selinux: Avoid dynamic memory allocation for INITCONTEXTLEN buffers
The default INITCONTEXTLEN-sized buffers can fit on the stack. Do so to save a call to kmalloc() in a hot path. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
This commit is contained in:
parent
f18743c5ae
commit
7375d8ee7a
@ -1554,6 +1554,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||
u16 sclass;
|
||||
struct dentry *dentry;
|
||||
#define INITCONTEXTLEN 255
|
||||
char context_onstack[INITCONTEXTLEN + 1];
|
||||
char *context = NULL;
|
||||
unsigned len = 0;
|
||||
int rc = 0;
|
||||
@ -1624,17 +1625,10 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||
}
|
||||
|
||||
len = INITCONTEXTLEN;
|
||||
context = kmalloc(len+1, GFP_NOFS);
|
||||
if (!context) {
|
||||
rc = -ENOMEM;
|
||||
dput(dentry);
|
||||
goto out;
|
||||
}
|
||||
context = context_onstack;
|
||||
context[len] = '\0';
|
||||
rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
|
||||
if (rc == -ERANGE) {
|
||||
kfree(context);
|
||||
|
||||
/* Need a larger buffer. Query for the right size. */
|
||||
rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
|
||||
if (rc < 0) {
|
||||
@ -1657,6 +1651,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||
pr_warn("SELinux: %s: getxattr returned "
|
||||
"%d for dev=%s ino=%ld\n", __func__,
|
||||
-rc, inode->i_sb->s_id, inode->i_ino);
|
||||
if (context != context_onstack)
|
||||
kfree(context);
|
||||
goto out;
|
||||
}
|
||||
@ -1682,12 +1677,14 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||
"returned %d for dev=%s ino=%ld\n",
|
||||
__func__, context, -rc, dev, ino);
|
||||
}
|
||||
if (context != context_onstack)
|
||||
kfree(context);
|
||||
/* Leave with the unlabeled SID */
|
||||
rc = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (context != context_onstack)
|
||||
kfree(context);
|
||||
break;
|
||||
case SECURITY_FS_USE_TASK:
|
||||
|
Loading…
Reference in New Issue
Block a user