diff options
author | Yannick GICQUEL <yannick.gicquel@iot.bzh> | 2015-10-19 15:57:07 +0200 |
---|---|---|
committer | Gerrit Code Review <gerrit@172.30.200.200> | 2015-11-06 15:23:36 +0000 |
commit | ede19ea0c47fb23f3fc779833d1e57cf76f3371e (patch) | |
tree | 47d6fae2283c54def1871aaf2a73828ac68b1b34 /meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0021-smack-call-WARN_ONCE-instead-of-calling-audit_log_st.patch | |
parent | 1cd8ab18abca96e4ee108f80225058d875b28347 (diff) |
kernel: smack security backport from kernel 4
Here is the backport of all patches relating to smack support
on kernel side. For more details, see file:
meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/README
Please note that patches are applied only if "smack" is in the
ditro features. Here are the 2 lines to add in the local.conf
OVERRIDES .= ":smack"
DISTRO_FEATURES_append = " smack"
Change-Id: I147a3532aec531f977d6ec34c576261835711f1e
Signed-off-by: Yannick GICQUEL <yannick.gicquel@iot.bzh>
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0021-smack-call-WARN_ONCE-instead-of-calling-audit_log_st.patch')
-rw-r--r-- | meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0021-smack-call-WARN_ONCE-instead-of-calling-audit_log_st.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0021-smack-call-WARN_ONCE-instead-of-calling-audit_log_st.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0021-smack-call-WARN_ONCE-instead-of-calling-audit_log_st.patch new file mode 100644 index 0000000..bf8dd26 --- /dev/null +++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0021-smack-call-WARN_ONCE-instead-of-calling-audit_log_st.patch @@ -0,0 +1,36 @@ +From ea81dc20148025d25305582164e614754880606c Mon Sep 17 00:00:00 2001 +From: Richard Guy Briggs <rgb@redhat.com> +Date: Thu, 21 Nov 2013 13:57:33 -0500 +Subject: [PATCH 21/54] smack: call WARN_ONCE() instead of calling + audit_log_start() + +Remove the call to audit_log() (which call audit_log_start()) and deal with +the errors in the caller, logging only once if the condition is met. Calling +audit_log_start() in this location makes buffer allocation and locking more +complicated in the calling tree (audit_filter_user()). + +Signed-off-by: Richard Guy Briggs <rgb@redhat.com> +Signed-off-by: Eric Paris <eparis@redhat.com> +--- + security/smack/smack_lsm.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index d814e35..14f52be 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -3616,9 +3616,8 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, + struct smack_known *skp; + char *rule = vrule; + +- if (!rule) { +- audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, +- "Smack: missing rule\n"); ++ if (unlikely(!rule)) { ++ WARN_ONCE(1, "Smack: missing rule\n"); + return -ENOENT; + } + +-- +2.1.4 + |