Re: [PATCH v2] selinux: hooks: use kmalloc() to allocate path buffer
From: Paul Moore
Date: Tue Jun 30 2026 - 21:01:29 EST
On Tue, Jun 30, 2026 at 6:23 AM Mike Rapoport <rppt@xxxxxxxxxx> wrote:
>
> Should have been:
>
> Subject: [PATCH v4] selinux: hooks: use kmalloc() to allocate path buffer
No worries, I just merged the v3 patchset, it applied cleanly.
> On Tue, Jun 30, 2026 at 01:15:24PM +0300, Mike Rapoport (Microsoft) wrote:
> > selinux_genfs_get_sid() allocates memory for a path with __get_free_page().
> >
> > Such usage does not require a "page" and the size of the buffer should
> > actually be PATH_MAX which may be less than PAGE_SIZE on some
> > architectures.
> >
> > Replace __get_free_page() for allocation of a path buffer with kmalloc()
> > and make it explicit that the buffer size is PATH_MAX.
> >
> > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> > Signed-off-by: Mike Rapoport (Microsoft) <rppt@xxxxxxxxxx>
> > ---
> > This is a (tiny) part of larger work of replacing page allocator calls
> > with kmalloc:
> >
> > Also in git:
> > https://git.kernel.org/pub/scm/linux/kernel/git/rppt/linux.git gfp-to-kmalloc/security
> > ---
> > v4 changes:
> > * rebase on v7.2-rc1
> >
> > v3: https://lore.kernel.org/all/20260531165852.1478916-1-rppt@xxxxxxxxxx
> > * get the args in the right order
> >
> > v2: https://lore.kernel.org/all/20260531151502.1467515-1-rppt@xxxxxxxxxx
> > * explicitly use kmalloc() with PATH_MAX
> > ---
> > security/selinux/hooks.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index 1a713d96206f..d1f089917a82 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -1336,11 +1336,11 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
> > struct super_block *sb = dentry->d_sb;
> > char *buffer, *path;
> >
> > - buffer = (char *)__get_free_page(GFP_KERNEL);
> > + buffer = kmalloc(PATH_MAX, GFP_KERNEL);
> > if (!buffer)
> > return -ENOMEM;
> >
> > - path = dentry_path_raw(dentry, buffer, PAGE_SIZE);
> > + path = dentry_path_raw(dentry, buffer, PATH_MAX);
> > if (IS_ERR(path))
> > rc = PTR_ERR(path);
> > else {
> > @@ -1361,7 +1361,7 @@ static int selinux_genfs_get_sid(struct dentry *dentry,
> > rc = 0;
> > }
> > }
> > - free_page((unsigned long)buffer);
> > + kfree(buffer);
> > return rc;
> > }
> >
> >
> > ---
> > base-commit: dc59e4fea9d83f03bad6bddf3fa2e52491777482
> > change-id: 20260520-security-6cdd60da7129
> >
> > Best regards,
> > --
> > Sincerely yours,
> > Mike.
> >
>
> --
> Sincerely yours,
> Mike.
--
paul-moore.com