Merge tag 'trace-fixes-v3.14-rc7-v2' of git://git.kernel.org/pub/scm/linux/kernel...

[firefly-linux-kernel-4.4.55.git] / security / selinux / ss / services.c

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f1e46d776544fc4694a78ad436f5d9b06ece5589..4bca49414a40e5a40c4369415f5c5b0aecba6347 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1289,16 +1289,18 @@ out:
  * @scontext: security context
  * @scontext_len: length in bytes
  * @sid: security identifier, SID
+ * @gfp: context for the allocation
  *
  * Obtains a SID associated with the security context that
  * has the string representation specified by @scontext.
  * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
  * memory is available, or 0 on success.
  */
-int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
+int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid,
+                           gfp_t gfp)
 {
        return security_context_to_sid_core(scontext, scontext_len,
-                                           sid, SECSID_NULL, GFP_KERNEL, 0);
+                                           sid, SECSID_NULL, gfp, 0);
 }
 
 /**
@@ -2952,25 +2954,21 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
        struct selinux_audit_rule *rule = vrule;
        int match = 0;
 
-       if (!rule) {
-               audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                         "selinux_audit_rule_match: missing rule\n");
+       if (unlikely(!rule)) {
+               WARN_ONCE(1, "selinux_audit_rule_match: missing rule\n");
                return -ENOENT;
        }
 
        read_lock(&policy_rwlock);
 
        if (rule->au_seqno < latest_granting) {
-               audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                         "selinux_audit_rule_match: stale rule\n");
                match = -ESTALE;
                goto out;
        }
 
        ctxt = sidtab_search(&sidtab, sid);
-       if (!ctxt) {
-               audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                         "selinux_audit_rule_match: unrecognized SID %d\n",
+       if (unlikely(!ctxt)) {
+               WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
                          sid);
                match = -ENOENT;
                goto out;