summaryrefslogtreecommitdiffstats
path: root/mm/secretmem.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2022-08-02 23:51:47 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2022-08-02 23:51:47 +0200
commit79802ada87faeb28cfa2bd36e17591e7b8c6ba72 (patch)
treeb573ba522d599c670f79c461461f90c1fdf39581 /mm/secretmem.c
parentMerge tag 'hardening-v5.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/... (diff)
parentselinux: selinux_add_opt() callers free memory (diff)
downloadlinux-79802ada87faeb28cfa2bd36e17591e7b8c6ba72.tar.xz
linux-79802ada87faeb28cfa2bd36e17591e7b8c6ba72.zip
Merge tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux updates from Paul Moore: "A relatively small set of patches for SELinux this time, eight patches in total with really only one significant change. The highlights are: - Add support for proper labeling of memfd_secret anonymous inodes. This will allow LSMs that implement the anonymous inode hooks to apply security policy to memfd_secret() fds. - Various small improvements to memory management: fixed leaks, freed memory when needed, boundary checks. - Hardened the selinux_audit_data struct with __randomize_layout. - A minor documentation tweak to fix a formatting/style issue" * tag 'selinux-pr-20220801' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: selinux_add_opt() callers free memory selinux: Add boundary check in put_entry() selinux: fix memleak in security_read_state_kernel() docs: selinux: add '=' signs to kernel boot options mm: create security context for memfd_secret inodes selinux: fix typos in comments selinux: drop unnecessary NULL check selinux: add __randomize_layout to selinux_audit_data
Diffstat (limited to 'mm/secretmem.c')
-rw-r--r--mm/secretmem.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/mm/secretmem.c b/mm/secretmem.c
index f06279d6190a..71fb78f59d72 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -199,11 +199,20 @@ static struct file *secretmem_file_create(unsigned long flags)
{
struct file *file = ERR_PTR(-ENOMEM);
struct inode *inode;
+ const char *anon_name = "[secretmem]";
+ const struct qstr qname = QSTR_INIT(anon_name, strlen(anon_name));
+ int err;
inode = alloc_anon_inode(secretmem_mnt->mnt_sb);
if (IS_ERR(inode))
return ERR_CAST(inode);
+ err = security_inode_init_security_anon(inode, &qname, NULL);
+ if (err) {
+ file = ERR_PTR(err);
+ goto err_free_inode;
+ }
+
file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
O_RDWR, &secretmem_fops);
if (IS_ERR(file))