Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 2901b776178546c785ec0caeb3655256600fe436
commit2901b776178546c785ec0caeb3655256600fe436[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Wed Mar 11 14:32:24 2015 -0700
committerchrmhoffmann <chrmhoffmann@gmail.com>Sun Apr 05 10:22:15 2020 +0200
treefa41913a7b986164b64f8c4a5c1d867af98f5ab7
parentca7dbccbf5fc2e5fa9cfc06b2a5db3da515ed616 [diff]
UPSTREAM: mm: reorder can_do_mlock to fix audit denial

A userspace call to mmap(MAP_LOCKED) may result in the successful locking
of memory while also producing a confusing audit log denial.  can_do_mlock
checks capable and rlimit.  If either of these return positive
can_do_mlock returns true.  The capable check leads to an LSM hook used by
apparmour and selinux which produce the audit denial.  Reordering so
rlimit is checked first eliminates the denial on success, only recording a
denial when the lock is unsuccessful as a result of the denial.

(cherry picked from e48e8c45925185c02b23ae461671be29c91101d5)

Bug: 19590990
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Cc: Jeff Vander Stoep <jeffv@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Paul Cassella <cassella@cray.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
1 file changed
tree: fa41913a7b986164b64f8c4a5c1d867af98f5ab7
  1. android/
  2. arch/
  3. block/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .gitignore
  24. .mailmap
  25. AndroidKernel.mk
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS