From: "Mike Rapoport (Microsoft)" <rppt@kernel.org>
To: Paul Moore <paul@paul-moore.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: David Laight <david.laight.linux@gmail.com>,
Mike Rapoport <rppt@kernel.org>,
Ondrej Mosnacek <omosnace@redhat.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
selinux@vger.kernel.org
Subject: [PATCH v2] selinux: hooks: use kmalloc() to allocate path buffer
Date: Tue, 30 Jun 2026 13:15:24 +0300 [thread overview]
Message-ID: <20260630-security-v2-1-560d33c13ee6@kernel.org> (raw)
selinux_genfs_get_sid() allocates memory for a path with __get_free_page().
Such usage does not require a "page" and the size of the buffer should
actually be PATH_MAX which may be less than PAGE_SIZE on some
architectures.
Replace __get_free_page() for allocation of a path buffer with kmalloc()
and make it explicit that the buffer size is PATH_MAX.
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
---
This is a (tiny) part of larger work of replacing page allocator calls
with kmalloc:
Also in git:
https://git.kernel.org/pub/scm/linux/kernel/git/rppt/linux.git gfp-to-kmalloc/security
---
v4 changes:
* rebase on v7.2-rc1
v3: https://lore.kernel.org/all/20260531165852.1478916-1-rppt@kernel.org
* get the args in the right order
v2: https://lore.kernel.org/all/20260531151502.1467515-1-rppt@kernel.org
* explicitly use kmalloc() with PATH_MAX
---
security/selinux/hooks.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 1a713d96206f..d1f089917a82 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1336,11 +1336,11 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
struct super_block *sb = dentry->d_sb;
char *buffer, *path;
- buffer = (char *)__get_free_page(GFP_KERNEL);
+ buffer = kmalloc(PATH_MAX, GFP_KERNEL);
if (!buffer)
return -ENOMEM;
- path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
+ path = dentry_path_raw(dentry, buffer, PATH_MAX);
if (IS_ERR(path))
rc = PTR_ERR(path);
else {
@@ -1361,7 +1361,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
rc = 0;
}
}
- free_page((unsigned long)buffer);
+ kfree(buffer);
return rc;
}
---
base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482
change-id: 20260520-security-6cdd60da7129
Best regards,
--
Sincerely yours,
Mike.
next reply other threads:[~2026-06-30 10:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-30 10:15 Mike Rapoport (Microsoft) [this message]
2026-06-30 10:23 ` [PATCH v2] selinux: hooks: use kmalloc() to allocate path buffer Mike Rapoport
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260630-security-v2-1-560d33c13ee6@kernel.org \
--to=rppt@kernel.org \
--cc=david.laight.linux@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox