() to allocate path buffer
Date: Tue, 30 Jun 2026 13:15:24 +0300	[thread overview]
Message-ID: <20260630-security-v2-1-560d33c13ee6@kernel.org> (raw)

selinux_genfs_get_sid() allocates memory for a path with __get_free_page().

Such usage does not require a "page" and the size of the buffer should
actually be PATH_MAX which may be less than PAGE_SIZE on some
architectures.

Replace __get_free_page() for allocation of a path buffer with kmalloc()
and make it explicit that the buffer size is PATH_MAX.

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
---
This is a (tiny) part of larger work of replacing page allocator calls
with kmalloc:

Also in git:
https://git.kernel.org/pub/scm/linux/kernel/git/rppt/linux.git gfp-to-kmalloc/security
---
v4 changes:
* rebase on v7.2-rc1

v3: https://lore.kernel.org/all/20260531165852.1478916-1-rppt@kernel.org
* get the args in the right order

v2: https://lore.kernel.org/all/20260531151502.1467515-1-rppt@kernel.org
* explicitly use kmalloc() with PATH_MAX
---
 security/selinux/hooks.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1a713d96206f..d1f089917a82 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1336,11 +1336,11 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
 	struct super_block *sb = dentry->d_sb;
 	char *buffer, *path;
 
-	buffer = (char *)__get_free_page(GFP_KERNEL);
+	buffer = kmalloc(PATH_MAX, GFP_KERNEL);
 	if (!buffer)
 		return -ENOMEM;
 
-	path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
+	path = dentry_path_raw(dentry, buffer, PATH_MAX);
 	if (IS_ERR(path))
 		rc = PTR_ERR(path);
 	else {
@@ -1361,7 +1361,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
 			rc = 0;
 		}
 	}
-	free_page((unsigned long)buffer);
+	kfree(buffer);
 	return rc;
 }
 

---
base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482
change-id: 20260520-security-6cdd60da7129

Best regards,
--  
Sincerely yours,
Mike.


             reply	other threads:[~2026-06-30 10:15 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-30 10:15 Mike Rapoport (Microsoft) [this message]
2026-06-30 10:23 ` [PATCH v2] selinux: hooks: use kmalloc() to allocate path buffer Mike Rapoport
2026-07-01  1:01   ` Paul Moore
2026-07-01  6:28     ` Mike Rapoport
2026-06-30 10:28 ` sashiko-bot
  -- strict thread matches above, loose matches on Subject: below --
2026-05-31 15:15 Mike Rapoport
2026-05-31 16:18 ` David Laight
2026-05-31 16:55   ` Mike Rapoport

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260630-security-v2-1-560d33c13ee6@kernel.org \
    --to=rppt@kernel.org \
    --cc=david.laight.linux@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=omosnace@redhat.com \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.