Re: [PATCH v2] selinux: hooks: use kmalloc() to allocate path buffer
From: Mike Rapoport
Date: Tue Jun 30 2026 - 06:29:03 EST
Should have been:
Subject: [PATCH v4] selinux: hooks: use kmalloc() to allocate path buffer
On Tue, Jun 30, 2026 at 01:15:24PM +0300, Mike Rapoport (Microsoft) wrote:
> selinux_genfs_get_sid() allocates memory for a path with __get_free_page().
>
> Such usage does not require a "page" and the size of the buffer should
> actually be PATH_MAX which may be less than PAGE_SIZE on some
> architectures.
>
> Replace __get_free_page() for allocation of a path buffer with kmalloc()
> and make it explicit that the buffer size is PATH_MAX.
>
> Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> Signed-off-by: Mike Rapoport (Microsoft) <rppt@xxxxxxxxxx>
> ---
> This is a (tiny) part of larger work of replacing page allocator calls
> with kmalloc:
>
> Also in git:
> https://git.kernel.org/pub/scm/linux/kernel/git/rppt/linux.git gfp-to-kmalloc/security
> ---
> v4 changes:
> * rebase on v7.2-rc1
>
> v3: https://lore.kernel.org/all/20260531165852.1478916-1-rppt@xxxxxxxxxx
> * get the args in the right order
>
> v2: https://lore.kernel.org/all/20260531151502.1467515-1-rppt@xxxxxxxxxx
> * explicitly use kmalloc() with PATH_MAX
> ---
> security/selinux/hooks.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 1a713d96206f..d1f089917a82 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1336,11 +1336,11 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
> struct super_block *sb = dentry->d_sb;
> char *buffer, *path;
>
> - buffer = (char *)__get_free_page(GFP_KERNEL);
> + buffer = kmalloc(PATH_MAX, GFP_KERNEL);
> if (!buffer)
> return -ENOMEM;
>
> - path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
> + path = dentry_path_raw(dentry, buffer, PATH_MAX);
> if (IS_ERR(path))
> rc = PTR_ERR(path);
> else {
> @@ -1361,7 +1361,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
> rc = 0;
> }
> }
> - free_page((unsigned long)buffer);
> + kfree(buffer);
> return rc;
> }
>
>
> ---
> base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482
> change-id: 20260520-security-6cdd60da7129
>
> Best regards,
> --
> Sincerely yours,
> Mike.
>
--
Sincerely yours,
Mike.